WSL2-Linux-Kernel

История

Jens Axboe 7624973bc1 powerpc: Don't try to copy PPR for task with NULL pt_regs commit `fd72761894` upstream. powerpc sets up PF_KTHREAD and PF_IO_WORKER with a NULL pt_regs, which from my (arguably very short) checking is not commonly done for other archs. This is fine, except when PF_IO_WORKER's have been created and the task does something that causes a coredump to be generated. Then we get this crash: Kernel attempted to read user page (160) - exploit attempt? (uid: 1000) BUG: Kernel NULL pointer dereference on read at 0x00000160 Faulting instruction address: 0xc0000000000c3a60 Oops: Kernel access of bad area, sig: 11 [#1] LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=32 NUMA pSeries Modules linked in: bochs drm_vram_helper drm_kms_helper xts binfmt_misc ecb ctr syscopyarea sysfillrect cbc sysimgblt drm_ttm_helper aes_generic ttm sg libaes evdev joydev virtio_balloon vmx_crypto gf128mul drm dm_mod fuse loop configfs drm_panel_orientation_quirks ip_tables x_tables autofs4 hid_generic usbhid hid xhci_pci xhci_hcd usbcore usb_common sd_mod CPU: 1 PID: 1982 Comm: ppc-crash Not tainted 6.3.0-rc2+ #88 Hardware name: IBM pSeries (emulated by qemu) POWER9 (raw) 0x4e1202 0xf000005 of:SLOF,HEAD hv:linux,kvm pSeries NIP: c0000000000c3a60 LR: c000000000039944 CTR: c0000000000398e0 REGS: c0000000041833b0 TRAP: 0300 Not tainted (6.3.0-rc2+) MSR: 800000000280b033 <SF,VEC,VSX,EE,FP,ME,IR,DR,RI,LE> CR: 88082828 XER: 200400f8 ... NIP memcpy_power7+0x200/0x7d0 LR ppr_get+0x64/0xb0 Call Trace: ppr_get+0x40/0xb0 (unreliable) __regset_get+0x180/0x1f0 regset_get_alloc+0x64/0x90 elf_core_dump+0xb98/0x1b60 do_coredump+0x1c34/0x24a0 get_signal+0x71c/0x1410 do_notify_resume+0x140/0x6f0 interrupt_exit_user_prepare_main+0x29c/0x320 interrupt_exit_user_prepare+0x6c/0xa0 interrupt_return_srr_user+0x8/0x138 Because ppr_get() is trying to copy from a PF_IO_WORKER with a NULL pt_regs. Check for a valid pt_regs in both ppc_get/ppr_set, and return an error if not set. The actual error value doesn't seem to be important here, so just pick -EINVAL. Fixes: `fa439810cc` ("powerpc/ptrace: Enable support for NT_PPPC_TAR, NT_PPC_PPR, NT_PPC_DSCR") Cc: stable@vger.kernel.org # v4.8+ Signed-off-by: Jens Axboe <axboe@kernel.dk> [mpe: Trim oops in change log, add Fixes & Cc stable] Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Link: https://msgid.link/d9f63344-fe7c-56ae-b420-4a1a04a2ae4c@kernel.dk Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2023-04-05 11:25:00 +02:00
..
ptrace	powerpc: Don't try to copy PPR for task with NULL pt_regs	2023-04-05 11:25:00 +02:00
syscalls	compat: remove some compat entry points	2021-09-08 15:32:35 -07:00
trace	powerpc: flexible GPR range save/restore macros	2022-07-12 16:35:02 +02:00
vdso32	powerpc updates for 5.13	2021-04-30 12:22:28 -07:00
vdso64	powerpc/vdso: Don't use r30 to avoid breaking Go lang	2021-07-29 23:13:12 +10:00
.gitignore	…
Makefile	powerpc/64s: Disable stack variable initialisation for prom_init	2022-08-17 14:23:05 +02:00
align.c	powerpc: Rename probe_kernel_read_inst()	2021-04-21 22:52:33 +10:00
asm-offsets.c	Merge branch 'fixes' into next	2021-09-03 22:54:12 +10:00
audit.c	…
btext.c	powerpc/btext: add missing of_node_put	2022-01-27 11:04:57 +01:00
cacheinfo.c	powerpc/smp: Use existing L2 cache_map cpumask to find L3 cache siblings	2021-08-04 10:53:39 +10:00
cacheinfo.h	…
compat_audit.c	…
cpu_setup_6xx.S	…
