Buildresult: powerpc-fixes/44x/iss476-smp_defconfig/powerpc-gcc5 built on Jun 10 2022, 01:23
kisskb
Revisions
|
Branches
|
Compilers
|
Configs
|
Build Results
|
Build Failures
|
Status:
OK
Date/Time:
Jun 10 2022, 01:23
Duration:
0:00:24.735839
Builder:
ka4
Revision:
powerpc/32: Fix overread/overwrite of thread_struct via ptrace (
8e1278444446fc97778a5e5c99bca1ce0bbc5ec9)
Target:
powerpc-fixes/44x/iss476-smp_defconfig/powerpc-gcc5
Branch:
powerpc-fixes
Compiler:
powerpc-gcc5
(powerpc64-linux-gcc (GCC) 5.5.0 / GNU ld (GNU Binutils) 2.29.1.20170915)
Config:
44x/iss476-smp_defconfig
(
download
)
Log:
Download original
Possible warnings (4)
WARNING: unmet direct dependencies detected for HOTPLUG_CPU WARNING: unmet direct dependencies detected for HOTPLUG_CPU WARNING: unmet direct dependencies detected for HOTPLUG_CPU WARNING: unmet direct dependencies detected for HOTPLUG_CPU
Full Log
# git rev-parse -q --verify 8e1278444446fc97778a5e5c99bca1ce0bbc5ec9^{commit} 8e1278444446fc97778a5e5c99bca1ce0bbc5ec9 already have revision, skipping fetch # git checkout -q -f -B kisskb 8e1278444446fc97778a5e5c99bca1ce0bbc5ec9 # git clean -qxdf # < git log -1 # commit 8e1278444446fc97778a5e5c99bca1ce0bbc5ec9 # Author: Michael Ellerman <mpe@ellerman.id.au> # Date: Tue Jun 7 00:34:56 2022 +1000 # # powerpc/32: Fix overread/overwrite of thread_struct via ptrace # # The ptrace PEEKUSR/POKEUSR (aka PEEKUSER/POKEUSER) API allows a process # to read/write registers of another process. # # To get/set a register, the API takes an index into an imaginary address # space called the "USER area", where the registers of the process are # laid out in some fashion. # # The kernel then maps that index to a particular register in its own data # structures and gets/sets the value. # # The API only allows a single machine-word to be read/written at a time. # So 4 bytes on 32-bit kernels and 8 bytes on 64-bit kernels. # # The way floating point registers (FPRs) are addressed is somewhat # complicated, because double precision float values are 64-bit even on # 32-bit CPUs. That means on 32-bit kernels each FPR occupies two # word-sized locations in the USER area. On 64-bit kernels each FPR # occupies one word-sized location in the USER area. # # Internally the kernel stores the FPRs in an array of u64s, or if VSX is # enabled, an array of pairs of u64s where one half of each pair stores # the FPR. Which half of the pair stores the FPR depends on the kernel's # endianness. # # To handle the different layouts of the FPRs depending on VSX/no-VSX and # big/little endian, the TS_FPR() macro was introduced. # # Unfortunately the TS_FPR() macro does not take into account the fact # that the addressing of each FPR differs between 32-bit and 64-bit # kernels. It just takes the index into the "USER area" passed from # userspace and indexes into the fp_state.fpr array. # # On 32-bit there are 64 indexes that address FPRs, but only 32 entries in # the fp_state.fpr array, meaning the user can read/write 256 bytes past # the end of the array. Because the fp_state sits in the middle of the # thread_struct there are various fields than can be overwritten, # including some pointers. As such it may be exploitable. # # It has also been observed to cause systems to hang or otherwise # misbehave when using gdbserver, and is probably the root cause of this # report which could not be easily