1. 23 6月, 2017 6 次提交
  2. 15 6月, 2017 2 次提交
  3. 12 6月, 2017 1 次提交
  4. 09 6月, 2017 1 次提交
  5. 02 6月, 2017 2 次提交
  6. 27 5月, 2017 3 次提交
    • T
      x86/ftrace: Make sure that ftrace trampolines are not RWX · 6ee98ffe
      Thomas Gleixner 提交于
      ftrace use module_alloc() to allocate trampoline pages. The mapping of
      module_alloc() is RWX, which makes sense as the memory is written to right
      after allocation. But nothing makes these pages RO after writing to them.
      
      Add proper set_memory_rw/ro() calls to protect the trampolines after
      modification.
      
      Link: http://lkml.kernel.org/r/alpine.DEB.2.20.1705251056410.1862@nanosSigned-off-by: NThomas Gleixner <tglx@linutronix.de>
      Signed-off-by: NSteven Rostedt (VMware) <rostedt@goodmis.org>
      6ee98ffe
    • S
      x86/mm/ftrace: Do not bug in early boot on irqs_disabled in cpu_flush_range() · a53276e2
      Steven Rostedt (VMware) 提交于
      With function tracing starting in early bootup and having its trampoline
      pages being read only, a bug triggered with the following:
      
      kernel BUG at arch/x86/mm/pageattr.c:189!
      invalid opcode: 0000 [#1] SMP
      Modules linked in:
      CPU: 0 PID: 0 Comm: swapper Not tainted 4.12.0-rc2-test+ #3
      Hardware name: MSI MS-7823/CSM-H87M-G43 (MS-7823), BIOS V1.6 02/22/2014
      task: ffffffffb4222500 task.stack: ffffffffb4200000
      RIP: 0010:change_page_attr_set_clr+0x269/0x302
      RSP: 0000:ffffffffb4203c88 EFLAGS: 00010046
      RAX: 0000000000000046 RBX: 0000000000000000 RCX: 00000001b6000000
      RDX: ffffffffb4203d40 RSI: 0000000000000000 RDI: ffffffffb4240d60
      RBP: ffffffffb4203d18 R08: 00000001b6000000 R09: 0000000000000001
      R10: ffffffffb4203aa8 R11: 0000000000000003 R12: ffffffffc029b000
      R13: ffffffffb4203d40 R14: 0000000000000001 R15: 0000000000000000
      FS:  0000000000000000(0000) GS:ffff9a639ea00000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: ffff9a636b384000 CR3: 00000001ea21d000 CR4: 00000000000406b0
      Call Trace:
       change_page_attr_clear+0x1f/0x21
       set_memory_ro+0x1e/0x20
       arch_ftrace_update_trampoline+0x207/0x21c
       ? ftrace_caller+0x64/0x64
       ? 0xffffffffc029b000
       ftrace_startup+0xf4/0x198
       register_ftrace_function+0x26/0x3c
       function_trace_init+0x5e/0x73
       tracer_init+0x1e/0x23
       tracing_set_tracer+0x127/0x15a
       register_tracer+0x19b/0x1bc
       init_function_trace+0x90/0x92
       early_trace_init+0x236/0x2b3
       start_kernel+0x200/0x3f5
       x86_64_start_reservations+0x29/0x2b
       x86_64_start_kernel+0x17c/0x18f
       secondary_startup_64+0x9f/0x9f
       ? secondary_startup_64+0x9f/0x9f
      
      Interrupts should not be enabled at this early in the boot process. It is
      also fine to leave interrupts enabled during this time as there's only one
      CPU running, and on_each_cpu() means to only run on the current CPU.
      
      If early_boot_irqs_disabled is set, it is safe to run cpu_flush_range() with
      interrupts disabled. Don't trigger a BUG_ON() in that case.
      
      Link: http://lkml.kernel.org/r/20170526093717.0be3b849@gandalf.local.homeSuggested-by: NThomas Gleixner <tglx@linutronix.de>
      Signed-off-by: NSteven Rostedt (VMware) <rostedt@goodmis.org>
      a53276e2
    • M
      kprobes/x86: Fix to set RWX bits correctly before releasing trampoline · c93f5cf5
      Masami Hiramatsu 提交于
      Fix kprobes to set(recover) RWX bits correctly on trampoline
      buffer before releasing it. Releasing readonly page to
      module_memfree() crash the kernel.
      
      Without this fix, if kprobes user register a bunch of kprobes
      in function body (since kprobes on function entry usually
      use ftrace) and unregister it, kernel hits a BUG and crash.
      