cpu_setup_44x.S	…
cpu_setup_fsl_booke.S	powerpc: Retire e200 core (mpc555x processor)	2020-12-05 21:49:18 +11:00
cpu_setup_pa6t.S	…
cpu_setup_power.c	powerpc/perf: MMCR0 control for PMU registers under PMCC=00	2020-12-04 01:01:29 +11:00
cpu_setup_ppc970.S	…
cputable.c	arch: powerpc: Stop building and using oprofile	2021-01-29 10:05:51 +05:30
crash_dump.c	powerpc: Don't use 'struct ppc_inst' to reference instruction location	2021-06-17 00:09:00 +10:00
dawr.c	powerpc: rename powerpc_debugfs_root to arch_debugfs_dir	2021-08-13 22:04:26 +10:00
dbell.c	powerpc: handle irq_enter/irq_exit in interrupt handler wrappers	2021-02-09 00:10:49 +11:00
dma-iommu.c	powerpc/iommu: Report the correct most efficient DMA mask for PCI devices	2021-09-30 17:10:17 +10:00
dma-mask.c	…
dma-swiotlb.c	…
dt_cpu_ftrs.c	arch: powerpc: Stop building and using oprofile	2021-01-29 10:05:51 +05:30
early_32.c	…
eeh.c	powerpc: rename powerpc_debugfs_root to arch_debugfs_dir	2021-08-13 22:04:26 +10:00
eeh_cache.c	powerpc: rename powerpc_debugfs_root to arch_debugfs_dir	2021-08-13 22:04:26 +10:00
eeh_driver.c	…
eeh_event.c	…
eeh_pe.c	…
eeh_sysfs.c	…
entry_32.S	powerpc: flexible GPR range save/restore macros	2022-07-12 16:35:02 +02:00
entry_64.S	powerpc/rtas: Keep MSR[RI] set when calling RTAS	2022-06-09 10:22:42 +02:00
epapr_hcalls.S	…
epapr_paravirt.c	powerpc: Don't use 'struct ppc_inst' to reference instruction location	2021-06-17 00:09:00 +10:00
exceptions-64e.S	powerpc: flexible GPR range save/restore macros	2022-07-12 16:35:02 +02:00
exceptions-64s.S	powerpc: flexible GPR range save/restore macros	2022-07-12 16:35:02 +02:00
fadump.c	powerpc/fadump: fix PT_LOAD segment for boot memory area	2022-06-09 10:23:07 +02:00
firmware.c	powerpc: fix unbalanced node refcount in check_kvm_guest()	2021-11-18 19:16:51 +01:00
fpu.S	powerpc/32: Remove unneccessary calculations in load_up_{fpu/altivec}	2021-08-18 23:49:55 +10:00
fsl_booke_entry_mapping.S	powerpc/booke: Avoid link stack corruption in several places	2021-08-25 13:35:47 +10:00
head_8xx.S	powerpc/8xx: Fix pinned TLBs with CONFIG_STRICT_KERNEL_RWX	2021-11-25 09:48:44 +01:00
head_32.h	powerpc: flexible GPR range save/restore macros	2022-07-12 16:35:02 +02:00
head_40x.S	powerpc/40x: Map 32Mbytes of memory at startup	2022-01-27 11:05:01 +01:00
head_44x.S	powerpc/booke: Avoid link stack corruption in several places	2021-08-25 13:35:47 +10:00
head_64.S	powerpc/kexec: blacklist functions called in real mode for kprobe	2021-07-26 20:38:51 +10:00
head_book3s_32.S	powerpc/32: Set an IBAT covering up to _einittext during init	2022-08-25 11:40:43 +02:00
head_booke.h	powerpc: flexible GPR range save/restore macros	2022-07-12 16:35:02 +02:00
head_fsl_booke.S	powerpc updates for 5.15	2021-09-03 11:22:50 -07:00
hw_breakpoint.c	powerpc: rename powerpc_debugfs_root to arch_debugfs_dir	2021-08-13 22:04:26 +10:00
hw_breakpoint_constraints.c	powerpc/uaccess: Remove __get/put_user_inatomic()	2021-04-03 21:21:41 +11:00
idle.c	powerpc/mm: Switch obsolete dssall to .long	2022-06-14 18:36:27 +02:00
idle_6xx.S	powerpc/mm: Switch obsolete dssall to .long	2022-06-14 18:36:27 +02:00
idle_book3e.S	…
idle_book3s.S	powerpc/idle: Don't corrupt back chain when going idle	2021-10-20 21:37:58 +11:00
idle_e500.S	powerpc/32: Return directly from power_save_ppc32_restore()	2021-03-29 13:22:10 +11:00
ima_arch.c	…
interrupt.c	powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch	2023-02-14 19:18:03 +01:00
