From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=nT5k=B6=vger.kernel.org=stable-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-9.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH,
	DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,
	MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED
	autolearn=ham autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 18080C433E1
	for <stable@archiver.kernel.org>; Thu, 20 Aug 2020 08:32:15 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by mail.kernel.org (Postfix) with ESMTP id E93BE207FB
	for <stable@archiver.kernel.org>; Thu, 20 Aug 2020 08:32:14 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=default; t=1597912335;
	bh=B+d1gXDLTRjlX73rpRNHnqP4YAPUoWpUWa5/rjcLlK0=;
	h=Subject:To:Cc:From:Date:List-ID:From;
	b=reQyKhRDlcz82Q0wYC1dQ+eIFmKQL4a2XS5NpF1bkBwu0LXA0qDTVACUz08xAMNYF
	 UYOYtSgpLUL29pPqwmS3NPz1Z5+9Ptj5zTGOncFz/h+GkiojHEZha1o7x5Hcx6C3I1
	 18F5kiukI2Itm57LCSBoTawSmSGYsRMTtPG1fRu8=
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726765AbgHTIcN (ORCPT <rfc822;stable@archiver.kernel.org>);
        Thu, 20 Aug 2020 04:32:13 -0400
Received: from forward2-smtp.messagingengine.com ([66.111.4.226]:39577 "EHLO
        forward2-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1726700AbgHTIcH (ORCPT
        <rfc822;stable@vger.kernel.org>); Thu, 20 Aug 2020 04:32:07 -0400
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41])
        by mailforward.nyi.internal (Postfix) with ESMTP id 3D5F31940ECE;
        Thu, 20 Aug 2020 04:26:05 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163])
  by compute1.internal (MEProxy); Thu, 20 Aug 2020 04:26:05 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
        messagingengine.com; h=cc:content-transfer-encoding:content-type
        :date:from:message-id:mime-version:subject:to:x-me-proxy
        :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=XH8jh3
        GcX5/9+ENPlzQsEtbBJ0SnJsNKqbHkvivnkGo=; b=IaWgjGOEnz+O3JIZAc6v3z
        42vaIVKOpFzPUqpWkMBjDvfGM5th28rswMtG9S1KpMUGIS7Qi7ysUx9nV66SgtnU
        LDEw34Z3o8iikGw2RRuBCKcjtqNhdHYrjY4xtdM5VuBqw7TOR5HMW8k1CNkIbrHC
        ex5R8bWHe2Bd2hrO5bHDOj5oTWsH7VCWBLTappHuuCRN7Hwjt22tkLCMaXkxOedW
        GXS9YUb8/Frw7HnNrwic6047TwVPE65B3d7lMkBEv/wWmicGdW6jexMcYrJISBkv
        lQgZE1Nec1XMC4VnAc8MYAQfnxDgcUu5Bta09j9/rUsTMv8q7425QuCR/6VcrSdw
        ==
X-ME-Sender: <xms:nDM-X2bIcriF7PcZ_9vFCUc-NQdyBviXGeglhdG6NmMaQ43JBZ9o4A>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduiedruddutddgtddvucetufdoteggodetrfdotf
    fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
    uceurghilhhouhhtmecufedttdenucenucfjughrpefuvffhfffkgggtgfesthekredttd
    dtlfenucfhrhhomhepoehgrhgvghhkhheslhhinhhugihfohhunhgurghtihhonhdrohhr
    gheqnecuggftrfgrthhtvghrnhepieetveehuedvhfdtgfdvieeiheehfeelveevheejud
    etveeuveeludejjefgteehnecukfhppeekfedrkeeirdekledruddtjeenucevlhhushht
    vghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehgrhgvgheskhhrohgrhh
    drtghomh
X-ME-Proxy: <xmx:nDM-X5YT6SKF_0DMtqsWjjpZdhnqRFiqVc1OB57R0by-nLWpyRLldA>
    <xmx:nDM-Xw9zfl6hCdjg7y6x9hC0FyPNNxCSlGdEdYIdblyoMIxJXKXqTA>
    <xmx:nDM-X4rj7S9iPNjpoQtIwOHj_1-gQt8vg_tidt9TRzQFTwEF5QOl9Q>
    <xmx:nTM-XyAWRqJOwNK_SnFm6Wt2k6RMmi9dZxb3z8YhYtH9uDSFGtE8Qw>
Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107])
        by mail.messagingengine.com (Postfix) with ESMTPA id ACA2F30600B1;
        Thu, 20 Aug 2020 04:26:04 -0400 (EDT)
Subject: FAILED: patch "[PATCH] arm64: hw_breakpoint: Don't invoke overflow handler on" failed to apply to 4.9-stable tree
To:     will@kernel.org, catalin.marinas@arm.com, james.morse@arm.com,
        luis.machado@linaro.org
Cc:     <stable@vger.kernel.org>
From:   <gregkh@linuxfoundation.org>
Date:   Thu, 20 Aug 2020 10:26:26 +0200
Message-ID: <1597911986242214@kroah.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ANSI_X3.4-1968
Content-Transfer-Encoding: 8bit
Sender: stable-owner@vger.kernel.org
Precedence: bulk
List-ID: <stable.vger.kernel.org>
X-Mailing-List: stable@vger.kernel.org