      Link: http://lkml.kernel.org/r/149570868652.3518.14120169373590420503.stgit@devboxSigned-off-by: NMasami Hiramatsu <mhiramat@kernel.org>
      Fixes: d0381c81 ("kprobes/x86: Set kprobes pages read-only")
      Signed-off-by: NSteven Rostedt (VMware) <rostedt@goodmis.org>
      c93f5cf5
  7. 26 5月, 2017 1 次提交
  8. 25 5月, 2017 5 次提交
  9. 24 5月, 2017 6 次提交
  10. 23 5月, 2017 5 次提交
  11. 22 5月, 2017 5 次提交
    • L
      x86: fix 32-bit case of __get_user_asm_u64() · 33c9e972
      Linus Torvalds 提交于
      The code to fetch a 64-bit value from user space was entirely buggered,
      and has been since the code was merged in early 2016 in commit
      b2f68038 ("x86/mm/32: Add support for 64-bit __get_user() on 32-bit
      kernels").
      
      Happily the buggered routine is almost certainly entirely unused, since
      the normal way to access user space memory is just with the non-inlined
      "get_user()", and the inlined version didn't even historically exist.
      
      The normal "get_user()" case is handled by external hand-written asm in
      arch/x86/lib/getuser.S that doesn't have either of these issues.
      
      There were two independent bugs in __get_user_asm_u64():
      
       - it still did the STAC/CLAC user space access marking, even though
         that is now done by the wrapper macros, see commit 11f1a4b9
         ("x86: reorganize SMAP handling in user space accesses").
      
         This didn't result in a semantic error, it just means that the
         inlined optimized version was hugely less efficient than the
         allegedly slower standard version, since the CLAC/STAC overhead is
         quite high on modern Intel CPU's.
      
       - the double register %eax/%edx was marked as an output, but the %eax
         part of it was touched early in the asm, and could thus clobber other
         inputs to the asm that gcc didn't expect it to touch.
      
         In particular, that meant that the generated code could look like
         this:
      
              mov    (%eax),%eax
              mov    0x4(%eax),%edx
      
         where the load of %edx obviously was _supposed_ to be from the 32-bit
         word that followed the source of %eax, but because %eax was
         overwritten by the first instruction, the source of %edx was
         basically random garbage.
      
      The fixes are trivial: remove the extraneous STAC/CLAC entries, and mark
      the 64-bit output as early-clobber to let gcc know that no inputs should
      alias with the output register.
      
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: Benjamin LaHaise <bcrl@kvack.org>
      Cc: Ingo Molnar <mingo@kernel.org>
      Cc: stable@kernel.org   # v4.8+
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      33c9e972
    • L
      Clean up x86 unsafe_get/put_user() type handling · 334a023e
      Linus Torvalds 提交于
      Al noticed that unsafe_put_user() had type problems, and fixed them in
      commit a7cc722f ("fix unsafe_put_user()"), which made me look more
      at those functions.
      
      It turns out that unsafe_get_user() had a type issue too: it limited the
      largest size of the type it could handle to "unsigned long".  Which is
      fine with the current users, but doesn't match our existing normal
      get_user() semantics, which can also handle "u64" even when that does
      not fit in a long.
      
      While at it, also clean up the type cast in unsafe_put_user().  We
      actually want to just make it an assignment to the expected type of the
      pointer, because we actually do want warnings from types that don't
      convert silently.  And it makes the code more readable by not having
      that one very long and complex line.
      
      [ This patch might become stable material if we ever end up back-porting
        any new users of the unsafe uaccess code, but as things stand now this
        doesn't matter for any current existing uses. ]
      
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      334a023e
    • B
      x86/MCE: Export memory_error() · 2d1f4061
      Borislav Petkov 提交于
      Export the function which checks whether an MCE is a memory error to
      other users so that we can reuse the logic. Drop the boot_cpu_data use,
      while at it, as mce.cpuvendor already has the CPU vendor in there.
      
      Integrate a piece from a patch from Vishal Verma
      <vishal.l.verma@intel.com> to export it for modules (nfit).
      
      The main reason we're exporting it is that the nfit handler
      nfit_handle_mce() needs to detect a memory error properly before doing
      its recovery actions.
      Signed-off-by: NBorislav Petkov <bp@suse.de>
      Cc: Tony Luck <tony.luck@intel.com>
      Cc: Vishal Verma <vishal.l.verma@intel.com>
      Cc: <stable@vger.kernel.org>
      Link: http://lkml.kernel.org/r/20170519093915.15413-2-bp@alien8.deSigned-off-by: NThomas Gleixner <tglx@linutronix.de>
      2d1f4061
    • A
      osf_wait4(): fix infoleak · a8c39544
      Al Viro 提交于
      failing sys_wait4() won't fill struct rusage...
      
      Cc: stable@vger.kernel.org
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      a8c39544
    • A
      fix unsafe_put_user() · a7cc722f
      Al Viro 提交于
      __put_user_size() relies upon its first argument having the same type as what
      the second one points to; the only other user makes sure of that and
      unsafe_put_user() should do the same.
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      a7cc722f
  12. 21 5月, 2017 1 次提交
  13. 20 5月, 2017 2 次提交
新手
引导
客服 返回
顶部