From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Tejun Heo <tj@kernel.org>,
Andy Lutomirski <luto@amacapital.net>,
Oleg Nesterov <oleg@redhat.com>,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: [PATCH 3.15 58/66] ptrace,x86: force IRET path after a ptrace_stop()
Date: Fri, 4 Jul 2014 15:14:57 -0700 [thread overview]
Message-ID: <20140704221425.454658855@linuxfoundation.org> (raw)
In-Reply-To: <20140704221422.813435485@linuxfoundation.org>
3.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tejun Heo <tj@kernel.org>
commit b9cd18de4db3c9ffa7e17b0dc0ca99ed5aa4d43a upstream.
The 'sysret' fastpath does not correctly restore even all regular
registers, much less any segment registers or reflags values. That is
very much part of why it's faster than 'iret'.
Normally that isn't a problem, because the normal ptrace() interface
catches the process using the signal handler infrastructure, which
always returns with an iret.
However, some paths can get caught using ptrace_event() instead of the
signal path, and for those we need to make sure that we aren't going to
return to user space using 'sysret'. Otherwise the modifications that
may have been done to the register set by the tracer wouldn't
necessarily take effect.
Fix it by forcing IRET path by setting TIF_NOTIFY_RESUME from
arch_ptrace_stop_needed() which is invoked from ptrace_stop().
Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: Andy Lutomirski <luto@amacapital.net>
Acked-by: Oleg Nesterov <oleg@redhat.com>
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/include/asm/ptrace.h | 16 ++++++++++++++++
include/linux/ptrace.h | 3 +++
2 files changed, 19 insertions(+)
--- a/arch/x86/include/asm/ptrace.h
+++ b/arch/x86/include/asm/ptrace.h
@@ -231,6 +231,22 @@ static inline unsigned long regs_get_ker
#define ARCH_HAS_USER_SINGLE_STEP_INFO
+/*
+ * When hitting ptrace_stop(), we cannot return using SYSRET because
+ * that does not restore the full CPU state, only a minimal set. The
+ * ptracer can change arbitrary register values, which is usually okay
+ * because the usual ptrace stops run off the signal delivery path which
+ * forces IRET; however, ptrace_event() stops happen in arbitrary places
+ * in the kernel and don't force IRET path.
+ *
+ * So force IRET path after a ptrace stop.
+ */
+#define arch_ptrace_stop_needed(code, info) \
+({ \
+ set_thread_flag(TIF_NOTIFY_RESUME); \
+ false; \
+})
+
struct user_desc;
extern int do_get_thread_area(struct task_struct *p, int idx,
struct user_desc __user *info);
--- a/include/linux/ptrace.h
+++ b/include/linux/ptrace.h
@@ -334,6 +334,9 @@ static inline void user_single_step_sigi
* calling arch_ptrace_stop() when it would be superfluous. For example,
* if the thread has not been back to user mode since the last stop, the
* thread state might indicate that nothing needs to be done.
+ *
+ * This is guaranteed to be invoked once before a task stops for ptrace and
+ * may include arch-specific operations necessary prior to a ptrace stop.
*/
#define arch_ptrace_stop_needed(code, info) (0)
#endif
next prev parent reply other threads:[~2014-07-04 22:14 UTC|newest]
Thread overview: 69+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-07-04 22:13 [PATCH 3.15 00/66] 3.15.4-stable review Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 01/66] target: Fix left-over se_lun->lun_sep pointer OOPs Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 02/66] iscsi-target: Avoid rejecting incorrect ITT for Data-Out Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 03/66] iscsi-target: Explicily clear login response PDU in exception path Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 04/66] iscsi-target: fix iscsit_del_np deadlock on unload Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 05/66] Input: synaptics - fix resolution for manually provided min/max Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 06/66] Input: elantech - deal with clickpads reporting right button events Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 07/66] Input: elantech - dont set bit 1 of reg_10 when the no_hw_res quirk is set Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 08/66] PCI: Add new ID for Intel GPU "spurious interrupt" quirk Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 09/66] PCI: Fix incorrect vgaarb conditional in WARN_ON() Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 10/66] mtip32xx: Fix ERO and NoSnoop values in PCIe upstream on AMD systems Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 11/66] mtip32xx: Increase timeout for STANDBY IMMEDIATE command Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 12/66] mtip32xx: Remove dfs_parent after pci unregister Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 13/66] recordmcount/MIPS: Fix possible incorrect mcount_loc table entries in modules Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 14/66] Revert "MIPS: Save/restore MSA context around signals" Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 15/66] MIPS: MSC: Prevent out-of-bounds writes to MIPS SC ioremapd region Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 16/66] hpsa: add new Smart Array PCI IDs (May 2014) Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 17/66] UBIFS: fix an mmap and fsync race condition Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 18/66] UBIFS: Remove incorrect assertion in shrink_tnc() Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 19/66] RDMA/cxgb4: Fix memory leaks in c4iw_alloc() error paths Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 20/66] RDMA/cxgb4: Add missing padding at end of struct