From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Josh Poimboeuf <jpoimboe@redhat.com>,
Andy Lutomirski <luto@amacapital.net>,
Andy Lutomirski <luto@kernel.org>, Borislav Petkov <bp@alien8.de>,
Brian Gerst <brgerst@gmail.com>,
Byungchul Park <byungchul.park@lge.com>,
Denys Vlasenko <dvlasenk@redhat.com>,
Frederic Weisbecker <fweisbec@gmail.com>,
"H. Peter Anvin" <hpa@zytor.com>,
Kees Cook <keescook@chromium.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Nilay Vaish <nilayvaish@gmail.com>,
Peter Zijlstra <peterz@infradead.org>,
Steven Rostedt <rostedt@goodmis.org>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@kernel.org>
Subject: [PATCH 4.8 28/37] x86/dumpstack: Fix x86_32 kernel_stack_pointer() previous stack access
Date: Fri, 14 Oct 2016 14:27:14 +0200 [thread overview]
Message-ID: <20161014122553.887509832@linuxfoundation.org> (raw)
In-Reply-To: <20161014122549.411962735@linuxfoundation.org>
4.8-stable review patch. If anyone has any objections, please let me know.
------------------
From: Josh Poimboeuf <jpoimboe@redhat.com>
commit 72b4f6a5e903b071f2a7c4eb1418cbe4eefdc344 upstream.
On x86_32, when an interrupt happens from kernel space, SS and SP aren't
pushed and the existing stack is used. So pt_regs is effectively two
words shorter, and the previous stack pointer is normally the memory
after the shortened pt_regs, aka '®s->sp'.
But in the rare case where the interrupt hits right after the stack
pointer has been changed to point to an empty stack, like for example
when call_on_stack() is used, the address immediately after the
shortened pt_regs is no longer on the stack. In that case, instead of
'®s->sp', the previous stack pointer should be retrieved from the
beginning of the current stack page.
kernel_stack_pointer() wants to do that, but it forgets to dereference
the pointer. So instead of returning a pointer to the previous stack,
it returns a pointer to the beginning of the current stack.
Note that it's probably outside of kernel_stack_pointer()'s scope to be
switching stacks at all. The x86_64 version of this function doesn't do
it, and it would be better for the caller to do it if necessary. But
that's a patch for another day. This just fixes the original intent.
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Byungchul Park <byungchul.park@lge.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: Frederic Weisbecker <fweisbec@gmail.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Nilay Vaish <nilayvaish@gmail.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Fixes: 0788aa6a23cb ("x86: Prepare removal of previous_esp from i386 thread_info structure")
Link: http://lkml.kernel.org/r/472453d6e9f6a2d4ab16aaed4935f43117111566.1471535549.git.jpoimboe@redhat.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/ptrace.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/arch/x86/kernel/ptrace.c
+++ b/arch/x86/kernel/ptrace.c
@@ -173,8 +173,8 @@ unsigned long kernel_stack_pointer(struc
return sp;
prev_esp = (u32 *)(context);
- if (prev_esp)
- return (unsigned long)prev_esp;
+ if (*prev_esp)
+ return (unsigned long)*prev_esp;
return (unsigned long)regs;
}
next prev parent reply other threads:[~2016-10-14 12:34 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CGME20161014122720uscas1p185a2db67245495161c918bca0cd90f23@uscas1p1.samsung.com>
2016-10-14 12:26 ` [PATCH 4.8 00/37] 4.8.2-stable review Greg Kroah-Hartman
2016-10-14 12:26 ` [PATCH 4.8 01/37] usb: storage: fix runtime pm issue in usb_stor_probe2 Greg Kroah-Hartman
2016-10-14 12:26 ` [PATCH 4.8 02/37] timekeeping: Fix __ktime_get_fast_ns() regression Greg Kroah-Hartman
2016-10-14 12:26 ` [PATCH 4.8 03/37] usb: dwc3: fix Clear Stall EP command failure Greg Kroah-Hartman
2016-10-14 12:26 ` [PATCH 4.8 04/37] phy: sun4i-usb: Use spinlock to guard phyctl register access Greg Kroah-Hartman
2016-10-14 12:26 ` [PATCH 4.8 05/37] ALSA: ali5451: Fix out-of-bound position reporting Greg Kroah-Hartman
