From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Finn Thain <fthain@telegraphics.com.au>,
Geert Uytterhoeven <geert@linux-m68k.org>
Subject: [PATCH 3.14 034/100] m68k: Disable/restore interrupts in hwreg_present()/hwreg_write()
Date: Tue, 28 Oct 2014 11:35:19 +0800 [thread overview]
Message-ID: <20141028033502.128815160@linuxfoundation.org> (raw)
In-Reply-To: <20141028033500.670583608@linuxfoundation.org>
3.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Geert Uytterhoeven <geert@linux-m68k.org>
commit e4dc601bf99ccd1c95b7e6eef1d3cf3c4b0d4961 upstream.
hwreg_present() and hwreg_write() temporarily change the VBR register to
another vector table. This table contains a valid bus error handler
only, all other entries point to arbitrary addresses.
If an interrupt comes in while the temporary table is active, the
processor will start executing at such an arbitrary address, and the
kernel will crash.
While most callers run early, before interrupts are enabled, or
explicitly disable interrupts, Finn Thain pointed out that macsonic has
one callsite that doesn't, causing intermittent boot crashes.
There's another unsafe callsite in hilkbd.
Fix this for good by disabling and restoring interrupts inside
hwreg_present() and hwreg_write().
Explicitly disabling interrupts can be removed from the callsites later.
Reported-by: Finn Thain <fthain@telegraphics.com.au>
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/m68k/mm/hwtest.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/arch/m68k/mm/hwtest.c
+++ b/arch/m68k/mm/hwtest.c
@@ -28,9 +28,11 @@
int hwreg_present( volatile void *regp )
{
int ret = 0;
+ unsigned long flags;
long save_sp, save_vbr;
long tmp_vectors[3];
+ local_irq_save(flags);
__asm__ __volatile__
( "movec %/vbr,%2\n\t"
"movel #Lberr1,%4@(8)\n\t"
@@ -46,6 +48,7 @@ int hwreg_present( volatile void *regp )
: "=&d" (ret), "=&r" (save_sp), "=&r" (save_vbr)
: "a" (regp), "a" (tmp_vectors)
);
+ local_irq_restore(flags);
return( ret );
}
@@ -58,9 +61,11 @@ EXPORT_SYMBOL(hwreg_present);
int hwreg_write( volatile void *regp, unsigned short val )
{
int ret;
+ unsigned long flags;
long save_sp, save_vbr;
long tmp_vectors[3];
+ local_irq_save(flags);
__asm__ __volatile__
( "movec %/vbr,%2\n\t"
"movel #Lberr2,%4@(8)\n\t"
@@ -78,6 +83,7 @@ int hwreg_write( volatile void *regp, un
: "=&d" (ret), "=&r" (save_sp), "=&r" (save_vbr)
: "a" (regp), "a" (tmp_vectors), "g" (val)
);
+ local_irq_restore(flags);
return( ret );
}
next prev parent reply other threads:[~2014-10-28 3:35 UTC|newest]
Thread overview: 101+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-10-28 3:34 [PATCH 3.14 000/100] 3.14.23-stable review Greg Kroah-Hartman
2014-10-28 3:34 ` [PATCH 3.14 001/100] btrfs: wake up transaction thread from SYNC_FS ioctl Greg Kroah-Hartman
2014-10-28 3:34 ` [PATCH 3.14 002/100] Btrfs: add missing compression property remove in btrfs_ioctl_setflags Greg Kroah-Hartman
2014-10-28 3:34 ` [PATCH 3.14 004/100] Btrfs: try not to ENOSPC on log replay Greg Kroah-Hartman
2014-10-28 3:34 ` [PATCH 3.14 005/100] Btrfs: cleanup error handling in build_backref_tree Greg Kroah-Hartman
2014-10-28 3:34 ` [PATCH 3.14 006/100] Btrfs: fix build_backref_tree issue with multiple shared blocks Greg Kroah-Hartman
2014-10-28 3:34 ` [PATCH 3.14 007/100] Btrfs: fix race in WAIT_SYNC ioctl Greg Kroah-Hartman
2014-10-28 3:34 ` [PATCH 3.14 008/100] fs: Add a missing permission check to do_umount Greg Kroah-Hartman
2014-10-28 3:34 ` [PATCH 3.14 009/100] usb: pch_udc: usb gadget device support for Intel Quark X1000 Greg Kroah-Hartman
2014-10-28 3:34 ` [PATCH 3.14 010/100] pci_ids: Add support for Intel Quark ILB Greg Kroah-Hartman
2014-10-28 3:34 ` [PATCH 3.14 011/100] Btrfs: send, fix data corruption due to incorrect hole detection Greg Kroah-Hartman
2014-10-28 3:34 ` [PATCH 3.14 012/100] kvm: x86: fix stale mmio cache bug Greg Kroah-Hartman
2014-10-28 3:34 ` [PATCH 3.14 013/100] kvm: fix potentially corrupt mmio cache Greg Kroah-Hartman
2014-10-28 3:34 ` [PATCH 3.14 014/100] KVM: s390: unintended fallthrough for external call Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 015/100] kvm: dont take vcpu mutex for obviously invalid vcpu ioctls Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 016/100] x86/intel/quark: Switch off CR4.PGE so TLB flush uses CR3 instead Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 017/100] spi: dw-mid: respect 8 bit mode Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 018/100] spi: dw-mid: check that DMA was inited before exit Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 019/100] regmap: debugfs: fix possbile NULL pointer dereference Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 020/100] regmap: