From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, James Hogan <james.hogan@imgtec.com>,
Markos Chandras <markos.chandras@imgtec.com>,
Leonid Yegoshin <leonid.yegoshin@imgtec.com>,
linux-mips@linux-mips.org, Ralf Baechle <ralf@linux-mips.org>
Subject: [PATCH 4.1 07/84] MIPS: show_stack: Fix stack trace with EVA
Date: Fri, 14 Aug 2015 10:41:35 -0700 [thread overview]
Message-ID: <20150814174210.436830888@linuxfoundation.org> (raw)
In-Reply-To: <20150814174210.214822912@linuxfoundation.org>
4.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: James Hogan <james.hogan@imgtec.com>
commit 1e77863a51698c4319587df34171bd823691a66a upstream.
The show_stack() function deals exclusively with kernel contexts, but if
it gets called in user context with EVA enabled, show_stacktrace() will
attempt to access the stack using EVA accesses, which will either read
other user mapped data, or more likely cause an exception which will be
handled by __get_user().
This is easily reproduced using SysRq t to show all task states, which
results in the following stack dump output:
Stack : (Bad stack address)
Fix by setting the current user access mode to kernel around the call to
show_stacktrace(). This causes __get_user() to use normal loads to read
the kernel stack.
Now we get the correct output, like this:
Stack : 00000000 80168960 00000000 004a0000 00000000 00000000 8060016c 1f3abd0c
1f172cd8 8056f09c 7ff1e450 8014fc3c 00000001 806dd0b0 0000001d 00000002
1f17c6a0 1f17c804 1f17c6a0 8066f6e0 00000000 0000000a 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 0110e800 1f3abd6c 1f17c6a0
...
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Markos Chandras <markos.chandras@imgtec.com>
Cc: Leonid Yegoshin <leonid.yegoshin@imgtec.com>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/10778/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/mips/kernel/traps.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/arch/mips/kernel/traps.c
+++ b/arch/mips/kernel/traps.c
@@ -192,6 +192,7 @@ static void show_stacktrace(struct task_
void show_stack(struct task_struct *task, unsigned long *sp)
{
struct pt_regs regs;
+ mm_segment_t old_fs = get_fs();
if (sp) {
regs.regs[29] = (unsigned long)sp;
regs.regs[31] = 0;
@@ -210,7 +211,13 @@ void show_stack(struct task_struct *task
prepare_frametrace(®s);
}
}
+ /*
+ * show_stack() deals exclusively with kernel mode, so be sure to access
+ * the stack in the kernel (not user) address space.
+ */
+ set_fs(KERNEL_DS);
show_stacktrace(task, ®s);
+ set_fs(old_fs);
}
static void show_code(unsigned int __user *pc)
next prev parent reply other threads:[~2015-08-14 17:45 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20150814174210.214822912@linuxfoundation.org>
2015-08-14 17:41 ` [PATCH 4.1 01/84] MIPS: unaligned: Fix build error on big endian R6 kernels Greg Kroah-Hartman
2015-08-14 17:41 ` [PATCH 4.1 02/84] MIPS: Replace add and sub instructions in relocate_kernel.S with addiu Greg Kroah-Hartman
2015-08-14 17:41 ` [PATCH 4.1 03/84] MIPS: Malta: Dont reinitialise RTC Greg Kroah-Hartman
2015-08-14 17:41 ` [PATCH 4.1 04/84] MIPS: Fix sched_getaffinity with MT FPAFF enabled Greg Kroah-Hartman
2015-08-14 17:41 ` [PATCH 4.1 05/84] MIPS: Export get_c0_perfcount_int() Greg Kroah-Hartman
2015-08-14 17:41 ` [PATCH 4.1 06/84] MIPS: do_mcheck: Fix kernel code dump with EVA Greg Kroah-Hartman
2015-08-14 17:41 ` Greg Kroah-Hartman [this message]
2015-08-14 17:41 ` [PATCH 4.1 08/84] Revert "MIPS: BCM63xx: Provide a plat_post_dma_flush hook" Greg Kroah-Hartman
2015-08-14 17:41 ` [PATCH 4.1 09/84] MIPS: Flush RPS on kernel entry with EVA Greg Kroah-Hartman
2015-08-14 17:41 ` [PATCH 4.1 10/84] MIPS: Make set_pte() SMP safe Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150814174210.436830888@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=james.hogan@imgtec.com \
--cc=leonid.yegoshin@imgtec.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mips@linux-mips.org \
--cc=markos.chandras@imgtec.com \
--cc=ralf@linux-mips.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox