From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Anton Blanchard <anton@samba.org>,
Michael Ellerman <mpe@ellerman.id.au>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 3.18 40/54] powerpc/vdso64: Use double word compare on pointers
Date: Tue, 11 Dec 2018 16:41:28 +0100 [thread overview]
Message-ID: <20181211151548.329260078@linuxfoundation.org> (raw)
In-Reply-To: <20181211151546.010073210@linuxfoundation.org>
3.18-stable review patch. If anyone has any objections, please let me know.
------------------
[ Upstream commit 5045ea37377ce8cca6890d32b127ad6770e6dce5 ]
__kernel_get_syscall_map() and __kernel_clock_getres() use cmpli to
check if the passed in pointer is non zero. cmpli maps to a 32 bit
compare on binutils, so we ignore the top 32 bits.
A simple test case can be created by passing in a bogus pointer with
the bottom 32 bits clear. Using a clk_id that is handled by the VDSO,
then one that is handled by the kernel shows the problem:
printf("%d\n", clock_getres(CLOCK_REALTIME, (void *)0x100000000));
printf("%d\n", clock_getres(CLOCK_BOOTTIME, (void *)0x100000000));
And we get:
0
-1
The bigger issue is if we pass a valid pointer with the bottom 32 bits
clear, in this case we will return success but won't write any data
to the pointer.
I stumbled across this issue because the LLVM integrated assembler
doesn't accept cmpli with 3 arguments. Fix this by converting them to
cmpldi.
Fixes: a7f290dad32e ("[PATCH] powerpc: Merge vdso's and add vdso support to 32 bits kernel")
Cc: stable@vger.kernel.org # v2.6.15+
Signed-off-by: Anton Blanchard <anton@samba.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/kernel/vdso64/datapage.S | 2 +-
arch/powerpc/kernel/vdso64/gettimeofday.S | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/powerpc/kernel/vdso64/datapage.S b/arch/powerpc/kernel/vdso64/datapage.S
index 79796de11737..3263ee23170d 100644
--- a/arch/powerpc/kernel/vdso64/datapage.S
+++ b/arch/powerpc/kernel/vdso64/datapage.S
@@ -57,7 +57,7 @@ V_FUNCTION_BEGIN(__kernel_get_syscall_map)
bl V_LOCAL_FUNC(__get_datapage)
mtlr r12
addi r3,r3,CFG_SYSCALL_MAP64
- cmpli cr0,r4,0
+ cmpldi cr0,r4,0
crclr cr0*4+so
beqlr
li r0,__NR_syscalls
diff --git a/arch/powerpc/kernel/vdso64/gettimeofday.S b/arch/powerpc/kernel/vdso64/gettimeofday.S
index a76b4af37ef2..382021324883 100644
--- a/arch/powerpc/kernel/vdso64/gettimeofday.S
+++ b/arch/powerpc/kernel/vdso64/gettimeofday.S
@@ -145,7 +145,7 @@ V_FUNCTION_BEGIN(__kernel_clock_getres)
bne cr0,99f
li r3,0
- cmpli cr0,r4,0
+ cmpldi cr0,r4,0
crclr cr0*4+so
beqlr
lis r5,CLOCK_REALTIME_RES@h
--
2.19.1
next prev parent reply other threads:[~2018-12-11 15:44 UTC|newest]
Thread overview: 61+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-11 15:40 [PATCH 3.18 00/54] 3.18.129-stable review Greg Kroah-Hartman
2018-12-11 15:40 ` [PATCH 3.18 01/54] Revert "wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout()" Greg Kroah-Hartman
2018-12-11 15:40 ` Greg Kroah-Hartman
2018-12-11 15:40 ` [PATCH 3.18 02/54] rapidio/rionet: do not free skb before reading its length Greg Kroah-Hartman
2018-12-11 15:40 ` [PATCH 3.18 03/54] s390/qeth: fix length check in SNMP processing Greg Kroah-Hartman
2018-12-11 15:40 ` [PATCH 3.18 04/54] usbnet: ipheth: fix potential recvmsg bug and recvmsg bug 2 Greg Kroah-Hartman
2018-12-11 15:40 ` [PATCH 3.18 05/54] ALSA: wss: Fix invalid snd_free_pages() at error path Greg Kroah-Hartman
2018-12-11 15:40 ` [PATCH 3.18 06/54] ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control write Greg Kroah-Hartman
2018-12-11 15:40 ` [PATCH 3.18 07/54] ALSA: sparc: Fix invalid snd_free_pages() at error path Greg Kroah-Hartman
2018-12-11 15:40 ` [PATCH 3.18 08/54] ext2: fix potential use after free Greg Kroah-Hartman
2018-12-11 15:40 ` [PATCH 3.18 09/54] dmaengine: at_hdmac: fix memory leak in at_dma_xlate() Greg Kroah-Hartman
2018-12-11 15:40 ` [PATCH 3.18 10/54] dmaengine: at_hdmac: fix module unloading Greg Kroah-Hartman
