From: Greg KH <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: torvalds@linux-foundation.org, akpm@linux-foundation.org,
alan@lxorguk.ukuu.org.uk,
Steffen Rumler <steffen.rumler.ext@nsn.com>,
Paul Mackerras <paulus@samba.org>
Subject: [ 03/20] powerpc: Fix kernel panic during kernel module load
Date: Thu, 14 Jun 2012 16:56:47 -0700 [thread overview]
Message-ID: <20120614235644.573550251@linuxfoundation.org> (raw)
In-Reply-To: <20120614235648.GA6552@kroah.com>
3.0-stable review patch. If anyone has any objections, please let me know.
------------------
From: Steffen Rumler <steffen.rumler.ext@nsn.com>
commit 3c75296562f43e6fbc6cddd3de948a7b3e4e9bcf upstream.
This fixes a problem which can causes kernel oopses while loading
a kernel module.
According to the PowerPC EABI specification, GPR r11 is assigned
the dedicated function to point to the previous stack frame.
In the powerpc-specific kernel module loader, do_plt_call()
(in arch/powerpc/kernel/module_32.c), GPR r11 is also used
to generate trampoline code.
This combination crashes the kernel, in the case where the compiler
chooses to use a helper function for saving GPRs on entry, and the
module loader has placed the .init.text section far away from the
.text section, meaning that it has to generate a trampoline for
functions in the .init.text section to call the GPR save helper.
Because the trampoline trashes r11, references to the stack frame
using r11 can cause an oops.
The fix just uses GPR r12 instead of GPR r11 for generating the
trampoline code. According to the statements from Freescale, this is
safe from an EABI perspective.
I've tested the fix for kernel 2.6.33 on MPC8541.
Signed-off-by: Steffen Rumler <steffen.rumler.ext@nsn.com>
[paulus@samba.org: reworded the description]
Signed-off-by: Paul Mackerras <paulus@samba.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/kernel/module_32.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
--- a/arch/powerpc/kernel/module_32.c
+++ b/arch/powerpc/kernel/module_32.c
@@ -187,8 +187,8 @@ int apply_relocate(Elf32_Shdr *sechdrs,
static inline int entry_matches(struct ppc_plt_entry *entry, Elf32_Addr val)
{
- if (entry->jump[0] == 0x3d600000 + ((val + 0x8000) >> 16)
- && entry->jump[1] == 0x396b0000 + (val & 0xffff))
+ if (entry->jump[0] == 0x3d800000 + ((val + 0x8000) >> 16)
+ && entry->jump[1] == 0x398c0000 + (val & 0xffff))
return 1;
return 0;
}
@@ -215,10 +215,9 @@ static uint32_t do_plt_call(void *locati
entry++;
}
- /* Stolen from Paul Mackerras as well... */
- entry->jump[0] = 0x3d600000+((val+0x8000)>>16); /* lis r11,sym@ha */
- entry->jump[1] = 0x396b0000 + (val&0xffff); /* addi r11,r11,sym@l*/
- entry->jump[2] = 0x7d6903a6; /* mtctr r11 */
+ entry->jump[0] = 0x3d800000+((val+0x8000)>>16); /* lis r12,sym@ha */
+ entry->jump[1] = 0x398c0000 + (val&0xffff); /* addi r12,r12,sym@l*/
+ entry->jump[2] = 0x7d8903a6; /* mtctr r12 */
entry->jump[3] = 0x4e800420; /* bctr */
DEBUGP("Initialized plt for 0x%x at %p\n", val, entry);
next prev parent reply other threads:[~2012-06-14 23:56 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-06-14 23:56 [ 00/20] 3.0.35-stable review Greg KH
2012-06-14 23:56 ` [ 01/20] char/agp: add another Ironlake host bridge Greg KH
2012-06-14 23:56 ` [ 02/20] btree: fix tree corruption in btree_get_prev() Greg KH
2012-06-14 23:56 ` Greg KH [this message]
2012-06-14 23:56 ` [ 04/20] crypto: aesni-intel - fix unaligned cbc decrypt for x86-32 Greg KH
2012-06-14 23:56 ` [ 05/20] mac80211: clean up remain-on-channel on interface stop Greg KH
2012-06-14 23:56 ` [ 06/20] cfg80211: fix interface combinations check Greg KH
2012-06-14 23:56 ` [ 07/20] net: sierra_net: device IDs for Aircard 320U++ Greg KH
2012-06-14 23:56 ` [ 08/20] can: c_can: fix "BUG! echo_skb is occupied!" during transmit Greg KH
2012-06-14 23:56 ` [ 09/20] can: c_can: fix an interrupt thrash issue with c_can driver Greg KH
2012-06-14 23:56 ` [ 10/20] can: c_can: fix race condition in c_can_open() Greg KH
2012-06-14 23:56 ` [ 11/20] hwmon: (fam15h_power) Increase output resolution Greg KH
2012-06-14 23:56 ` [ 12/20] acpi_video: fix leaking PCI references Greg KH
2012-06-14 23:56 ` [ 13/20] sched: Fix the relax_domain_level boot parameter Greg KH
2012-06-14 23:56 ` [ 14/20] iwlwifi: dont mess up the SCD when removing a key Greg KH
2012-06-14 23:56 ` [ 15/20] x86, MCE, AMD: Make APIC LVT thresholding interrupt optional Greg KH
2012-06-14 23:57 ` [ 16/20] fuse: fix stat call on 32 bit platforms Greg KH
2012-06-14 23:57 ` [ 17/20] e1000: save skb counts in TX to avoid cache misses Greg KH
2012-06-14 23:57 ` [ 18/20] mm/vmalloc.c: change void* into explict vm_struct* Greg KH
2012-06-14 23:57 ` [ 19/20] mm: fix faulty initialization in vmalloc_init() Greg KH
2012-06-14 23:57 ` [ 20/20] hugetlb: fix resv_map leak in error path Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120614235644.573550251@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=linux-kernel@vger.kernel.org \
--cc=paulus@samba.org \
--cc=stable@vger.kernel.org \
--cc=steffen.rumler.ext@nsn.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).