From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, Masahiro Yamada <masahiroy@kernel.org>,
Ard Biesheuvel <ardb@kernel.org>,
"Russell King (Oracle)" <rmk+kernel@armlinux.org.uk>,
John Stultz <jstultz@google.com>
Subject: [PATCH 6.1 098/105] ARM: 9324/1: fix get_user() broken with veneer
Date: Tue, 23 Jul 2024 20:24:15 +0200 [thread overview]
Message-ID: <20240723180407.021033421@linuxfoundation.org> (raw)
In-Reply-To: <20240723180402.490567226@linuxfoundation.org>
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Masahiro Yamada <masahiroy@kernel.org>
commit 24d3ba0a7b44c1617c27f5045eecc4f34752ab03 upstream.
The 32-bit ARM kernel stops working if the kernel grows to the point
where veneers for __get_user_* are created.
AAPCS32 [1] states, "Register r12 (IP) may be used by a linker as a
scratch register between a routine and any subroutine it calls. It
can also be used within a routine to hold intermediate values between
subroutine calls."
However, bl instructions buried within the inline asm are unpredictable
for compilers; hence, "ip" must be added to the clobber list.
This becomes critical when veneers for __get_user_* are created because
veneers use the ip register since commit 02e541db0540 ("ARM: 8323/1:
force linker to use PIC veneers").
[1]: https://github.com/ARM-software/abi-aa/blob/2023Q1/aapcs32/aapcs32.rst
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Cc: John Stultz <jstultz@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/include/asm/uaccess.h | 14 ++------------
1 file changed, 2 insertions(+), 12 deletions(-)
--- a/arch/arm/include/asm/uaccess.h
+++ b/arch/arm/include/asm/uaccess.h
@@ -109,16 +109,6 @@ extern int __get_user_64t_1(void *);
extern int __get_user_64t_2(void *);
extern int __get_user_64t_4(void *);
-#define __GUP_CLOBBER_1 "lr", "cc"
-#ifdef CONFIG_CPU_USE_DOMAINS
-#define __GUP_CLOBBER_2 "ip", "lr", "cc"
-#else
-#define __GUP_CLOBBER_2 "lr", "cc"
-#endif
-#define __GUP_CLOBBER_4 "lr", "cc"
-#define __GUP_CLOBBER_32t_8 "lr", "cc"
-#define __GUP_CLOBBER_8 "lr", "cc"
-
#define __get_user_x(__r2, __p, __e, __l, __s) \
__asm__ __volatile__ ( \
__asmeq("%0", "r0") __asmeq("%1", "r2") \
@@ -126,7 +116,7 @@ extern int __get_user_64t_4(void *);
"bl __get_user_" #__s \
: "=&r" (__e), "=r" (__r2) \
: "0" (__p), "r" (__l) \
- : __GUP_CLOBBER_##__s)
+ : "ip", "lr", "cc")
/* narrowing a double-word get into a single 32bit word register: */
#ifdef __ARMEB__
@@ -148,7 +138,7 @@ extern int __get_user_64t_4(void *);
"bl __get_user_64t_" #__s \
: "=&r" (__e), "=r" (__r2) \
: "0" (__p), "r" (__l) \
- : __GUP_CLOBBER_##__s)
+ : "ip", "lr", "cc")
#else
#define __get_user_x_64t __get_user_x
#endif
next prev parent reply other threads:[~2024-07-23 18:30 UTC|newest]
Thread overview: 116+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-23 18:22 [PATCH 6.1 000/105] 6.1.101-rc1 review Greg Kroah-Hartman
2024-07-23 18:22 ` [PATCH 6.1 001/105] minmax: sanity check constant bounds when clamping Greg Kroah-Hartman
2024-07-23 18:22 ` [PATCH 6.1 002/105] minmax: clamp more efficiently by avoiding extra comparison Greg Kroah-Hartman
2024-07-23 18:22 ` [PATCH 6.1 003/105] minmax: fix header inclusions Greg Kroah-Hartman
2024-07-23 18:22 ` [PATCH 6.1 004/105] minmax: allow min()/max()/clamp() if the arguments have the same signedness Greg Kroah-Hartman
2024-07-23 18:22 ` [PATCH 6.1 005/105] minmax: allow comparisons of int against unsigned char/short Greg Kroah-Hartman
2024-07-23 18:22 ` [PATCH 6.1 006/105] minmax: relax check to allow comparison between unsigned arguments and signed constants Greg Kroah-Hartman
2024-07-23 18:22 ` [PATCH 6.1 007/105] mm/damon/core: merge regions aggressively when max_nr_regions is unmet Greg Kroah-Hartman
2024-07-23 18:22 ` [PATCH 6.1 008/105] gcc-plugins: Rename last_stmt() for GCC 14+ Greg Kroah-Hartman
