microsoft
/
WSL2-Linux-Kernel
зеркало из https://github.com/microsoft/WSL2-Linux-Kernel.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
WSL2-Linux-Kernel/arch/powerpc/kernel
История
Michael Neuling 26bee6ef0d powerpc/tm: Fix oops on sigreturn on systems without TM 
commit f16d80b75a upstream.

On systems like P9 powernv where we have no TM (or P8 booted with
ppc_tm=off), userspace can construct a signal context which still has
the MSR TS bits set. The kernel tries to restore this context which
results in the following crash:

  Unexpected TM Bad Thing exception at c0000000000022fc (msr 0x8000000102a03031) tm_scratch=800000020280f033
  Oops: Unrecoverable exception, sig: 6 [#1]
  LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries
  Modules linked in:
  CPU: 0 PID: 1636 Comm: sigfuz Not tainted 5.2.0-11043-g0a8ad0ffa4 #69
  NIP:  c0000000000022fc LR: 00007fffb2d67e48 CTR: 0000000000000000
  REGS: c00000003fffbd70 TRAP: 0700   Not tainted  (5.2.0-11045-g7142b497d8)
  MSR:  8000000102a03031 <SF,VEC,VSX,FP,ME,IR,DR,LE,TM[E]>  CR: 42004242  XER: 00000000
  CFAR: c0000000000022e0 IRQMASK: 0
  GPR00: 0000000000000072 00007fffb2b6e560 00007fffb2d87f00 0000000000000669
  GPR04: 00007fffb2b6e728 0000000000000000 0000000000000000 00007fffb2b6f2a8
  GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
  GPR12: 0000000000000000 00007fffb2b76900 0000000000000000 0000000000000000
  GPR16: 00007fffb2370000 00007fffb2d84390 00007fffea3a15ac 000001000a250420
  GPR20: 00007fffb2b6f260 0000000010001770 0000000000000000 0000000000000000
  GPR24: 00007fffb2d843a0 00007fffea3a14a0 0000000000010000 0000000000800000
  GPR28: 00007fffea3a14d8 00000000003d0f00 0000000000000000 00007fffb2b6e728
  NIP [c0000000000022fc] rfi_flush_fallback+0x7c/0x80
  LR [00007fffb2d67e48] 0x7fffb2d67e48
  Call Trace:
  Instruction dump:
  e96a0220 e96a02a8 e96a0330 e96a03b8 394a0400 4200ffdc 7d2903a6 e92d0c00
  e94d0c08 e96d0c10 e82d0c18 7db242a6 <4c000024> 7db243a6 7db142a6 f82d0c18

The problem is the signal code assumes TM is enabled when
CONFIG_PPC_TRANSACTIONAL_MEM is enabled. This may not be the case as
with P9 powernv or if `ppc_tm=off` is used on P8.

This means any local user can crash the system.

Fix the problem by returning a bad stack frame to the user if they try
to set the MSR TS bits with sigreturn() on systems where TM is not
supported.

Found with sigfuz kernel selftest on P9.

This fixes CVE-2019-13648.

