ARM: 6166/1: Proper prefetch abort handling on pre-ARMv6

Instruction faults on pre-ARMv6 CPUs are interpreted as a 'translation fault', but do_translation_fault doesn't handle well if user mode trying to run instruction above TASK_SIZE, and result in the infinite retry of that instruction. CC: <stable@kernel.org> Signed-off-by: N Anfei Zhou <anfei.zhou@gmail.com> Signed-off-by: N Russell King <rmk+kernel@arm.linux.org.uk>

ARM: 6166/1: Proper prefetch abort handling on pre-ARMv6
Instruction faults on pre-ARMv6 CPUs are interpreted as a 'translation fault', but do_translation_fault doesn't handle well if user mode trying to run instruction above TASK_SIZE, and result in the infinite retry of that instruction. CC: <stable@kernel.org> Signed-off-by: N Anfei Zhou <anfei.zhou@gmail.com> Signed-off-by: N Russell King <rmk+kernel@arm.linux.org.uk>
5e27fb78 · Anfei · Russell King · 17ebba1f · 5e27fb78
隐藏空白更改
内联并排

Showing with 3 addition and 0 deletion

arch/arm/mm/fault.c arch/arm/mm/fault.c +3 -0

未找到文件。
--- a/arch/arm/mm/fault.c
+++ b/arch/arm/mm/fault.c
@@ -393,6 +393,9 @@ do_translation_fault(unsigned long addr, unsigned int fsr,
 	if (addr < TASK_SIZE)
 		return do_page_fault(addr, fsr, regs);

+	if (user_mode(regs))
+		goto bad_area;
+
 	index = pgd_index(addr);

 	/*