2024-07-23 18:22 ` [PATCH 6.1 009/105] filelock: Remove locks reliably when fcntl/close race is detected Greg Kroah-Hartman
2024-07-23 18:22 ` [PATCH 6.1 010/105] scsi: core: alua: I/O errors for ALUA state transitions Greg Kroah-Hartman
2024-07-23 18:22 ` [PATCH 6.1 011/105] scsi: qedf: Dont process stag work during unload and recovery Greg Kroah-Hartman
2024-07-23 18:22 ` [PATCH 6.1 012/105] scsi: qedf: Wait for stag work during unload Greg Kroah-Hartman
2024-07-23 18:22 ` [PATCH 6.1 013/105] scsi: qedf: Set qed_slowpath_params to zero before use Greg Kroah-Hartman
2024-07-23 18:22 ` [PATCH 6.1 014/105] efi/libstub: zboot.lds: Discard .discard sections Greg Kroah-Hartman
2024-07-23 18:22 ` [PATCH 6.1 015/105] ACPI: EC: Abort address space access upon error Greg Kroah-Hartman
2024-07-23 18:22 ` [PATCH 6.1 016/105] ACPI: EC: Avoid returning AE_OK on errors in address space handler Greg Kroah-Hartman
2024-07-23 18:22 ` [PATCH 6.1 017/105] tools/power/cpupower: Fix Pstate frequency reporting on AMD Family 1Ah CPUs Greg Kroah-Hartman
2024-07-23 18:22 ` [PATCH 6.1 018/105] wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata Greg Kroah-Hartman
2024-07-23 18:22 ` [PATCH 6.1 019/105] wifi: mac80211: apply mcast rate only if interface is up Greg Kroah-Hartman
2024-07-23 18:22 ` [PATCH 6.1 020/105] wifi: mac80211: handle tasklet frames before stopping Greg Kroah-Hartman
2024-07-23 18:22 ` [PATCH 6.1 021/105] wifi: cfg80211: fix 6 GHz scan request building Greg Kroah-Hartman
2024-07-23 18:22 ` [PATCH 6.1 022/105] wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 023/105] wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 024/105] wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe option Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 025/105] wifi: iwlwifi: mvm: Fix scan abort handling with HW rfkill Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 026/105] wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 027/105] selftests/openat2: Fix build warnings on ppc64 Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 028/105] selftests/futex: pass _GNU_SOURCE without a value to the compiler Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 029/105] of/irq: Factor out parsing of interrupt-map parent phandle+args from of_irq_parse_raw() Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 030/105] Input: silead - Always support 10 fingers Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 031/105] net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 032/105] ila: block BH in ila_output() Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 033/105] null_blk: fix validation of block size Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 034/105] kconfig: gconf: give a proper initial state to the Save button Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 035/105] kconfig: remove wrong expr_trans_bool() Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 036/105] HID: Ignore battery for ELAN touchscreens 2F2C and 4116 Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 037/105] NFSv4: Fix memory leak in nfs4_set_security_label Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 038/105] nfs: propagate readlink errors in nfs_symlink_filler Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 039/105] nfs: dont invalidate dentries on transient errors Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 040/105] cachefiles: add consistency check for copen/cread Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 041/105] cachefiles: Set object to close if ondemand_id < 0 in copen Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 042/105] cachefiles: make on-demand read killable Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 043/105] fs/file: fix the check in find_next_fd() Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 