fix NULL pointer dereference in _regmap_write/read Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 021/100] regmap: fix possible ZERO_SIZE_PTR pointer dereferencing error Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 022/100] be2iscsi: check ip buffer before copying Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 023/100] mptfusion: enable no_write_same for vmware scsi disks Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 024/100] qla2xxx: Use correct offset to req-q-out for reserve calculation Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 025/100] qla2xxx: Fix shost use-after-free on device removal Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 026/100] dmaengine: fix xor sources continuation Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 027/100] firmware_class: make sure fw requests contain a name Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 028/100] Drivers: hv: vmbus: Cleanup vmbus_post_msg() Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 029/100] Drivers: hv: vmbus: Cleanup vmbus_teardown_gpadl() Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 030/100] Drivers: hv: vmbus: Cleanup vmbus_close_internal() Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 031/100] Drivers: hv: vmbus: Cleanup vmbus_establish_gpadl() Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 032/100] Drivers: hv: vmbus: Fix a bug in vmbus_open() Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 033/100] mei: bus: fix possible boundaries violation Greg Kroah-Hartman
2014-10-28 3:35 ` Greg Kroah-Hartman [this message]
2014-10-28 3:35 ` [PATCH 3.14 035/100] Fixing lease renewal Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 036/100] Documentation: lzo: document part of the encoding Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 037/100] Revert "lzo: properly check for overruns" Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 038/100] lzo: check for length overrun in variable length encoding Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 039/100] tty: omap-serial: fix division by zero Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 040/100] NFSv4: Fix lock recovery when CREATE_SESSION/SETCLIENTID_CONFIRM fails Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 041/100] NFSv4: fix open/lock state recovery error handling Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 042/100] NFSv4.1: Fix an NFSv4.1 state renewal regression Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 043/100] iwlwifi: Add missing PCI IDs for the 7260 series Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 044/100] PCI: mvebu: Fix uninitialized variable in mvebu_get_tgt_attr() Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 045/100] PCI: Increase IBM ipr SAS Crocodile BARs to at least system page size Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 046/100] PCI: Generate uppercase hex for modalias interface class Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 047/100] rt2800: correct BBP1_TX_POWER_CTRL mask Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 048/100] Bluetooth: Fix HCI H5 corrupted ack value Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 049/100] Bluetooth: Fix incorrect LE CoC PDU length restriction based on HCI MTU Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 050/100] Bluetooth: Fix issue with USB suspend in btusb driver Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 051/100] mm: clear __GFP_FS when PF_MEMALLOC_NOIO is set Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 053/100] kernel: add support for gcc 5 Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 054/100] futex: Ensure get_futex_key_refs() always implies a barrier Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 055/100] powerpc/iommu/ddw: Fix endianness Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 056/100] ima: provide flag to identify new empty files Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 057/100] spi: dw-mid: terminate ongoing transfers at exit Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 058/100] arm64: compat: fix compat types affecting struct compat_elf_prpsinfo Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 059/100] ALSA: pcm: use the same dma mmap codepath both for arm and arm64 Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 060/100] ALSA: emu10k1: Fix deadlock in synth voice lookup Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 061/100] ALSA: ALC283 codec - Avoid pop noise on headphones during suspend/resume Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 062/100] ALSA: usb-audio: Add support for Steinberg UR22 USB interface Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 