https://github.com/torvalds/linux
Revision 8832317f662c06f5c06e638f57bfe89a71c9b266 authored by Vasant Hegde on 16 October 2015, 10:23:29 UTC, committed by Michael Ellerman on 22 October 2015, 00:03:25 UTC
Currently we do not validate rtas.entry before calling enter_rtas(). This
leads to a kernel oops when user space calls rtas system call on a powernv
platform (see below). This patch adds code to validate rtas.entry before
making enter_rtas() call.
Oops: Exception in kernel mode, sig: 4 [#1]
SMP NR_CPUS=1024 NUMA PowerNV
task: c000000004294b80 ti: c0000007e1a78000 task.ti: c0000007e1a78000
NIP: 0000000000000000 LR: 0000000000009c14 CTR: c000000000423140
REGS: c0000007e1a7b920 TRAP: 0e40 Not tainted (3.18.17-340.el7_1.pkvm3_1_0.2400.1.ppc64le)
MSR: 1000000000081000 <HV,ME> CR: 00000000 XER: 00000000
CFAR: c000000000009c0c SOFTE: 0
NIP [0000000000000000] (null)
LR [0000000000009c14] 0x9c14
Call Trace:
[c0000007e1a7bba0] [c00000000041a7f4] avc_has_perm_noaudit+0x54/0x110 (unreliable)
[c0000007e1a7bd80] [c00000000002ddc0] ppc_rtas+0x150/0x2d0
[c0000007e1a7be30] [c000000000009358] syscall_exit+0x0/0x98
Cc: stable@vger.kernel.org # v3.2+
Fixes: 55190f88789a ("powerpc: Add skeleton PowerNV platform")
Reported-by: NAGESWARA R. SASTRY <nasastry@in.ibm.com>
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
[mpe: Reword change log, trim oops, and add stable + fixes]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
1 parent 53c656c
Tip revision: 8832317f662c06f5c06e638f57bfe89a71c9b266 authored by Vasant Hegde on 16 October 2015, 10:23:29 UTC
powerpc/rtas: Validate rtas.entry before calling enter_rtas()
powerpc/rtas: Validate rtas.entry before calling enter_rtas()
Tip revision: 8832317
| File | Mode | Size |
|---|---|---|
| 9p | ||
| adfs | ||
| affs | ||
| afs | ||
| autofs4 | ||
| befs | ||
| bfs | ||
| btrfs | ||
| cachefiles | ||
| ceph | ||
| cifs | ||
| coda | ||
| configfs | ||
| cramfs | ||
| debugfs | ||
| devpts | ||
| dlm | ||
| ecryptfs | ||
| efivarfs | ||
| efs | ||
| exofs | ||
| exportfs | ||
| ext2 | ||
| ext4 | ||
| f2fs | ||
| fat | ||
| freevxfs | ||
| fscache | ||
| fuse | ||
| gfs2 | ||
| hfs | ||
| hfsplus | ||
| hostfs | ||
| hpfs | ||
| hugetlbfs | ||
| isofs | ||
| jbd2 | ||
| jffs2 | ||
| jfs | ||
| kernfs | ||
| lockd | ||
| logfs | ||
| minix | ||
| ncpfs | ||
| nfs | ||
| nfs_common | ||
| nfsd | ||
| nilfs2 | ||
| nls | ||
| notify | ||
| ntfs | ||
| ocfs2 | ||
| omfs | ||
| openpromfs | ||
| overlayfs | ||
| proc | ||
| pstore | ||
| qnx4 | ||
| qnx6 | ||
| quota | ||
| ramfs | ||
| reiserfs | ||
| romfs | ||
| squashfs | ||
| sysfs | ||
| sysv | ||
| tracefs | ||
| ubifs | ||
| udf | ||