interrupt_64.S	powerpc: flexible GPR range save/restore macros	2022-07-12 16:35:02 +02:00
io-workarounds.c	powerpc: Fix reverse map real-mode address lookup with huge vmalloc	2021-05-28 22:54:27 +10:00
io.c	…
iomap.c	powerpc: inline iomap accessors	2020-12-04 01:01:09 +11:00
iommu.c	powerpc/iommu: fix memory leak with using debugfs_lookup()	2023-03-17 08:49:01 +01:00
irq.c	powerpc/64: warn if local irqs are enabled in NMI or hardirq context	2021-10-07 19:54:55 +11:00
isa-bridge.c	mm/vmalloc: remove unmap_kernel_range	2021-04-30 11:20:40 -07:00
jump_label.c	powerpc: Don't use 'struct ppc_inst' to reference instruction location	2021-06-17 00:09:00 +10:00
kdebugfs.c	powerpc: rename powerpc_debugfs_root to arch_debugfs_dir	2021-08-13 22:04:26 +10:00
kgdb.c	powerpc/64s: avoid reloading (H)SRR registers if they are still valid	2021-06-25 00:06:55 +10:00
kprobes-ftrace.c	powerpc/64s: avoid reloading (H)SRR registers if they are still valid	2021-06-25 00:06:55 +10:00
kprobes.c	powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe()	2022-10-26 12:35:23 +02:00
kvm.c	gup: Turn fault_in_pages_{readable,writeable} into fault_in_{readable,writeable}	2022-05-01 17:22:28 +02:00
kvm_emul.S	…
l2cr_6xx.S	powerpc/mm: Switch obsolete dssall to .long	2022-06-14 18:36:27 +02:00
legacy_serial.c	powerpc/legacy_serial: Fix UBSAN: array-index-out-of-bounds	2021-05-12 11:07:39 +10:00
mce.c	powerpc/mce: Fix access error in mce handler	2021-09-13 22:34:12 +10:00
mce_power.c	powerpc/powernv: Fix machine check reporting of async store errors	2021-06-21 21:13:19 +10:00
misc.S	powerpc: Avoid link stack corruption in misc asm functions	2021-08-25 13:35:47 +10:00
misc_32.S	powerpc: Avoid link stack corruption in misc asm functions	2021-08-25 13:35:47 +10:00
misc_64.S	powerpc: Avoid link stack corruption in misc asm functions	2021-08-25 13:35:47 +10:00
module.c	powerpc/modules: Don't WARN on first module allocation attempt	2022-01-27 11:04:08 +01:00
module_32.c	powerpc/modules: Use PPC_RAW_xx() macros	2021-06-16 00:16:48 +10:00
module_64.c	powerpc/module_64: Fix livepatching for RO modules	2021-12-22 09:32:49 +01:00
msi.c	…
note.S	…
nvram_64.c	printk: introduce a kmsg_dump iterator	2021-03-08 11:43:27 +01:00
of_platform.c	…
optprobes.c	powerpc/kprobes: Fix Oops by passing ppc_inst as a pointer to emulate_step() on ppc32	2021-06-25 14:46:51 +10:00
optprobes_head.S	powerpc: flexible GPR range save/restore macros	2022-07-12 16:35:02 +02:00
paca.c	Revert "powerpc/rtas: Implement reentrant rtas call"	2022-10-15 07:59:02 +02:00
pci-common.c	powerpc/pci: Fix get_phb_number() locking	2022-08-25 11:40:23 +02:00
pci-hotplug.c	…
pci_32.c	…
pci_64.c	mm/vmalloc: remove unmap_kernel_range	2021-04-30 11:20:40 -07:00
pci_dn.c	powerpc/pci_dn: Add missing of_node_put()	2022-10-26 12:35:22 +02:00
pci_of_scan.c	…
pmc.c	…
ppc32.h	…
ppc_save_regs.S	…
proc_powerpc.c	…
process.c	powerpc: Enable execve syscall exit tracepoint	2022-06-29 09:03:30 +02:00
prom.c	powerpc/64: Init jump labels before parse_early_param()	2022-08-25 11:40:45 +02:00
prom_init.c	powerpc/prom_init: Fix improper check of prom_getprop()	2022-01-27 11:04:06 +01:00
prom_init_check.sh	powerpc/prom_init: Fix kernel config grep	2022-07-07 17:53:24 +02:00
prom_parse.c	…
reloc_32.S	powerpc: Avoid link stack corruption in misc asm functions	2021-08-25 13:35:47 +10:00
reloc_64.S	powerpc/64: Add UADDR64 relocation support	2022-05-09 09:14:44 +02:00
