tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge branch 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm

Pull ARM fixes from Russell King:
"A number of ARM fixes:

- prevent oopses caused by dma_get_sgtable() and declared DMA
coherent memory

- fix boot failure on nommu caused by ID_PFR1 access

- a number of kprobes fixes from Jon Medhurst and Masami Hiramatsu"

* 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm:
ARM: 8665/1: nommu: access ID_PFR1 only if CPUID scheme
ARM: dma-mapping: disallow dma_get_sgtable() for non-kernel managed memory
arm: kprobes: Align stack to 8-bytes in test code
arm: kprobes: Fix the return address of multiple kretprobes
arm: kprobes: Skip single-stepping in recursing path if possible
arm: kprobes: Allow to handle reentered kprobe on single-stepping

Linus Torvalds 462e9a35 5b50be74

+75 -22
+19 -1
arch/arm/mm/dma-mapping.c
··· 935 935 __arm_dma_free(dev, size, cpu_addr, handle, attrs, true); 936 936 } 937 937 938 + /* 939 + * The whole dma_get_sgtable() idea is fundamentally unsafe - it seems 940 + * that the intention is to allow exporting memory allocated via the 941 + * coherent DMA APIs through the dma_buf API, which only accepts a 942 + * scattertable. This presents a couple of problems: 943 + * 1. Not all memory allocated via the coherent DMA APIs is backed by 944 + * a struct page 945 + * 2. Passing coherent DMA memory into the streaming APIs is not allowed 946 + * as we will try to flush the memory through a different alias to that 947 + * actually being used (and the flushes are redundant.) 948 + */ 938 949 int arm_dma_get_sgtable(struct device *dev, struct sg_table *sgt, 939 950 void *cpu_addr, dma_addr_t handle, size_t size, 940 951 unsigned long attrs) 941 952 { 942 - struct page *page = pfn_to_page(dma_to_pfn(dev, handle)); 953 + unsigned long pfn = dma_to_pfn(dev, handle); 954 + struct page *page; 943 955 int ret; 956 + 957 + /* If the PFN is not valid, we do not have a struct page */ 958 + if (!pfn_valid(pfn)) 959 + return -ENXIO; 960 + 961 + page = pfn_to_page(pfn); 944 962 945 963 ret = sg_alloc_table(sgt, 1, GFP_KERNEL); 946 964 if (unlikely(ret))
+4 -1
arch/arm/mm/nommu.c
··· 303 303 */ 304 304 static inline bool security_extensions_enabled(void) 305 305 { 306 - return !!cpuid_feature_extract(CPUID_EXT_PFR1, 4); 306 + /* Check CPUID Identification Scheme before ID_PFR1 read */ 307 + if ((read_cpuid_id() & 0x000f0000) == 0x000f0000) 308 + return !!cpuid_feature_extract(CPUID_EXT_PFR1, 4); 309 + return 0; 307 310 } 308 311 309 312 static unsigned long __init setup_vectors_base(void)
+44 -17
arch/arm/probes/kprobes/core.c
··· 266 266 #endif 267 267 268 268 if (p) { 269 - if (cur) { 269 + if (!p->ainsn.insn_check_cc(regs->ARM_cpsr)) { 270 + /* 271 + * Probe hit but conditional execution check failed, 272 + * so just skip the instruction and continue as if 273 + * nothing had happened. 274 + * In this case, we can skip recursing check too. 275 + */ 276 + singlestep_skip(p, regs); 277 + } else if (cur) { 270 278 /* Kprobe is pending, so we're recursing. */ 271 279 switch (kcb->kprobe_status) { 272 280 case KPROBE_HIT_ACTIVE: 273 281 case KPROBE_HIT_SSDONE: 282 + case KPROBE_HIT_SS: 274 283 /* A pre- or post-handler probe got us here. */ 275 284 kprobes_inc_nmissed_count(p); 276 285 save_previous_kprobe(kcb); ··· 288 279 singlestep(p, regs, kcb); 289 280 restore_previous_kprobe(kcb); 290 281 break; 282 + case KPROBE_REENTER: 283 + /* A nested probe was hit in FIQ, it is a BUG */ 284 + pr_warn("Unrecoverable kprobe detected at %p.