044/105] mei: demote client disconnect warning on suspend to debug Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 045/105] iomap: Fix iomap_adjust_read_range for plen calculation Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 046/105] drm: panel-orientation-quirks: Add quirk for Aya Neo KUN Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 047/105] nvme: avoid double free special payload Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 048/105] nvmet: always initialize cqe.result Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 049/105] wifi: cfg80211: wext: add extra SIOCSIWSCAN data check Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 050/105] KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 051/105] drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 052/105] ALSA: hda/realtek: Add more codec ID to no shutup pins list Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 053/105] mips: fix compat_sys_lseek syscall Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 054/105] Input: elantech - fix touchpad state on resume for Lenovo N24 Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 055/105] Input: i8042 - add Ayaneo Kun to i8042 quirk table Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 056/105] ASoC: topology: Fix references to freed memory Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 057/105] ASoC: topology: Do not assign fields that are already set Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 058/105] bytcr_rt5640 : inverse jack detect for Archos 101 cesium Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 059/105] ALSA: dmaengine: Synchronize dma channel after drop() Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 060/105] ASoC: ti: davinci-mcasp: Set min period size using FIFO config Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 061/105] ASoC: ti: omap-hdmi: Fix too long driver name Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 062/105] ASoC: SOF: sof-audio: Skip unprepare for in-use widgets on error rollback Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 063/105] can: kvaser_usb: fix return value for hif_usb_send_regout Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 064/105] gpio: pca953x: fix pca953x_irq_bus_sync_unlock race Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 065/105] s390/sclp: Fix sclp_init() cleanup on failure Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 066/105] platform/mellanox: nvsw-sn2201: Add check for platform_device_add_resources Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 067/105] platform/x86: wireless-hotkey: Add support for LG Airplane Button Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 068/105] platform/x86: lg-laptop: Remove LGEX0815 hotkey handling Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 069/105] platform/x86: lg-laptop: Change ACPI device id Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 070/105] platform/x86: lg-laptop: Use ACPI device handle when evaluating WMAB/WMBB Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 071/105] btrfs: qgroup: fix quota root leak after quota disable failure Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 072/105] ibmvnic: Add tx check to prevent skb leak Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 073/105] ALSA: PCM: Allow resume only for suspended streams Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 074/105] ALSA: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 075/105] ALSA: dmaengine_pcm: terminate dmaengine before synchronize Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 076/105] ASoC: amd: yc: Fix non-functional mic on ASUS M5602RA Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 077/105] net: usb: qmi_wwan: add Telit FN912 compositions Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 078/105] net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD() Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 079/105] powerpc/pseries: Whitelist dtl slub object for copying to userspace Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 080/105] powerpc/eeh: avoid possible crash when edev->pdev changes Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 081/105] scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed Greg Kroah-Hartman
