From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Finn Thain <fthain@telegraphics.com.au>,
Geert Uytterhoeven <geert@linux-m68k.org>
Subject: [PATCH 3.10 21/43] m68k: Disable/restore interrupts in hwreg_present()/hwreg_write()
Date: Tue, 28 Oct 2014 11:36:19 +0800 [thread overview]
Message-ID: <20141028033524.317126810@linuxfoundation.org> (raw)
In-Reply-To: <20141028033523.407092670@linuxfoundation.org>
3.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Geert Uytterhoeven <geert@linux-m68k.org>
commit e4dc601bf99ccd1c95b7e6eef1d3cf3c4b0d4961 upstream.
hwreg_present() and hwreg_write() temporarily change the VBR register to
another vector table. This table contains a valid bus error handler
only, all other entries point to arbitrary addresses.
If an interrupt comes in while the temporary table is active, the
processor will start executing at such an arbitrary address, and the
kernel will crash.
While most callers run early, before interrupts are enabled, or
explicitly disable interrupts, Finn Thain pointed out that macsonic has
one callsite that doesn't, causing intermittent boot crashes.
There's another unsafe callsite in hilkbd.
Fix this for good by disabling and restoring interrupts inside
hwreg_present() and hwreg_write().
Explicitly disabling interrupts can be removed from the callsites later.
Reported-by: Finn Thain <fthain@telegraphics.com.au>
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/m68k/mm/hwtest.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/arch/m68k/mm/hwtest.c
+++ b/arch/m68k/mm/hwtest.c
@@ -28,9 +28,11 @@
int hwreg_present( volatile void *regp )
{
int ret = 0;
+ unsigned long flags;
long save_sp, save_vbr;
long tmp_vectors[3];
+ local_irq_save(flags);
__asm__ __volatile__
( "movec %/vbr,%2\n\t"
"movel #Lberr1,%4@(8)\n\t"
@@ -46,6 +48,7 @@ int hwreg_present( volatile void *regp )
: "=&d" (ret), "=&r" (save_sp), "=&r" (save_vbr)
: "a" (regp), "a" (tmp_vectors)
);
+ local_irq_restore(flags);
return( ret );
}
@@ -58,9 +61,11 @@ EXPORT_SYMBOL(hwreg_present);
int hwreg_write( volatile void *regp, unsigned short val )
{
int ret;
+ unsigned long flags;
long save_sp, save_vbr;
long tmp_vectors[3];
+ local_irq_save(flags);
__asm__ __volatile__
( "movec %/vbr,%2\n\t"
"movel #Lberr2,%4@(8)\n\t"
@@ -78,6 +83,7 @@ int hwreg_write( volatile void *regp, un
: "=&d" (ret), "=&r" (save_sp), "=&r" (save_vbr)
: "a" (regp), "a" (tmp_vectors), "g" (val)
);
+ local_irq_restore(flags);
return( ret );
}
next prev parent reply other threads:[~2014-10-28 3:36 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-10-28 3:35 [PATCH 3.10 00/43] 3.10.59-stable review Greg Kroah-Hartman
2014-10-28 3:35 ` [PATCH 3.10 01/43] Btrfs: try not to ENOSPC on log replay Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.10 02/43] Btrfs: fix build_backref_tree issue with multiple shared blocks Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.10 03/43] Btrfs: fix race in WAIT_SYNC ioctl Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.10 04/43] fs: Add a missing permission check to do_umount Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.10 05/43] kvm: x86: fix stale mmio cache bug Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.10 06/43] KVM: s390: unintended fallthrough for external call Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.10 07/43] kvm: dont take vcpu mutex for obviously invalid vcpu ioctls Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.10 08/43] x86/intel/quark: Switch off CR4.PGE so TLB flush uses CR3 instead Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.10 09/43] spi: dw-mid: respect 8 bit mode Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.10 10/43] spi: dw-mid: check that DMA was inited before exit Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.10 11/43] regmap: debugfs: fix possbile NULL pointer dereference Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.10 12/43] regmap: fix NULL pointer dereference in _regmap_write/read Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.10 13/43] be2iscsi: check ip buffer before copying Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.10 14/43] mptfusion: enable no_write_same for vmware scsi disks Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.10 15/43] qla2xxx: Use correct offset to req-q-out for reserve calculation Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.10 16/43] firmware_class: make sure fw requests contain a name Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.10 17/43] Drivers: hv: vmbus: Cleanup vmbus_post_msg() Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.10 18/43] Drivers: hv: vmbus: Cleanup vmbus_teardown_gpadl() Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.10 19/43] Drivers: hv: vmbus: Cleanup vmbus_establish_gpadl() Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.10 20/43] Drivers: hv: vmbus: Fix a bug in vmbus_open() Greg Kroah-Hartman
2014-10-28 3:36 ` Greg Kroah-Hartman [this message]
2014-10-28 3:36 ` [PATCH 3.10 22/43] Documentation: lzo: document part of the encoding Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.10 23/43] Revert "lzo: properly check for overruns" Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.10 24/43] lzo: check for length overrun in variable length encoding Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.10 25/43] NFSv4: Fix lock recovery when CREATE_SESSION/SETCLIENTID_CONFIRM fails Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.10 26/43] NFSv4: fix open/lock state recovery error handling Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.10 27/43] NFSv4.1: Fix an NFSv4.1 state renewal regression Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.10 28/43] iwlwifi: Add missing PCI IDs for the 7260 series Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.10 29/43] PCI: Increase IBM ipr SAS Crocodile BARs to at least system page size Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.10 30/43] PCI: Generate uppercase hex for modalias interface class Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.10 31/43] rt2800: correct BBP1_TX_POWER_CTRL mask Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.10 32/43] Bluetooth: Fix HCI H5 corrupted ack value Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.10 33/43] Bluetooth: Fix issue with USB suspend in btusb driver Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.10 34/43] mm: clear __GFP_FS when PF_MEMALLOC_NOIO is set Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.10 36/43] kernel: add support for gcc 5 Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.10 37/43] spi: dw-mid: terminate ongoing transfers at exit Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.10 38/43] arm64: compat: fix compat types affecting struct compat_elf_prpsinfo Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.10 39/43] ALSA: pcm: use the same dma mmap codepath both for arm and arm64 Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.10 40/43] ALSA: emu10k1: Fix deadlock in synth voice lookup Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.10 41/43] ALSA: usb-audio: Add support for Steinberg UR22 USB interface Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.10 42/43] ARM: at91/PMC: dont forget to write PMC_PCDR register to disable clocks Greg Kroah-Hartman
2014-10-28 3:36 ` [PATCH 3.10 43/43] ecryptfs: avoid to access NULL pointer when write metadata in xattr Greg Kroah-Hartman
2014-10-28 4:43 ` [PATCH 3.10 00/43] 3.10.59-stable review Guenter Roeck
2014-10-28 6:02 ` Greg Kroah-Hartman
2014-10-28 16:16 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141028033524.317126810@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=fthain@telegraphics.com.au \
--cc=geert@linux-m68k.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).