From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, Masahiro Yamada <masahiroy@kernel.org>,
Ard Biesheuvel <ardb@kernel.org>,
"Russell King (Oracle)" <rmk+kernel@armlinux.org.uk>,
John Stultz <jstultz@google.com>
Subject: [PATCH 4.19 28/33] ARM: 9324/1: fix get_user() broken with veneer
Date: Thu, 25 Jul 2024 16:36:51 +0200 [thread overview]
Message-ID: <20240725142729.571727472@linuxfoundation.org> (raw)
In-Reply-To: <20240725142728.511303502@linuxfoundation.org>
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Masahiro Yamada <masahiroy@kernel.org>
commit 24d3ba0a7b44c1617c27f5045eecc4f34752ab03 upstream.
The 32-bit ARM kernel stops working if the kernel grows to the point
where veneers for __get_user_* are created.
AAPCS32 [1] states, "Register r12 (IP) may be used by a linker as a
scratch register between a routine and any subroutine it calls. It
can also be used within a routine to hold intermediate values between
subroutine calls."
However, bl instructions buried within the inline asm are unpredictable
for compilers; hence, "ip" must be added to the clobber list.
This becomes critical when veneers for __get_user_* are created because
veneers use the ip register since commit 02e541db0540 ("ARM: 8323/1:
force linker to use PIC veneers").
[1]: https://github.com/ARM-software/abi-aa/blob/2023Q1/aapcs32/aapcs32.rst
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Cc: John Stultz <jstultz@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/include/asm/uaccess.h | 14 ++------------
1 file changed, 2 insertions(+), 12 deletions(-)
--- a/arch/arm/include/asm/uaccess.h
+++ b/arch/arm/include/asm/uaccess.h
@@ -145,16 +145,6 @@ extern int __get_user_64t_1(void *);
extern int __get_user_64t_2(void *);
extern int __get_user_64t_4(void *);
-#define __GUP_CLOBBER_1 "lr", "cc"
-#ifdef CONFIG_CPU_USE_DOMAINS
-#define __GUP_CLOBBER_2 "ip", "lr", "cc"
-#else
-#define __GUP_CLOBBER_2 "lr", "cc"
-#endif
-#define __GUP_CLOBBER_4 "lr", "cc"
-#define __GUP_CLOBBER_32t_8 "lr", "cc"
-#define __GUP_CLOBBER_8 "lr", "cc"
-
#define __get_user_x(__r2, __p, __e, __l, __s) \
__asm__ __volatile__ ( \
__asmeq("%0", "r0") __asmeq("%1", "r2") \
@@ -162,7 +152,7 @@ extern int __get_user_64t_4(void *);
"bl __get_user_" #__s \
: "=&r" (__e), "=r" (__r2) \
: "0" (__p), "r" (__l) \
- : __GUP_CLOBBER_##__s)
+ : "ip", "lr", "cc")
/* narrowing a double-word get into a single 32bit word register: */
#ifdef __ARMEB__
@@ -184,7 +174,7 @@ extern int __get_user_64t_4(void *);
"bl __get_user_64t_" #__s \
: "=&r" (__e), "=r" (__r2) \
: "0" (__p), "r" (__l) \
- : __GUP_CLOBBER_##__s)
+ : "ip", "lr", "cc")
#else
#define __get_user_x_64t __get_user_x
#endif
next prev parent reply other threads:[~2024-07-25 14:41 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-25 14:36 [PATCH 4.19 00/33] 4.19.319-rc1 review Greg Kroah-Hartman
2024-07-25 14:36 ` [PATCH 4.19 01/33] gcc-plugins: Rename last_stmt() for GCC 14+ Greg Kroah-Hartman
2024-07-25 14:36 ` [PATCH 4.19 02/33] scsi: qedf: Set qed_slowpath_params to zero before use Greg Kroah-Hartman
2024-07-25 14:36 ` [PATCH 4.19 03/33] ACPI: EC: Abort address space access upon error Greg Kroah-Hartman
2024-07-25 14:36 ` [PATCH 4.19 04/33] ACPI: EC: Avoid returning AE_OK on errors in address space handler Greg Kroah-Hartman
2024-07-25 14:36 ` [PATCH 4.19 05/33] wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata Greg Kroah-Hartman