| ufs | ||
| xfs | ||
| Kconfig | -rw-r--r-- | 6.4 KB |
| Kconfig.binfmt | -rw-r--r-- | 7.0 KB |
| Makefile | -rw-r--r-- | 4.1 KB |
| aio.c | -rw-r--r-- | 43.0 KB |
| anon_inodes.c | -rw-r--r-- | 4.9 KB |
| attr.c | -rw-r--r-- | 7.9 KB |
| bad_inode.c | -rw-r--r-- | 4.7 KB |
| binfmt_aout.c | -rw-r--r-- | 10.8 KB |
| binfmt_elf.c | -rw-r--r-- | 60.4 KB |
| binfmt_elf_fdpic.c | -rw-r--r-- | 46.9 KB |
| binfmt_em86.c | -rw-r--r-- | 2.8 KB |
| binfmt_flat.c | -rw-r--r-- | 26.4 KB |
| binfmt_misc.c | -rw-r--r-- | 17.5 KB |
| binfmt_script.c | -rw-r--r-- | 3.0 KB |
| block_dev.c | -rw-r--r-- | 45.8 KB |
| buffer.c | -rw-r--r-- | 89.4 KB |
| char_dev.c | -rw-r--r-- | 13.3 KB |
| compat.c | -rw-r--r-- | 37.2 KB |
| compat_binfmt_elf.c | -rw-r--r-- | 3.7 KB |
| compat_ioctl.c | -rw-r--r-- | 45.5 KB |
| coredump.c | -rw-r--r-- | 19.2 KB |
| dax.c | -rw-r--r-- | 21.7 KB |
| dcache.c | -rw-r--r-- | 89.4 KB |
| dcookies.c | -rw-r--r-- | 6.9 KB |
| direct-io.c | -rw-r--r-- | 37.7 KB |
| drop_caches.c | -rw-r--r-- | 1.6 KB |
| eventfd.c | -rw-r--r-- | 11.2 KB |
| eventpoll.c | -rw-r--r-- | 59.0 KB |
| exec.c | -rw-r--r-- | 40.7 KB |
| fcntl.c | -rw-r--r-- | 16.6 KB |
| fhandle.c | -rw-r--r-- | 6.5 KB |
| file.c | -rw-r--r-- | 22.4 KB |
| file_table.c | -rw-r--r-- | 8.5 KB |
| filesystems.c | -rw-r--r-- | 6.4 KB |
| fs-writeback.c | -rw-r--r-- | 66.9 KB |
| fs_pin.c | -rw-r--r-- | 2.0 KB |
| fs_struct.c | -rw-r--r-- | 3.3 KB |
| inode.c | -rw-r--r-- | 52.8 KB |
| internal.h | -rw-r--r-- | 3.6 KB |
| ioctl.c | -rw-r--r-- | 15.7 KB |
| libfs.c | -rw-r--r-- | 30.4 KB |
| locks.c | -rw-r--r-- | 69.6 KB |
| mbcache.c | -rw-r--r-- | 24.1 KB |
| mount.h | -rw-r--r-- | 3.5 KB |
| mpage.c | -rw-r--r-- | 20.0 KB |
| namei.c | -rw-r--r-- | 114.6 KB |
| namespace.c | -rw-r--r-- | 81.5 KB |
| no-block.c | -rw-r--r-- | 688 bytes |
| nsfs.c | -rw-r--r-- | 3.7 KB |
| open.c | -rw-r--r-- | 26.9 KB |
| pipe.c | -rw-r--r-- | 25.0 KB |
| pnode.c | -rw-r--r-- | 11.2 KB |
| pnode.h | -rw-r--r-- | 1.8 KB |
| posix_acl.c | -rw-r--r-- | 19.9 KB |
| proc_namespace.c | -rw-r--r-- | 7.7 KB |
| read_write.c | -rw-r--r-- | 28.9 KB |
| readdir.c | -rw-r--r-- | 6.9 KB |
| select.c | -rw-r--r-- | 25.4 KB |
| seq_file.c | -rw-r--r-- | 22.5 KB |
| signalfd.c | -rw-r--r-- | 9.2 KB |
| splice.c | -rw-r--r-- | 46.2 KB |
| stack.c | -rw-r--r-- | 2.5 KB |
| stat.c | -rw-r--r-- | 12.0 KB |
| statfs.c | -rw-r--r-- | 5.3 KB |
| super.c | -rw-r--r-- | 35.0 KB |
| sync.c | -rw-r--r-- | 9.7 KB |
| timerfd.c | -rw-r--r-- | 13.0 KB |
| userfaultfd.c | -rw-r--r-- | 34.9 KB |
| utimes.c | -rw-r--r-- | 5.9 KB |
| xattr.c | -rw-r--r-- | 22.7 KB |
Computing file changes ...