Fixes: 2b0a576d15 ("powerpc: Add new transactional memory state to the signal context")
Cc: stable@vger.kernel.org # v3.9
Reported-by: Praveen Pandey <Praveen.Pandey@in.ibm.com>
Signed-off-by: Michael Neuling <mikey@neuling.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20190719050502.405-1-mikey@neuling.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2019-07-31 07:28:58 +02:00
..
trace License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
vdso32 License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
vdso64 License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
.gitignore
Makefile powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC 2019-04-03 06:25:12 +02:00
align.c powerpc: Fix check for copy/paste instructions in alignment handler 2017-10-25 12:42:35 +02:00
asm-offsets.c powerpc/64s: Improve RFI L1-D cache flush fallback 2018-05-30 07:51:50 +02:00
audit.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
btext.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
cacheinfo.c powerpc: Convert to using %pOF instead of full_name 2017-08-23 22:27:04 +10:00
cacheinfo.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
compat_audit.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
cpu_setup_6xx.S
cpu_setup_44x.S
cpu_setup_fsl_booke.S
cpu_setup_pa6t.S
cpu_setup_power.S powerpc/64s: Clear PCR on boot 2018-05-30 07:51:49 +02:00
cpu_setup_ppc970.S
cputable.c powerpc/8xx: Use symbolic PVR value 2017-08-10 23:32:18 +10:00
crash.c powerpc/fadump: remove dependency with CONFIG_KEXEC 2017-05-08 17:15:11 -07:00
crash_dump.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
dbell.c powerpc: Introduce msgsnd/doorbell barrier primitives 2017-04-13 23:34:33 +10:00
dma-iommu.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
dma-swiotlb.c treewide: Constify most dma_map_ops structures 2017-01-24 12:23:35 -05:00
dma.c powerpc: merge __dma_set_mask into dma_set_mask 2017-06-28 06:54:55 -07:00
dt_cpu_ftrs.c powerpc/64s: Clear PCR on boot 2018-05-30 07:51:49 +02:00
eeh.c powerpc/eeh: Handle hugepages in ioremap space 2019-07-31 07:28:55 +02:00
eeh_cache.c
eeh_dev.c powerpc/eeh: Create PHB PEs after EEH is initialized 2017-09-21 14:56:00 +10:00
eeh_driver.c powerpc/eeh: Fix use-after-release of EEH driver 2018-08-03 07:50:24 +02:00
eeh_event.c
eeh_pe.c powerpc/eeh: Fix enabling bridge MMIO windows 2018-04-24 09:36:37 +02:00
eeh_sysfs.c powerpc/eeh: Remove unnecessary config_addr from eeh_dev 2017-08-31 14:26:09 +10:00
entry_32.S powerpc/fsl: Sanitize the syscall table for NXP PowerPC 32 bit platforms 2019-04-03 06:25:13 +02:00
entry_64.S powerpc/fsl: Flush the branch predictor at each kernel entry (64bit) 2019-04-03 06:25:14 +02:00
epapr_hcalls.S
epapr_paravirt.c
exceptions-64e.S powerpc/fsl: Fix the flush of branch predictor. 2019-04-03 06:25:15 +02:00
exceptions-64s.S powerpc/watchpoint: Restore NV GPRs while returning from exception 2019-07-31 07:28:42 +02:00
fadump.c powerpc/fadump: Do not allow hot-remove memory from fadump reserved area. 2019-02-12 19:46:07 +01:00
firmware.c
fpu.S
fsl_booke_entry_mapping.S License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
head_8xx.S powerpc/8xx: fix invalid register expression in head_8xx.S 2018-08-03 07:50:31 +02:00
head_32.S powerpc: Fix DABR match on hash based systems 2018-02-22 15:42:17 +01:00
head_40x.S
head_44x.S
head_64.S powerpc/64: Fix booting large kernels with STRICT_KERNEL_RWX 2019-05-31 06:47:25 -07:00
head_booke.h powerpc/fsl: Fixed warning: orphan section `__btb_flush_fixup' 2019-04-03 06:25:15 +02:00
head_fsl_booke.S powerpc/fsl: Flush the branch predictor at each kernel entry (32 bit) 2019-04-03 06:25:14 +02:00