2016-10-14 12:26 ` [PATCH 4.8 06/37] ALSA: usb-audio: Extend DragonFly dB scale quirk to cover other variants Greg Kroah-Hartman
2016-10-14 12:26 ` [PATCH 4.8 07/37] ALSA: usb-line6: use the same declaration as definition in header for MIDI manufacturer ID Greg Kroah-Hartman
2016-10-14 12:26 ` [PATCH 4.8 08/37] mfd: rtsx_usb: Avoid setting ucr->current_sg.status Greg Kroah-Hartman
2016-10-14 12:26 ` [PATCH 4.8 09/37] mfd: atmel-hlcdc: Do not sleep in atomic context Greg Kroah-Hartman
2016-10-14 12:26 ` [PATCH 4.8 10/37] mfd: 88pm80x: Double shifting bug in suspend/resume Greg Kroah-Hartman
2016-10-14 12:26 ` [PATCH 4.8 12/37] xen/x86: Update topology map for PV VCPUs Greg Kroah-Hartman
2016-10-14 12:26 ` [PATCH 4.8 13/37] KVM: PPC: Book3s PR: Allow access to unprivileged MMCR2 register Greg Kroah-Hartman
2016-10-14 12:27 ` [PATCH 4.8 14/37] KVM: MIPS: Drop other CPU ASIDs on guest MMU changes Greg Kroah-Hartman
2016-10-14 12:27 ` [PATCH 4.8 15/37] KVM: arm64: Require in-kernel irqchip for PMU support Greg Kroah-Hartman
2016-10-14 12:27 ` [PATCH 4.8 16/37] KVM: arm/arm64: vgic: Dont flush/sync without a working vgic Greg Kroah-Hartman
2016-10-14 12:27 ` [PATCH 4.8 17/37] KVM: PPC: BookE: Fix a sanity check Greg Kroah-Hartman
2016-10-14 12:27 ` [PATCH 4.8 18/37] arm64: fix dump_backtrace/unwind_frame with NULL tsk Greg Kroah-Hartman
2016-10-14 12:27 ` [PATCH 4.8 19/37] x86/boot: Fix kdump, cleanup aborted E820_PRAM max_pfn manipulation Greg Kroah-Hartman
2016-10-14 12:27 ` Greg Kroah-Hartman
2016-10-14 12:27 ` Greg Kroah-Hartman
2016-10-14 12:27 ` [PATCH 4.8 20/37] x86/irq: Prevent force migration of irqs which are not in the vector domain Greg Kroah-Hartman
2016-10-14 12:27 ` [PATCH 4.8 21/37] x86/pkeys: Make protection keys an "eager" feature Greg Kroah-Hartman
2016-10-14 12:27 ` [PATCH 4.8 22/37] x86/cpu: Rename Merrifield2 to Moorefield Greg Kroah-Hartman
2016-10-14 12:27 ` [PATCH 4.8 23/37] x86/platform/intel-mid: Add Intel Penwell to ID table Greg Kroah-Hartman
2016-10-14 12:27 ` [PATCH 4.8 24/37] x86/platform/intel-mid: Keep SRAM powered on at boot Greg Kroah-Hartman
2016-10-14 12:27 ` [PATCH 4.8 25/37] x86/apic: Get rid of apic_version[] array Greg Kroah-Hartman
2016-10-14 12:27 ` [PATCH 4.8 26/37] arch/x86: Handle non enumerated CPU after physical hotplug Greg Kroah-Hartman
2016-10-14 12:27 ` Greg Kroah-Hartman
2016-10-14 12:27 ` [PATCH 4.8 27/37] x86/mm/pkeys: Do not skip PKRU register if debug registers are not used Greg Kroah-Hartman
2016-10-14 12:27 ` Greg Kroah-Hartman [this message]
2016-10-14 12:27 ` [PATCH 4.8 29/37] ARM: fix delays Greg Kroah-Hartman
2016-10-14 12:27 ` [PATCH 4.8 30/37] ARM: dts: mvebu: armada-390: add missing compatibility string and bracket Greg Kroah-Hartman
2016-10-14 12:27 ` [PATCH 4.8 33/37] ARM: cpuidle: Fix error return code Greg Kroah-Hartman
2016-10-14 12:27 ` [PATCH 4.8 34/37] Bluetooth: Add a new 04ca:3011 QCA_ROME device Greg Kroah-Hartman
2016-10-14 12:27 ` [PATCH 4.8 35/37] ima: use file_dentry() Greg Kroah-Hartman
2016-10-14 12:27 ` [PATCH 4.8 36/37] tpm: fix a race condition in tpm2_unseal_trusted() Greg Kroah-Hartman
2016-10-14 12:27 ` [PATCH 4.8 37/37] tpm_crb: fix crb_req_canceled behavior Greg Kroah-Hartman
2016-10-14 18:53 ` [PATCH 4.8 00/37] 4.8.2-stable review Shuah Khan
2016-10-15 11:50 ` Greg Kroah-Hartman
2016-10-14 19:16 ` Guenter Roeck
2016-10-15 11:51 ` Greg Kroah-Hartman
[not found] ` <58013af0.6106c30a.958bb.adf8@mx.google.com>
2016-10-15 11:38 ` Greg Kroah-Hartman
2016-10-17 16:43 ` Kevin Hilman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161014122553.887509832@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=bp@alien8.de \
--cc=brgerst@gmail.com \
--cc=byungchul.park@lge.com \
--cc=dvlasenk@redhat.com \
--cc=fweisbec@gmail.com \
--cc=hpa@zytor.com \
--cc=jpoimboe@redhat.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=luto@kernel.org \
--cc=mingo@kernel.org \
--cc=nilayvaish@gmail.com \
--cc=peterz@infradead.org \
--cc=rostedt@goodmis.org \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.