The patch below does not apply to the 4.9-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable@vger.kernel.org>.

thanks,

greg k-h

------------------ original commit in Linus's tree ------------------

>From 24ebec25fb270100e252b19c288e21bd7d8cc7f7 Mon Sep 17 00:00:00 2001
From: Will Deacon <will@kernel.org>
Date: Fri, 29 May 2020 14:12:18 +0100
Subject: [PATCH] arm64: hw_breakpoint: Don't invoke overflow handler on
 uaccess watchpoints

Unprivileged memory accesses generated by the so-called "translated"
instructions (e.g. STTR) at EL1 can cause EL0 watchpoints to fire
unexpectedly if kernel debugging is enabled. In such cases, the
hw_breakpoint logic will invoke the user overflow handler which will
typically raise a SIGTRAP back to the current task. This is futile when
returning back to the kernel because (a) the signal won't have been
delivered and (b) userspace can't handle the thing anyway.

Avoid invoking the user overflow handler for watchpoints triggered by
kernel uaccess routines, and instead single-step over the faulting
instruction as we would if no overflow handler had been installed.

(Fixes tag identifies the introduction of unprivileged memory accesses,
 which exposed this latent bug in the hw_breakpoint code)

Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: James Morse <james.morse@arm.com>
Fixes: 57f4959bad0a ("arm64: kernel: Add support for User Access Override")
Reported-by: Luis Machado <luis.machado@linaro.org>
Signed-off-by: Will Deacon <will@kernel.org>

diff --git a/arch/arm64/kernel/hw_breakpoint.c b/arch/arm64/kernel/hw_breakpoint.c
index 0b727edf4104..af234a1e08b7 100644
--- a/arch/arm64/kernel/hw_breakpoint.c
+++ b/arch/arm64/kernel/hw_breakpoint.c
@@ -730,6 +730,27 @@ static u64 get_distance_from_watchpoint(unsigned long addr, u64 val,
 		return 0;
 }
 
+static int watchpoint_report(struct perf_event *wp, unsigned long addr,
+			     struct pt_regs *regs)
+{
+	int step = is_default_overflow_handler(wp);
+	struct arch_hw_breakpoint *info = counter_arch_bp(wp);
+
+	info->trigger = addr;
+
+	/*
+	 * If we triggered a user watchpoint from a uaccess routine, then
+	 * handle the stepping ourselves since userspace really can't help
+	 * us with this.
+	 */
+	if (!user_mode(regs) && info->ctrl.privilege == AARCH64_BREAKPOINT_EL0)
+		step = 1;
+	else
+		perf_bp_event(wp, regs);
+
+	return step;
+}
+
 static int watchpoint_handler(unsigned long addr, unsigned int esr,
 			      struct pt_regs *regs)
 {
@@ -739,7 +760,6 @@ static int watchpoint_handler(unsigned long addr, unsigned int esr,
 	u64 val;
 	struct perf_event *wp, **slots;
 	struct debug_info *debug_info;
-	struct arch_hw_breakpoint *info;
 	struct arch_hw_breakpoint_ctrl ctrl;
 
 	slots = this_cpu_ptr(wp_on_reg);
@@ -777,25 +797,13 @@ static int watchpoint_handler(unsigned long addr, unsigned int esr,
 		if (dist != 0)
 			continue;
 
-		info = counter_arch_bp(wp);
-		info->trigger = addr;
-		perf_bp_event(wp, regs);
-
-		/* Do we need to handle the stepping? */
-		if (is_default_overflow_handler(wp))
-			step = 1;
+		step = watchpoint_report(wp, addr, regs);
 	}
-	if (min_dist > 0 && min_dist != -1) {
-		/* No exact match found. */
-		wp = slots[closest_match];
-		info = counter_arch_bp(wp);
-		info->trigger = addr;
-		perf_bp_event(wp, regs);
 
-		/* Do we need to handle the stepping? */
-		if (is_default_overflow_handler(wp))
-			step = 1;
-	}
+	/* No exact match found? */
+	if (min_dist > 0 && min_dist != -1)
+		step = watchpoint_report(slots[closest_match], addr, regs);
+
 	rcu_read_unlock();
 
 	if (!step)