hw_breakpoint.c powerpc/ptrace: Fix enforcement of DAWR constraints 2018-07-03 11:24:50 +02:00
idle.c
idle_6xx.S
idle_book3e.S
idle_book3s.S powerpc/powernv/idle: Restore IAMR after idle 2019-05-16 19:42:35 +02:00
idle_e500.S
idle_power4.S
ima_kexec.c powerpc: ima: send the kexec buffer to the next kernel 2016-12-20 09:48:44 -08:00
io-workarounds.c powerpc: Convert to using %pOF instead of full_name 2017-08-23 22:27:04 +10:00
io.c
iomap.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
iommu.c powerpc/iommu: Use permission-specific DEVICE_ATTR variants 2017-09-01 16:42:54 +10:00
irq.c powerpc/64s: Fix lost pending interrupt due to race causing lost update to irq_happened 2018-04-08 14:26:27 +02:00
isa-bridge.c powerpc: Convert to using %pOF instead of full_name 2017-08-23 22:27:04 +10:00
jump_label.c
kexec_elf_64.c powerpc: ima: send the kexec buffer to the next kernel 2016-12-20 09:48:44 -08:00
kgdb.c powerpc/8xx: Getting rid of remaining use of CONFIG_8xx 2017-08-10 23:32:12 +10:00
kprobes-ftrace.c powerpc/jprobes: Disable preemption when triggered through ftrace 2017-12-10 13:40:43 +01:00
kprobes.c powerpc/kprobes: Fix call trace due to incorrect preempt count 2018-04-24 09:36:28 +02:00
kvm.c kmemleak: powerpc: skip scanning holes in the .bss section 2019-05-08 07:20:50 +02:00
kvm_emul.S
l2cr_6xx.S powerpc/l2cr_6xx: Fix invalid use of register expressions 2017-08-15 21:04:32 +10:00
legacy_serial.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
machine_kexec.c powerpc/kdump: Handle crashkernel memory reservation failure 2018-10-03 17:00:48 -07:00
machine_kexec_32.c
machine_kexec_64.c powerpc: Add purgatory for kexec_file_load() implementation. 2016-11-30 23:15:26 +11:00
machine_kexec_file_64.c powerpc/kexec_file: Fix error code when trying to load kdump kernel 2018-04-24 09:36:28 +02:00
mce.c powerpc/mce: Move 64-bit machine check code into mce.c 2017-08-10 23:31:31 +10:00
mce_power.c powerpc: Fix workaround for spurious MCE on POWER9 2017-09-29 14:19:44 +10:00
misc.S
misc_32.S powerpc/40x: Clear MSR_DR in one insn instead of two 2017-06-02 19:20:43 +10:00
misc_64.S powerpc/kexec: Fix kexec/kdump in P9 guest kernels 2017-12-05 11:26:31 +01:00
module.c powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC 2019-04-03 06:25:12 +02:00
module_32.c
module_64.c powerpc/64/module: REL32 relocation range check 2018-11-21 09:24:02 +01:00
msi.c powerpc/msi: Fix NULL pointer access in teardown code 2018-12-21 14:13:06 +01:00
nvram_64.c pstore: Convert buf_lock to semaphore 2019-06-11 12:21:48 +02:00
of_platform.c powerpc: Convert to using %pOF instead of full_name 2017-08-23 22:27:04 +10:00
optprobes.c powerpc/kprobes: Disable preemption before invoking probe handler for optprobes 2017-12-10 13:40:43 +01:00
optprobes_head.S powerpc/kprobes: Don't save/restore DAR/DSISR to/from pt_regs for optprobes 2017-08-24 16:19:01 +10:00
paca.c treewide: make "nr_cpu_ids" unsigned 2017-09-08 18:26:48 -07:00
pci-common.c powerpc: Convert to using %pOF instead of full_name 2017-08-23 22:27:04 +10:00
pci-hotplug.c
pci_32.c powerpc/32: Add a missing include header 2018-08-03 07:50:30 +02:00
pci_64.c powerpc: Convert to using %pOF instead of full_name 2017-08-23 22:27:04 +10:00
pci_dn.c powerpc/pci: Remove OF node back pointer from pci_dn 2017-08-31 14:26:12 +10:00
pci_of_scan.c powerpc/pci/of: Fix OF flags parsing for 64bit BARs 2019-07-31 07:28:52 +02:00
pmc.c
ppc32.h
ppc_save_regs.S
proc_powerpc.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
process.c powerpc: Fix 32-bit KVM-PR lockup and host crash with MacOS guest 2019-03-23 14:35:27 +01:00