063/100] ALSA: hda - hdmi: Fix missing ELD change event on plug/unplug Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 064/100] ARM: at91/dt: Fix typo regarding can0_clk Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 065/100] ARM: at91: fix at91sam9263ek DT mmc pinmuxing settings Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 066/100] ARM: at91/PMC: dont forget to write PMC_PCDR register to disable clocks Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 067/100] ARM: mvebu: Netgear RN104: Use Hardware BCH ECC Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 068/100] ARM: mvebu: Netgear RN2120: " Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 069/100] ARM: mvebu: Netgear RN102: " Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 070/100] ecryptfs: avoid to access NULL pointer when write metadata in xattr Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 071/100] xfs: ensure WB_SYNC_ALL writeback handles partial pages correctly Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 072/100] sparc64: Do not disable interrupts in nmi_cpu_busy() Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 073/100] sparc64: Fix pcr_ops initialization and usage bugs Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.14 074/100] sparc32: dma_alloc_coherent must honour gfp flags Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.14 075/100] sparc64: sun4v TLB error power off events Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.14 076/100] sparc64: Fix corrupted thread fault code Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.14 077/100] sparc64: find_node adjustment Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.14 078/100] sparc64: Move request_irq() from ldc_bind() to ldc_alloc() Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.14 079/100] sparc: Let memset return the address argument Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.14 080/100] sparc64: Fix reversed start/end in flush_tlb_kernel_range() Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.14 081/100] sparc64: Fix lockdep warnings on reboot on Ultra-5 Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.14 082/100] sparc64: Fix FPU register corruption with AES crypto offload Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.14 083/100] sparc64: Do not define thread fpregs save area as zero-length array Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.14 084/100] sparc64: Fix hibernation code refrence to PAGE_OFFSET Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.14 085/100] sparc64: correctly recognise M6 and M7 cpu type Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.14 086/100] sparc64: support M6 and M7 for building CPU distribution map Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.14 087/100] sparc64: cpu hardware caps support for sparc M6 and M7 Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.14 088/100] sparc64: T5 PMU Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.14 089/100] sparc64: Switch to 4-level page tables Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.14 090/100] sparc64: Define VA hole at run time, rather than at compile time Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.14 091/100] sparc64: Adjust KTSB assembler to support larger physical addresses Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.14 092/100] sparc64: Fix physical memory management regressions with large max_phys_bits Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.14 093/100] sparc64: Use kernel page tables for vmemmap Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.14 094/100] sparc64: Increase MAX_PHYS_ADDRESS_BITS to 53 Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.14 095/100] sparc64: Adjust vmalloc region size based upon available virtual address bits Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.14 096/100] sparc64: sparse irq Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.14 097/100] sparc64: Kill unnecessary tables and increase MAX_BANKS Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.14 098/100] sparc64: Increase size of boot string to 1024 bytes Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.14 099/100] sparc64: Fix register corruption in top-most kernel stack frame during boot Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.14 100/100] sparc64: Implement __get_user_pages_fast() Greg Kroah-Hartman
2014-10-28 15:13 ` [PATCH 3.14 000/100] 3.14.23-stable review Guenter Roeck
2014-10-28 16:15 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141028033502.128815160@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=fthain@telegraphics.com.au \
--cc=geert@linux-m68k.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).