2024-07-25 14:36 ` [PATCH 4.19 06/33] wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() Greg Kroah-Hartman
2024-07-25 14:36 ` [PATCH 4.19 07/33] Input: silead - Always support 10 fingers Greg Kroah-Hartman
2024-07-25 14:36 ` [PATCH 4.19 08/33] ila: block BH in ila_output() Greg Kroah-Hartman
2024-07-25 14:36 ` [PATCH 4.19 09/33] kconfig: gconf: give a proper initial state to the Save button Greg Kroah-Hartman
2024-07-25 14:36 ` [PATCH 4.19 10/33] kconfig: remove wrong expr_trans_bool() Greg Kroah-Hartman
2024-07-25 14:36 ` [PATCH 4.19 11/33] fs/file: fix the check in find_next_fd() Greg Kroah-Hartman
2024-07-25 14:36 ` [PATCH 4.19 12/33] mei: demote client disconnect warning on suspend to debug Greg Kroah-Hartman
2024-07-25 14:36 ` [PATCH 4.19 13/33] wifi: cfg80211: wext: add extra SIOCSIWSCAN data check Greg Kroah-Hartman
2024-07-25 14:36 ` [PATCH 4.19 14/33] Input: elantech - fix touchpad state on resume for Lenovo N24 Greg Kroah-Hartman
2024-07-25 14:36 ` [PATCH 4.19 15/33] bytcr_rt5640 : inverse jack detect for Archos 101 cesium Greg Kroah-Hartman
2024-07-25 14:36 ` [PATCH 4.19 16/33] can: kvaser_usb: fix return value for hif_usb_send_regout Greg Kroah-Hartman
2024-07-25 14:36 ` [PATCH 4.19 17/33] gpio: pca953x: fix pca953x_irq_bus_sync_unlock race Greg Kroah-Hartman
2024-07-25 14:36 ` [PATCH 4.19 18/33] s390/sclp: Fix sclp_init() cleanup on failure Greg Kroah-Hartman
2024-07-25 14:36 ` [PATCH 4.19 19/33] ALSA: dmaengine_pcm: terminate dmaengine before synchronize Greg Kroah-Hartman
2024-07-25 14:36 ` [PATCH 4.19 20/33] net: usb: qmi_wwan: add Telit FN912 compositions Greg Kroah-Hartman
2024-07-25 14:36 ` [PATCH 4.19 21/33] net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD() Greg Kroah-Hartman
2024-07-25 14:36 ` [PATCH 4.19 22/33] Bluetooth: hci_core: cancel all works upon hci_unregister_dev() Greg Kroah-Hartman
2024-07-25 14:36 ` [PATCH 4.19 23/33] fs: better handle deep ancestor chains in is_subdir() Greg Kroah-Hartman
2024-07-25 14:36 ` [PATCH 4.19 24/33] spi: imx: Dont expect DMA for i.MX{25,35,50,51,53} cspi devices Greg Kroah-Hartman
2024-07-25 14:36 ` [PATCH 4.19 25/33] selftests/vDSO: fix clang build errors and warnings Greg Kroah-Hartman
2024-07-25 14:36 ` [PATCH 4.19 26/33] hfsplus: fix uninit-value in copy_name Greg Kroah-Hartman
2024-07-25 14:36 ` [PATCH 4.19 27/33] filelock: Remove locks reliably when fcntl/close race is detected Greg Kroah-Hartman
2024-07-25 14:36 ` Greg Kroah-Hartman [this message]
2024-07-25 14:36 ` [PATCH 4.19 29/33] ACPI: processor_idle: Fix invalid comparison with insertion sort for latency Greg Kroah-Hartman
2024-07-25 14:36 ` [PATCH 4.19 30/33] net: relax socket state check at accept time Greg Kroah-Hartman
2024-07-25 14:36 ` [PATCH 4.19 31/33] ocfs2: add bounds checking to ocfs2_check_dir_entry() Greg Kroah-Hartman
2024-07-25 14:36 ` [PATCH 4.19 32/33] jfs: dont walk off the end of ealist Greg Kroah-Hartman
2024-07-25 14:36 ` [PATCH 4.19 33/33] filelock: Fix fcntl/close race recovery compat path Greg Kroah-Hartman
2024-07-25 17:10 ` [PATCH 4.19 00/33] 4.19.319-rc1 review Naresh Kamboju
2024-07-26 8:13 ` Pavel Machek
2024-07-26 5:25 ` Harshit Mogalapalli
2024-07-26 16:41 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240725142729.571727472@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=ardb@kernel.org \
--cc=jstultz@google.com \
--cc=masahiroy@kernel.org \
--cc=patches@lists.linux.dev \
--cc=rmk+kernel@armlinux.org.uk \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.