2018-12-11 15:40 ` [PATCH 3.18 11/54] USB: usb-storage: Add new IDs to ums-realtek Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 3.18 12/54] usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 3.18 13/54] Kbuild: suppress packed-not-aligned warning for default setting only Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 3.18 14/54] disable stringop truncation warnings for now Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 3.18 15/54] kobject: Replace strncpy with memcpy Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 3.18 16/54] unifdef: use memcpy instead of strncpy Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 3.18 17/54] kernfs: Replace strncpy with memcpy Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 3.18 18/54] ip_tunnel: Fix name string concatenate in __ip_tunnel_create() Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 3.18 19/54] drm: gma500: fix logic error Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 3.18 20/54] scsi: bfa: convert to strlcpy/strlcat Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 3.18 21/54] kdb: use memmove instead of overlapping memcpy Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 3.18 22/54] iser: set sector for ambiguous mr status errors Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 3.18 23/54] uprobes: Fix handle_swbp() vs. unregister() + register() race once more Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 3.18 24/54] mips: fix mips_get_syscall_arg o32 check Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 3.18 25/54] drm/ast: Fix incorrect free on ioregs Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 3.18 26/54] scsi: scsi_devinfo: cleanly zero-pad devinfo strings Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 3.18 27/54] ALSA: trident: Suppress gcc string warning Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 3.18 28/54] scsi: csiostor: Avoid content leaks and casts Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 3.18 29/54] kgdboc: Fix restrict error Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 3.18 30/54] kgdboc: Fix warning with module build Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 3.18 31/54] Input: xpad - quirk all PDP Xbox One gamepads Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 3.18 32/54] mm: cleancache: fix corruption on missed inode invalidation Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 3.18 33/54] usb: gadget: dummy: fix nonsensical comparisons Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 3.18 34/54] iommu/ipmmu-vmsa: Fix crash on early domain free Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 3.18 35/54] can: rcar_can: Fix erroneous registration Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 3.18 36/54] net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 3.18 37/54] net/mlx4: Fix UBSAN warning of signed integer overflow Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 3.18 38/54] net: faraday: ftmac100: remove netif_running(netdev) check before disabling interrupts Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 3.18 39/54] net: amd: add missing of_node_put() Greg Kroah-Hartman
2018-12-11 15:41 ` Greg Kroah-Hartman [this message]
2018-12-11 15:41 ` [PATCH 3.18 41/54] usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 3.18 42/54] usb: appledisplay: Add 27" Apple Cinema Display Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 3.18 43/54] USB: check usb_get_extra_descriptor for proper size Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 3.18 44/54] ALSA: hda: Add support for AMD Stoney Ridge Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 3.18 45/54] ALSA: pcm: Call snd_pcm_unlink() conditionally at closing Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 3.18 46/54] ALSA: pcm: Fix interval evaluation with openmin/max Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 3.18 47/54] SUNRPC: Fix leak of krb5p encode pages Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 3.18 48/54] dmaengine: cppi41: delete channel from pending list when stop channel Greg Kroah-Hartman
2018-12-12 16:38 ` Bin Liu
2018-12-12 17:27 ` Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 3.18 49/54] xhci: Prevent U1/U2 link pm states if exit latency is too long Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 3.18 50/54] USB: serial: option: add device ID for HP lt2523 (Novatel E371) Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 3.18 51/54] Staging: lustre: remove two build warnings Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 3.18 52/54] kgdboc: fix KASAN global-out-of-bounds bug in param_set_kgdboc_var() Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 3.18 53/54] mac80211: Clear beacon_int in ieee80211_do_stop Greg Kroah-Hartman
2018-12-11 15:41 ` [PATCH 3.18 54/54] mac80211: fix reordering of buffered broadcast packets Greg Kroah-Hartman
2018-12-11 20:53 ` [PATCH 3.18 00/54] 3.18.129-stable review kernelci.org bot
2018-12-11 23:55 ` shuah
2018-12-12 22:19 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181211151548.329260078@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=anton@samba.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mpe@ellerman.id.au \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.