reproduced: # https://lore.kernel.org/linuxppc-dev/dc38afe9-6b78-f3f5-666b-986939e40fc6@keymile.com/ # # Rather than trying to make the TS_FPR() macro even more complicated to # fix the bug, or add more macros, instead add a special-case for 32-bit # kernels. This is more obvious and hopefully avoids a similar bug # happening again in future. # # Note that because 32-bit kernels never have VSX enabled the code doesn't # need to consider TS_FPRWIDTH/OFFSET at all. Add a BUILD_BUG_ON() to # ensure that 32-bit && VSX is never enabled. # # Fixes: 87fec0514f61 ("powerpc: PTRACE_PEEKUSR/PTRACE_POKEUSER of FPR registers in little endian builds") # Cc: stable@vger.kernel.org # v3.13+ # Reported-by: Ariel Miculas <ariel.miculas@belden.com> # Tested-by: Christophe Leroy <christophe.leroy@csgroup.eu> # Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> # Link: https://lore.kernel.org/r/20220609133245.573565-1-mpe@ellerman.id.au # < /opt/cross/kisskb/korg/gcc-5.5.0-nolibc/powerpc64-linux/bin/powerpc64-linux-gcc --version # < /opt/cross/kisskb/korg/gcc-5.5.0-nolibc/powerpc64-linux/bin/powerpc64-linux-ld --version # < git log --format=%s --max-count=1 8e1278444446fc97778a5e5c99bca1ce0bbc5ec9 # < make -s -j 120 ARCH=powerpc O=/kisskb/build/powerpc-fixes_44x_iss476-smp_defconfig_powerpc-gcc5 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-5.5.0-nolibc/powerpc64-linux/bin/powerpc64-linux- 44x/iss476-smp_defconfig WARNING: unmet direct dependencies detected for HOTPLUG_CPU Depends on [n]: SMP [=y] && (PPC_PSERIES [=n] || PPC_PMAC [=n] || PPC_POWERNV [=n] || FSL_SOC_BOOKE [=n]) Selected by [y]: - PM_SLEEP_SMP [=y] && SMP [=y] && (ARCH_SUSPEND_POSSIBLE [=y] || ARCH_HIBERNATION_POSSIBLE [=y]) && PM_SLEEP [=y] WARNING: unmet direct dependencies detected for HOTPLUG_CPU Depends on [n]: SMP [=y] && (PPC_PSERIES [=n] || PPC_PMAC [=n] || PPC_POWERNV [=n] || FSL_SOC_BOOKE [=n]) Selected by [y]: - PM_SLEEP_SMP [=y] && SMP [=y] && (ARCH_SUSPEND_POSSIBLE [=y] || ARCH_HIBERNATION_POSSIBLE [=y]) && PM_SLEEP [=y] # < make -s -j 120 ARCH=powerpc O=/kisskb/build/powerpc-fixes_44x_iss476-smp_defconfig_powerpc-gcc5 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-5.5.0-nolibc/powerpc64-linux/bin/powerpc64-linux- help # make -s -j 120 ARCH=powerpc O=/kisskb/build/powerpc-fixes_44x_iss476-smp_defconfig_powerpc-gcc5 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-5.5.0-nolibc/powerpc64-linux/bin/powerpc64-linux- olddefconfig WARNING: unmet direct dependencies detected for HOTPLUG_CPU Depends on [n]: SMP [=y] && (PPC_PSERIES [=n] || PPC_PMAC [=n] || PPC_POWERNV [=n] || FSL_SOC_BOOKE [=n]) Selected by [y]: - PM_SLEEP_SMP [=y] && SMP [=y] && (ARCH_SUSPEND_POSSIBLE [=y] || ARCH_HIBERNATION_POSSIBLE [=y]) && PM_SLEEP [=y] WARNING: unmet direct dependencies detected for HOTPLUG_CPU Depends on [n]: SMP [=y] && (PPC_PSERIES [=n] || PPC_PMAC [=n] || PPC_POWERNV [=n] || FSL_SOC_BOOKE [=n]) Selected by [y]: - PM_SLEEP_SMP [=y] && SMP [=y] && (ARCH_SUSPEND_POSSIBLE [=y] || ARCH_HIBERNATION_POSSIBLE [=y]) && PM_SLEEP [=y] # make -s -j 120 ARCH=powerpc O=/kisskb/build/powerpc-fixes_44x_iss476-smp_defconfig_powerpc-gcc5 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-5.5.0-nolibc/powerpc64-linux/bin/powerpc64-linux- Completed OK # rm -rf /kisskb/build/powerpc-fixes_44x_iss476-smp_defconfig_powerpc-gcc5 # Build took: 0:00:24.735839
© Michael Ellerman 2006-2018.