rtas-proc.c	powerpc/rtas: rename RTAS_RMOBUF_MAX to RTAS_USER_REGION_SIZE	2021-04-14 23:04:16 +10:00
rtas-rtc.c	powerpc/rtas-rtc: remove unused constant	2021-06-25 14:47:20 +10:00
rtas.c	powerpc/rtas: avoid scheduling in rtas_os_term()	2023-01-12 11:58:46 +01:00
rtas_flash.c	…
rtas_pci.c	…
rtasd.c	powerpc: Replace deprecated CPU-hotplug functions.	2021-08-10 23:14:56 +10:00
secure_boot.c	…
security.c	powerpc/security: Add a helper to query stf_barrier type	2021-10-07 19:52:58 +11:00
secvar-ops.c	…
secvar-sysfs.c	powerpc/secvar: fix refcount leak in format_show()	2022-04-13 20:59:08 +02:00
setup-common.c	powerpc: rename powerpc_debugfs_root to arch_debugfs_dir	2021-08-13 22:04:26 +10:00
setup.h	powerpc: remove unneeded semicolons	2021-02-09 00:10:50 +11:00
setup_32.c	powerpc: Don't use 'struct ppc_inst' to reference instruction location	2021-06-17 00:09:00 +10:00
setup_64.c	powerpc: rename powerpc_debugfs_root to arch_debugfs_dir	2021-08-13 22:04:26 +10:00
signal.c	entry: rseq: Call rseq_handle_notify_resume() in tracehook_notify_resume()	2021-09-22 10:24:01 -04:00
signal.h	powerpc/signal32: Fix sigset_t copy	2021-11-25 09:48:44 +01:00
signal_32.c	gup: Turn fault_in_pages_{readable,writeable} into fault_in_{readable,writeable}	2022-05-01 17:22:28 +02:00
signal_64.c	gup: Turn fault_in_pages_{readable,writeable} into fault_in_{readable,writeable}	2022-05-01 17:22:28 +02:00
smp-tbsync.c	…
smp.c	powerpc/fadump: Fix inaccurate CPU state info in vmcore generated with panic	2022-01-27 11:05:02 +01:00
stacktrace.c	powerpc/stacktrace: Include linux/delay.h	2021-08-03 22:33:37 +10:00
suspend.c	…
swsusp.c	…
swsusp_32.S	powerpc/mm: Switch obsolete dssall to .long	2022-06-14 18:36:27 +02:00
swsusp_64.c	…
swsusp_asm64.S	powerpc/mm: Switch obsolete dssall to .long	2022-06-14 18:36:27 +02:00
swsusp_booke.S	…
sys_ppc32.c	powerpc: Fix fallocate and fadvise64_64 compat parameter combination	2022-10-26 12:35:22 +02:00
syscalls.c	powerpc: Fix fallocate and fadvise64_64 compat parameter combination	2022-10-26 12:35:22 +02:00
sysfs.c	powerpc/smp: Fix OOPS in topology_init()	2021-08-07 08:53:59 +10:00
systbl.S	powerpc: align syscall table for ppc32	2022-09-08 12:28:03 +02:00
systbl_chk.sh	…
tau_6xx.c	powerpc/tau: Add 'static' storage qualifier to 'tau_work' definition	2021-08-20 17:00:53 +10:00
time.c	powerpc/kcsan: Exclude udelay to prevent recursive instrumentation	2023-03-17 08:49:01 +01:00
tm.S	powerpc/tm: Fix more userspace r13 corruption	2022-07-12 16:35:02 +02:00
traps.c	exit: Add and use make_task_dead.	2023-02-01 08:27:20 +01:00
ucall.S	…
udbg.c	isystem: ship and use stdarg.h	2021-08-19 09:02:55 +09:00
udbg_16550.c	powerpc/microwatt: Use standard 16550 UART for console	2021-06-21 21:16:31 +10:00
uprobes.c	powerpc/64s: avoid reloading (H)SRR registers if they are still valid	2021-06-25 00:06:55 +10:00
vdso.c	powerpc/vdso: Add support for time namespaces	2021-04-14 23:04:44 +10:00
vdso32_wrapper.S	powerpc/vdso: fix unnecessary rebuilds of vgettimeofday.o	2021-01-30 22:23:42 +11:00
vdso64_wrapper.S	powerpc/vdso: fix unnecessary rebuilds of vgettimeofday.o	2021-01-30 22:23:42 +11:00
vecemu.c	…
vector.S	powerpc/32: Remove unneccessary calculations in load_up_{fpu/altivec}	2021-08-18 23:49:55 +10:00
vmlinux.lds.S	powerpc/vmlinux.lds: Don't discard .rela* for relocatable builds	2023-03-17 08:49:03 +01:00
watchdog.c	powerpc/watchdog: Fix missed watchdog reset due to memory ordering race	2022-01-27 11:04:57 +01:00