\n", 285 + p->addr); 286 + /* fall through */ 291 287 default: 292 288 /* impossible cases */ 293 289 BUG(); 294 290 } 295 - } else if (p->ainsn.insn_check_cc(regs->ARM_cpsr)) { 291 + } else { 296 292 /* Probe hit and conditional execution check ok. */ 297 293 set_current_kprobe(p); 298 294 kcb->kprobe_status = KPROBE_HIT_ACTIVE; ··· 318 304 } 319 305 reset_current_kprobe(); 320 306 } 321 - } else { 322 - /* 323 - * Probe hit but conditional execution check failed, 324 - * so just skip the instruction and continue as if 325 - * nothing had happened. 326 - */ 327 - singlestep_skip(p, regs); 328 307 } 329 308 } else if (cur) { 330 309 /* We probably hit a jprobe. Call its break handler. */ ··· 441 434 struct hlist_node *tmp; 442 435 unsigned long flags, orig_ret_address = 0; 443 436 unsigned long trampoline_address = (unsigned long)&kretprobe_trampoline; 437 + kprobe_opcode_t *correct_ret_addr = NULL; 444 438 445 439 INIT_HLIST_HEAD(&empty_rp); 446 440 kretprobe_hash_lock(current, &head, &flags); ··· 464 456 /* another task is sharing our hash bucket */ 465 457 continue; 466 458 467 - if (ri->rp && ri->rp->handler) { 468 - __this_cpu_write(current_kprobe, &ri->rp->kp); 469 - get_kprobe_ctlblk()->kprobe_status = KPROBE_HIT_ACTIVE; 470 - ri->rp->handler(ri, regs); 471 - __this_cpu_write(current_kprobe, NULL); 472 - } 473 - 474 459 orig_ret_address = (unsigned long)ri->ret_addr; 475 - recycle_rp_inst(ri, &empty_rp); 476 460 477 461 if (orig_ret_address != trampoline_address) 478 462 /* ··· 476 476 } 477 477 478 478 kretprobe_assert(ri, orig_ret_address, trampoline_address); 479 + 480 + correct_ret_addr = ri->ret_addr; 481 + hlist_for_each_entry_safe(ri, tmp, head, hlist) { 482 + if (ri->task != current) 483 + /* another task is sharing our hash bucket */ 484 + continue; 485 + 486 + orig_ret_address = (unsigned long)ri->ret_addr; 487 + if (ri->rp && ri->rp->handler) { 488 + __this_cpu_write(current_kprobe, &ri->rp->kp); 489 + get_kprobe_ctlblk()->kprobe_status = KPROBE_HIT_ACTIVE; 490 + ri->ret_addr = correct_ret_addr; 491 + ri->rp->handler(ri, regs); 492 + __this_cpu_write(current_kprobe, NULL); 493 + } 494 + 495 + recycle_rp_inst(ri, &empty_rp); 496 + 497 + if (orig_ret_address != trampoline_address) 498 + /* 499 + * This is the real return address. Any other 500 + * instances associated with this task are for 501 + * other calls deeper on the call stack 502 + */ 503 + break; 504 + } 505 + 479 506 kretprobe_hash_unlock(current, &flags); 480 507 481 508 hlist_for_each_entry_safe(ri, tmp, &empty_rp, hlist) {
+8 -3
arch/arm/probes/kprobes/test-core.c
··· 977 977 void __naked __kprobes_test_case_start(void) 978 978 { 979 979 __asm__ __volatile__ ( 980 - "stmdb sp!, {r4-r11} \n\t" 980 + "mov r2, sp \n\t" 981 + "bic r3, r2, #7 \n\t" 982 + "mov sp, r3 \n\t" 983 + "stmdb sp!, {r2-r11} \n\t" 981 984 "sub sp, sp, #"__stringify(TEST_MEMORY_SIZE)"\n\t" 982 985 "bic r0, lr, #1 @ r0 = inline data \n\t" 983 986 "mov r1, sp \n\t" ··· 1000 997 "movne pc, r0 \n\t" 1001 998 "mov r0, r4 \n\t" 1002 999 "add sp, sp, #"__stringify(TEST_MEMORY_SIZE)"\n\t" 1003 - "ldmia sp!, {r4-r11} \n\t" 1000 + "ldmia sp!, {r2-r11} \n\t" 1001 + "mov sp, r2 \n\t" 1004 1002 "mov pc, r0 \n\t" 1005 1003 ); 1006 1004 } ··· 1017 1013 "bxne r0 \n\t" 1018 1014 "mov r0, r4 \n\t" 1019 1015 "add sp, sp, #"__stringify(TEST_MEMORY_SIZE)"\n\t" 1020 - "ldmia sp!, {r4-r11} \n\t" 1016 + "ldmia sp!, {r2-r11} \n\t" 1017 + "mov sp, r2 \n\t" 1021 1018 "bx r0 \n\t" 1022 1019 ); 1023 1020 }