2024-07-23 18:23 ` [PATCH 6.1 082/105] tee: optee: ffa: Fix missing-field-initializers warning Greg Kroah-Hartman
2024-07-23 18:24 ` [PATCH 6.1 083/105] Bluetooth: hci_core: cancel all works upon hci_unregister_dev() Greg Kroah-Hartman
2024-07-23 18:24 ` [PATCH 6.1 084/105] bluetooth/l2cap: sync sock recv cb and release Greg Kroah-Hartman
2024-07-23 18:24 ` [PATCH 6.1 085/105] erofs: ensure m_llen is reset to 0 if metadata is invalid Greg Kroah-Hartman
2024-07-23 18:24 ` [PATCH 6.1 086/105] drm/amd/display: Account for cursor prefetch BW in DML1 mode support Greg Kroah-Hartman
2024-07-23 18:24 ` [PATCH 6.1 087/105] drm/radeon: check bo_va->bo is non-NULL before using it Greg Kroah-Hartman
2024-07-23 18:24 ` [PATCH 6.1 088/105] fs: better handle deep ancestor chains in is_subdir() Greg Kroah-Hartman
2024-07-23 18:24 ` [PATCH 6.1 089/105] wifi: iwlwifi: properly set WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK Greg Kroah-Hartman
2024-07-23 18:24 ` [PATCH 6.1 090/105] drivers/perf: riscv: Reset the counter to hpmevent mapping while starting cpus Greg Kroah-Hartman
2024-07-23 18:24 ` [PATCH 6.1 091/105] riscv: stacktrace: fix usage of ftrace_graph_ret_addr() Greg Kroah-Hartman
2024-07-23 18:24 ` [PATCH 6.1 092/105] spi: imx: Dont expect DMA for i.MX{25,35,50,51,53} cspi devices Greg Kroah-Hartman
2024-07-23 18:24 ` [PATCH 6.1 093/105] ksmbd: return FILE_DEVICE_DISK instead of super magic Greg Kroah-Hartman
2024-07-23 18:24 ` [PATCH 6.1 094/105] selftests/vDSO: fix clang build errors and warnings Greg Kroah-Hartman
2024-07-23 18:24 ` [PATCH 6.1 095/105] hfsplus: fix uninit-value in copy_name Greg Kroah-Hartman
2024-07-23 18:24 ` [PATCH 6.1 096/105] spi: mux: set ctlr->bits_per_word_mask Greg Kroah-Hartman
2024-07-23 18:24 ` [PATCH 6.1 097/105] cifs: fix noisy message on copy_file_range Greg Kroah-Hartman
2024-07-23 18:24 ` Greg Kroah-Hartman [this message]
2024-07-23 18:24 ` [PATCH 6.1 099/105] Bluetooth: L2CAP: Fix deadlock Greg Kroah-Hartman
2024-07-23 18:24 ` [PATCH 6.1 100/105] of/irq: Disable "interrupt-map" parsing for PASEMI Nemo Greg Kroah-Hartman
2024-07-23 18:24 ` [PATCH 6.1 101/105] wifi: cfg80211: wext: set ssids=NULL for passive scans Greg Kroah-Hartman
2024-07-23 18:24 ` [PATCH 6.1 102/105] wifi: mac80211: disable softirqs for queued frame handling Greg Kroah-Hartman
2024-07-23 18:24 ` [PATCH 6.1 103/105] netfs, fscache: export fscache_put_volume() and add fscache_try_get_volume() Greg Kroah-Hartman
2024-07-23 18:24 ` [PATCH 6.1 104/105] cachefiles: fix slab-use-after-free in fscache_withdraw_volume() Greg Kroah-Hartman
2024-07-23 18:24 ` [PATCH 6.1 105/105] cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() Greg Kroah-Hartman
2024-07-23 19:50 ` [PATCH 6.1 000/105] 6.1.101-rc1 review Pavel Machek
2024-07-23 20:44 ` Florian Fainelli
2024-07-24 7:35 ` Jon Hunter
2024-07-24 11:10 ` Conor Dooley
2024-07-24 11:32 ` Mark Brown
2024-07-24 12:44 ` Peter Schneider
2024-07-24 13:56 ` Shreeya Patel
2024-07-24 15:23 ` Shuah Khan
2024-07-24 17:43 ` Naresh Kamboju
2024-07-25 5:31 ` Ron Economos
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240723180407.021033421@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=ardb@kernel.org \
--cc=jstultz@google.com \
--cc=masahiroy@kernel.org \
--cc=patches@lists.linux.dev \
--cc=rmk+kernel@armlinux.org.uk \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).