From: Sachin Sant <sachinp@linux.vnet.ibm.com>
To: Nicholas Piggin <npiggin@gmail.com>
Cc: linuxppc-dev@lists.ozlabs.org
Subject: Re: [RFC PATCH] powerpc/signal: sanitise PT_NIP and sa_handler low bits
Date: Mon, 20 Dec 2021 12:41:22 +0530 [thread overview]
Message-ID: <C41B888E-57FE-494F-807E-3E13CD603D7F@linux.vnet.ibm.com> (raw)
In-Reply-To: <1639977910.h19vppmaz3.astroid@bobo.none>
>> [ 550.569802] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
>> [ 550.569802] GPR20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
>> [ 550.569802] GPR24: 0000000000000002 0000000000000001 0000000002002000 0000000002802000
>> [ 550.569802] GPR28: 0000000000000000 0000000000000800 c000000ae08bbe80 0000000000040080
>> [ 550.569899] NIP [c0000000000171dc] arch_local_irq_restore+0x22c/0x230
>> [ 550.569909] LR [c000000000033240] interrupt_exit_user_prepare_main+0x150/0x260
>> [ 550.569919] Call Trace:
>> [ 550.569925] [c000000ae08bbd80] [c000000000033240] interrupt_exit_user_prepare_main+0x150/0x260
>> [ 550.569937] [c000000ae08bbde0] [c000000000033744] syscall_exit_prepare+0x74/0x150
>> [ 550.569948] [c000000ae08bbe10] [c00000000000c758] system_call_common+0xf8/0x268
>
> Yeah this looks like a different issue. Is there a test running which
> flips the security mitigations rapidly? There is a race window with
Yes, powerpc/security/mitigation-patching.sh. This test enables/disables
various supported mitigations (parallel execution).
> the the static branch causing exit_must_hard_disable() returning two
> different values.
>
> We should update they key while single threaded AFAIKS.
Thanks. I tested with this fix. The test ran correctly without a crash.
> diff --git a/arch/powerpc/lib/feature-fixups.c b/arch/powerpc/lib/feature-fixups.c
> index 57c6bb802f6c..a7cb317e7039 100644
> --- a/arch/powerpc/lib/feature-fixups.c
> +++ b/arch/powerpc/lib/feature-fixups.c
> @@ -232,11 +232,22 @@ static DEFINE_MUTEX(exit_flush_lock);
>
> static int __do_stf_barrier_fixups(void *data)
> {
> - enum stf_barrier_type *types = data;
> + enum stf_barrier_type types = *(enum stf_barrier_type *)data;
>
> do_stf_entry_barrier_fixups(*types);
> do_stf_exit_barrier_fixups(*types);
>
*types should be changed to “types” to avoid build failure.
prev parent reply other threads:[~2021-12-20 7:12 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-30 7:29 [RFC PATCH] powerpc/signal: sanitise PT_NIP and sa_handler low bits Nicholas Piggin
2021-12-15 10:49 ` Sachin Sant
2021-12-20 5:28 ` Nicholas Piggin
2021-12-20 7:11 ` Sachin Sant [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=C41B888E-57FE-494F-807E-3E13CD603D7F@linux.vnet.ibm.com \
--to=sachinp@linux.vnet.ibm.com \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=npiggin@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).