c4iw_create_cq_resp Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 21/66] RDMA/cxgb4: add missing padding at end of struct c4iw_alloc_ucontext_resp Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 22/66] watchdog: sp805: Set watchdog_device->timeout from ->set_timeout() Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 23/66] watchdog: ath79_wdt: avoid spurious restarts on AR934x Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 24/66] watchdog: kempld-wdt: Use the correct value when configuring the prescaler with the watchdog Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 25/66] kernel/watchdog.c: remove preemption restrictions when restarting lockup detector Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 26/66] IB/mlx5: add missing padding at end of struct mlx5_ib_create_cq Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 27/66] IB/mlx5: add missing padding at end of struct mlx5_ib_create_srq Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 28/66] IB/qib: Fix port in pkey change event Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 29/66] IB/ipath: Translate legacy diagpkt into newer extended diagpkt Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 30/66] IB/srp: Fix a sporadic crash triggered by cable pulling Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 31/66] IB/umad: Fix error handling Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 32/66] IB/umad: Fix use-after-free on close Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 33/66] SUNRPC: Fix a module reference leak in svc_handle_xprt Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 34/66] pNFS: Handle allocation errors correctly in filelayout_alloc_layout_hdr() Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 35/66] nfsd4: fix FREE_STATEID lockowner leak Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 36/66] nfsd: getattr for FATTR4_WORD0_FILES_AVAIL needs the statfs buffer Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 37/66] NFS: Dont declare inode uptodate unless all attributes were checked Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 38/66] NFS: Use raw_write_seqcount_begin/end int nfs4_reclaim_open_state Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 39/66] NFS: populate ->net in mount data when remounting Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 40/66] nfs: Fix cache_validity check in nfs_write_pageuptodate() Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 41/66] powerpc/pseries: Fix overwritten PE state Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 42/66] powernv: Fix permissions on sysparam sysfs entries Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 43/66] powerpc/mm: Check paca psize is up to date for huge mappings Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 44/66] powerpc/serial: Use saner flags when creating legacy ports Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 45/66] powerpc: 64bit sendfile is capped at 2GB Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 46/66] powerpc: fix typo CONFIG_PMAC Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 47/66] powerpc/perf: Ensure all EBB register state is cleared on fork() Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 48/66] powerpc: fix typo CONFIG_PPC_CPU Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 49/66] powerpc: Dont setup CPUs with bad status Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 50/66] powerpc: Add AT_HWCAP2 to indicate V.CRYPTO category support Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 51/66] powerpc: Dont skip ePAPR spin-table CPUs Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 52/66] xfs: xfs_readsb needs to check for magic numbers Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 53/66] reiserfs: call truncate_setsize under tailpack mutex Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 54/66] cpufreq: ppc-corenet-cpu-freq: do_div use quotient Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 55/66] cpufreq: unlock when failing cpufreq_update_policy() Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 56/66] MIPS: KVM: Remove redundant NULL checks before kfree() Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 57/66] MIPS: KVM: Fix memory leak on VCPU Greg Kroah-Hartman
2014-07-04 22:14 ` Greg Kroah-Hartman [this message]
2014-07-04 22:14 ` [PATCH 3.15 59/66] lz4: add overrun checks to lz4_uncompress_unknownoutputsize() Greg Kroah-Hartman
2014-07-04 22:14 ` [PATCH 3.15 60/66] Documentation/SubmittingPatches: describe the Fixes: tag Greg Kroah-Hartman
2014-07-04 22:15 ` [PATCH 3.15 61/66] tracing: Try again for saved cmdline if failed due to locking Greg Kroah-Hartman
2014-07-04 22:15 ` [PATCH 3.15 62/66] tracing: Fix syscall_*regfunc() vs copy_process() race Greg Kroah-Hartman
2014-07-04 22:15 ` [PATCH 3.15 63/66] ALSA: usb-audio: Fix races at disconnection and PCM closing Greg Kroah-Hartman
2014-07-04 22:15 ` [PATCH 3.15 64/66] ALSA: hda - hdmi: call overridden init on resume Greg Kroah-Hartman
2014-07-04 22:15 ` [PATCH 3.15 65/66] ALSA: hda - Adjust speaker HPF and add LED support for HP Spectre 13 Greg Kroah-Hartman
2014-07-04 22:15 ` [PATCH 3.15 66/66] ALSA: hda - restore BCLK M/N values when resuming HSW/BDW display controller Greg Kroah-Hartman
2014-07-05 5:48 ` [PATCH 3.15 00/66] 3.15.4-stable review Guenter Roeck
2014-07-05 6:52 ` Satoru Takeuchi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140704221425.454658855@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=oleg@redhat.com \
--cc=stable@vger.kernel.org \
--cc=tj@kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).