prom.c powerpc: Fix booting P9 hash with CONFIG_PPC_RADIX_MMU=N 2017-05-25 23:07:44 +10:00
prom_init.c powerpc: Add __printf verification to prom_printf 2018-08-03 07:50:30 +02:00
prom_init_check.sh
prom_parse.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ptrace.c powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning 2019-03-23 14:35:27 +01:00
ptrace32.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
reloc_32.S
reloc_64.S powerpc/asm: Convert .llong directives to .8byte 2017-08-31 14:26:47 +10:00
rtas-proc.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
rtas-rtc.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
rtas.c mm: treewide: remove GFP_TEMPORARY allocation flag 2017-09-13 18:53:16 -07:00
rtas_flash.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
rtas_pci.c powerpc/kernel: Change retrieval of pci_dn 2017-08-31 14:26:40 +10:00
rtasd.c powerpc/pseries: Remove prrn_work workqueue 2019-04-20 09:15:04 +02:00
security.c powerpc/64s: Include cpu header 2019-05-16 19:42:33 +02:00
setup-common.c powerpc/fsl: Enable runtime patching if nospectre_v2 boot arg is used 2019-04-03 06:25:14 +02:00
setup.h
setup_32.c powerpc/32: remove a NOP from memset() 2017-09-01 16:42:46 +10:00
setup_64.c powerpc/speculation: Support 'mitigations=' cmdline option 2019-05-14 19:18:46 +02:00
signal.c powerpc/signal: Properly handle return value from uprobe_deny_signal() 2017-11-30 08:40:56 +00:00
signal.h
signal_32.c powerpc/tm: Fix oops on sigreturn on systems without TM 2019-07-31 07:28:58 +02:00
signal_64.c powerpc/tm: Fix oops on sigreturn on systems without TM 2019-07-31 07:28:58 +02:00
smp-tbsync.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
smp.c powerpc/smp: Add Power9 scheduler topology 2017-08-31 18:16:08 +10:00
stacktrace.c powerpc: Make /proc/self/stack always print the current stack 2017-03-28 14:43:59 +11:00
suspend.c
swsusp.c powerpc/swsusp: Include suspend.h to silence sparse warnings 2017-03-20 19:02:49 +11:00
swsusp_32.S powerpc/32s: fix suspend/resume when IBATs 4-7 are used 2019-07-31 07:28:42 +02:00
swsusp_64.c sched/headers: Prepare for new header dependencies before moving code to <linux/sched/nmi.h> 2017-03-02 08:42:30 +01:00
swsusp_asm64.S powerpc: Fix invalid use of register expressions 2017-08-10 22:29:41 +10:00
swsusp_booke.S License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
sys_ppc32.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
syscalls.c powerpc/tracing: Allow tracing of mmap syscalls 2017-04-12 22:32:43 +10:00
sysfs.c powerpc/sysfs: Move #ifdef CONFIG_HOTPLUG_CPU out of the function body 2017-05-03 14:45:38 +10:00
systbl.S powerpc/asm: Convert .llong directives to .8byte 2017-08-31 14:26:47 +10:00
systbl_chk.c
systbl_chk.sh
tau_6xx.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
time.c powerpc: use spin loop primitives in some functions 2017-07-02 20:40:24 +10:00
tm.S powerpc/tm: Avoid possible userspace r1 corruption on reclaim 2018-10-20 09:48:52 +02:00
traps.c powerpc/traps: Fix the message printed when stack overflows 2019-03-23 14:35:27 +01:00
udbg.c
udbg_16550.c
uprobes.c powerpc/uprobes: Implement arch_uretprobe_is_alive() 2017-08-24 16:19:21 +10:00
vdso.c powerpc/64: Clean up ppc64_caches using a struct per cache 2017-02-06 19:46:04 +11:00
vecemu.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
vector.S License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
vmlinux.lds.S powerpc/fsl: Add infrastructure to fixup branch predictor flush 2019-04-03 06:25:13 +02:00
watchdog.c powerpc/watchdog: Do not trigger SMP crash from touch_nmi_watchdog 2017-12-25 14:26:28 +01:00