# git rev-parse -q --verify 8e1278444446fc97778a5e5c99bca1ce0bbc5ec9^{commit} 8e1278444446fc97778a5e5c99bca1ce0bbc5ec9 already have revision, skipping fetch # git checkout -q -f -B kisskb 8e1278444446fc97778a5e5c99bca1ce0bbc5ec9 # git clean -qxdf # < git log -1 # commit 8e1278444446fc97778a5e5c99bca1ce0bbc5ec9 # Author: Michael Ellerman # Date: Tue Jun 7 00:34:56 2022 +1000 # # powerpc/32: Fix overread/overwrite of thread_struct via ptrace # # The ptrace PEEKUSR/POKEUSR (aka PEEKUSER/POKEUSER) API allows a process # to read/write registers of another process. # # To get/set a register, the API takes an index into an imaginary address # space called the "USER area", where the registers of the process are # laid out in some fashion. # # The kernel then maps that index to a particular register in its own data # structures and gets/sets the value. # # The API only allows a single machine-word to be read/written at a time. # So 4 bytes on 32-bit kernels and 8 bytes on 64-bit kernels. # # The way floating point registers (FPRs) are addressed is somewhat # complicated, because double precision float values are 64-bit even on # 32-bit CPUs. That means on 32-bit kernels each FPR occupies two # word-sized locations in the USER area. On 64-bit kernels each FPR # occupies one word-sized location in the USER area. # # Internally the kernel stores the FPRs in an array of u64s, or if VSX is # enabled, an array of pairs of u64s where one half of each pair stores # the FPR. Which half of the pair stores the FPR depends on the kernel's # endianness. # # To handle the different layouts of the FPRs depending on VSX/no-VSX and # big/little endian, the TS_FPR() macro was introduced. # # Unfortunately the TS_FPR() macro does not take into account the fact # that the addressing of each FPR differs between 32-bit and 64-bit # kernels. It just takes the index into the "USER area" passed from # userspace and indexes into the fp_state.fpr array. # # On 32-bit there are 64 indexes that address FPRs, but only 32 entries in # the fp_state.fpr array, meaning the user can read/write 256 bytes past # the end of the array. Because the fp_state sits in the middle of the # thread_struct there are various fields than can be overwritten, # including some pointers. As such it may be exploitable. # # It has also been observed to cause systems to hang or otherwise # misbehave when using gdbserver, and is probably the root cause of this # report which could not be easily reproduced: # https://lore.kernel.org/linuxppc-dev/dc38afe9-6b78-f3f5-666b-986939e40fc6@keymile.com/ # # Rather than trying to make the TS_FPR() macro even more complicated to # fix the bug, or add more macros, instead add a special-case for 32-bit # kernels. This is more obvious and hopefully avoids a similar bug # happening again in future. # # Note that because 32-bit kernels never have VSX enabled the code doesn't # need to consider TS_FPRWIDTH/OFFSET at all. Add a BUILD_BUG_ON() to # ensure that 32-bit && VSX is never enabled. # # Fixes: 87fec0514f61 ("powerpc: PTRACE_PEEKUSR/PTRACE_POKEUSER of FPR registers in little endian builds") # Cc: stable@vger.kernel.org # v3.13+ # Reported-by: Ariel Miculas # Tested-by: Christophe Leroy # Signed-off-by: Michael Ellerman # Link: https://lore.kernel.org/r/20220609133245.573565-1-mpe@ellerman.id.au # < /opt/cross/kisskb/korg/gcc-11.1.0-nolibc/powerpc64-linux/bin/powerpc64-linux-gcc --version # < /opt/cross/kisskb/korg/gcc-11.1.0-nolibc/powerpc64-linux/bin/powerpc64-linux-ld --version # < git log --format=%s --max-count=1 8e1278444446fc97778a5e5c99bca1ce0bbc5ec9 # < make -s -j 120 ARCH=powerpc O=/kisskb/build/powerpc-fixes_powerpc-allyesconfig_powerpc-gcc11 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-11.1.0-nolibc/powerpc64-linux/bin/powerpc64-linux- allyesconfig # Added to kconfig CONFIG_PROFILE_ALL_BRANCHES=n # Added to kconfig CONFIG_ENABLE_WARN_DEPRECATED=n # Added to kconfig CONFIG_ENABLE_MUST_CHECK=n # Added to kconfig CONFIG_DEBUG_INFO=n # Added to kconfig CONFIG_BUILD_DOCSRC=n # Added to kconfig CONFIG_MODULE_SIG=n # < make -s -j 120 ARCH=powerpc O=/kisskb/build/powerpc-fixes_powerpc-allyesconfig_powerpc-gcc11 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-11.1.0-nolibc/powerpc64-linux/bin/powerpc64-linux- help # make -s -j 120 ARCH=powerpc O=/kisskb/build/powerpc-fixes_powerpc-allyesconfig_powerpc-gcc11 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-11.1.0-nolibc/powerpc64-linux/bin/powerpc64-linux- olddefconfig # make -s -j 120 ARCH=powerpc O=/kisskb/build/powerpc-fixes_powerpc-allyesconfig_powerpc-gcc11 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-11.1.0-nolibc/powerpc64-linux/bin/powerpc64-linux- /kisskb/src/arch/powerpc/boot/dts/mgcoge.dts:230.14-234.7: Warning (spi_bus_reg): /soc@f0000000/cpm@119c0/spi@11aa0/ds3106@1: SPI bus unit address format error, expected "0" /kisskb/src/arch/powerpc/boot/dts/stxssa8555.dts:340.15-349.5: Warning (pci_device_reg): /pci@e0008000/i8259@19000: PCI unit address format error, expected "12,0" /kisskb/src/arch/powerpc/boot/dts/stxssa8555.dts:329.3-21: Warning (pci_device_bus_num): /pci@e0008000/i8259@19000:bus-range: PCI bus number 1 out of range, expected (0 - 0) /kisskb/src/arch/powerpc/boot/dts/mpc8610_hpcd.dts:420.3-21: Warning (pci_device_bus_num): /pcie@e000a000/pcie@0:bus-range: PCI bus number 0 out of range, expected (1 - 3) /kisskb/src/arch/powerpc/boot/dts/fsl/pq3-mpic.dtsi:38.2-25: Warning (interrupts_property): /soc@ffe00000/mdio@24000/ethernet-phy@0:#interrupt-cells: size is (8), expected multiple of 16 /kisskb/src/arch/powerpc/boot/dts/fsl/pq3-mpic.dtsi:38.2-25: Warning (interrupts_property): /soc@ffe00000/mdio@24000/ethernet-phy@1:#interrupt-cells: size is (8), expected multiple of 16 /kisskb/src/arch/powerpc/boot/dts/fsl/pq3-mpic.dtsi:38.2-25: Warning (interrupts_property): /soc@fffe00000/mdio@24000/ethernet-phy@0:#interrupt-cells: size is (8), expected multiple of 16 /kisskb/src/arch/powerpc/boot/dts/fsl/pq3-mpic.dtsi:38.2-25: Warning (interrupts_property): /soc@fffe00000/mdio@24000/ethernet-phy@1:#interrupt-cells: size is (8), expected multiple of 16 /kisskb/src/arch/powerpc/boot/dts/fsl/ppa8548.dts:34.22-37.4: Warning (pci_bridge): /pci@fe0008000: missing ranges for PCI bridge (or not a bridge) also defined at /kisskb/src/arch/powerpc/boot/dts/fsl/mpc8548si-post.dtsi:43.7-51.3 /kisskb/src/arch/powerpc/boot/dts/fsl/ppa8548.dts:39.22-42.4: Warning (pci_bridge): /pci@fe0009000: missing ranges for PCI bridge (or not a bridge) also defined at /kisskb/src/arch/powerpc/boot/dts/fsl/mpc8548si-post.dtsi:54.7-62.3 /kisskb/src/arch/powerpc/boot/dts/fsl/ppa8548.dts:44.23-47.4: Warning (pci_bridge): /pcie@fe000a000: missing ranges for PCI bridge (or not a bridge) also defined at /kisskb/src/arch/powerpc/boot/dts/fsl/mpc8548si-post.dtsi:65.7-90.3 /kisskb/src/arch/powerpc/boot/dts/fsl/mpc8548si-post.dtsi:74.9-89.4: Warning (pci_bridge): /pcie@fe000a000/pcie@0: missing ranges for PCI bridge (or not a bridge) arch/powerpc/boot/dts/fsl/ppa8548.dtb: Warning (unit_address_format): Failed prerequisite 'pci_bridge' arch/powerpc/boot/dts/fsl/ppa8548.dtb: Warning (pci_device_reg): Failed prerequisite 'pci_bridge' arch/powerpc/boot/dts/fsl/ppa8548.dtb: Warning (pci_device_bus_num): Failed prerequisite 'pci_bridge' /kisskb/src/arch/powerpc/boot/dts/fsl/kmcoge4.dts:196.23-198.4: Warning (pci_bridge): /pcie@ffe201000: missing ranges for PCI bridge (or not a bridge) also defined at /kisskb/src/arch/powerpc/boot/dts/fsl/p2041si-post.dtsi:87.7-113.3 /kisskb/src/arch/powerpc/boot/dts/fsl/p2041si-post.dtsi:97.9-112.4: Warning (pci_bridge): /pcie@ffe201000/pcie@0: missing ranges for PCI bridge (or not a bridge) arch/powerpc/boot/dts/fsl/kmcoge4.dtb: Warning (unit_address_format): Failed prerequisite 'pci_bridge' arch/powerpc/boot/dts/fsl/kmcoge4.dtb: Warning (pci_device_reg): Failed prerequisite 'pci_bridge' arch/powerpc/boot/dts/fsl/kmcoge4.dtb: Warning (pci_device_bus_num): Failed prerequisite 'pci_bridge' /kisskb/src/arch/powerpc/boot/dts/fsl/p1020rdb-pd.dts:189.11-193.6: Warning (spi_bus_reg): /soc@ffe00000/spi@7000/slic@0: SPI bus unit address format error, expected "1" /kisskb/src/arch/powerpc/boot/dts/fsl/p1020rdb-pd.dts:195.11-199.6: Warning (spi_bus_reg): /soc@ffe00000/spi@7000/slic@1: SPI bus unit address format error, expected "2" /kisskb/src/arch/powerpc/boot/dts/bluestone.dts:272.13-277.7: Warning (i2c_bus_reg): /plb/opb/i2c@ef600700/sttm@4C: I2C bus unit address format error, expected "4c" /kisskb/src/arch/powerpc/boot/dts/fsl/mpc8555cds.dts:341.15-350.5: Warning (pci_device_reg): /pci@e0008000/i8259@19000: PCI unit address format error, expected "12,0" /kisskb/src/arch/powerpc/boot/dts/fsl/mpc8555cds.dts:330.3-21: Warning (pci_device_bus_num): /pci@e0008000/i8259@19000:bus-range: PCI bus number 1 out of range, expected (0 - 0) /kisskb/src/arch/powerpc/boot/dts/fsl/pq3-mpic.dtsi:38.2-25: Warning (interrupts_property): /soc@ffe00000/mdio@24000/ethernet-phy@0:#interrupt-cells: size is (8), expected multiple of 16 /kisskb/src/arch/powerpc/boot/dts/fsl/pq3-mpic.dtsi:38.2-25: Warning (interrupts_property): /soc@ffe00000/mdio@24000/ethernet-phy@1:#interrupt-cells: size is (8), expected multiple of 16 /kisskb/src/arch/powerpc/boot/dts/fsl/gef_sbc610.dts:209.22-211.4: Warning (pci_bridge): /pcie@fef09000: missing ranges for PCI bridge (or not a bridge) also defined at /kisskb/src/arch/powerpc/boot/dts/fsl/mpc8641si-post.dtsi:119.7-144.3 /kisskb/src/arch/powerpc/boot/dts/fsl/mpc8641si-post.dtsi:129.9-143.4: Warning (pci_bridge): /pcie@fef09000/pcie@0: missing ranges for PCI bridge (or not a bridge) arch/powerpc/boot/dts/fsl/gef_sbc610.dtb: Warning (unit_address_format): Failed prerequisite 'pci_bridge' arch/powerpc/boot/dts/fsl/gef_sbc610.dtb: Warning (pci_device_reg): Failed prerequisite 'pci_bridge' arch/powerpc/boot/dts/fsl/gef_sbc610.dtb: Warning (pci_device_bus_num): Failed prerequisite 'pci_bridge' /kisskb/src/arch/powerpc/boot/dts/mpc5121.dtsi:457.13-466.5: Warning (spi_bus_bridge): /soc@80000000/psc@11900: node name for SPI buses should be 'spi' also defined at /kisskb/src/arch/powerpc/boot/dts/pdm360ng.dts:172.13-185.5 arch/powerpc/boot/dts/pdm360ng.dtb: Warning (spi_bus_reg): Failed prerequisite 'spi_bus_bridge' /kisskb/src/arch/powerpc/boot/dts/fsl/gef_ppc9a.dts:211.22-213.4: Warning (pci_bridge): /pcie@fef09000: missing ranges for PCI bridge (or not a bridge) also defined at /kisskb/src/arch/powerpc/boot/dts/fsl/mpc8641si-post.dtsi:119.7-144.3 /kisskb/src/arch/powerpc/boot/dts/fsl/mpc8641si-post.dtsi:129.9-143.4: Warning (pci_bridge): /pcie@fef09000/pcie@0: missing ranges for PCI bridge (or not a bridge) arch/powerpc/boot/dts/fsl/gef_ppc9a.dtb: Warning (unit_address_format): Failed prerequisite 'pci_bridge' arch/powerpc/boot/dts/fsl/gef_ppc9a.dtb: Warning (pci_device_reg): Failed prerequisite 'pci_bridge' arch/powerpc/boot/dts/fsl/gef_ppc9a.dtb: Warning (pci_device_bus_num): Failed prerequisite 'pci_bridge' /kisskb/src/arch/powerpc/boot/dts/fsl/oca4080.dts:132.23-134.4: Warning (pci_bridge): /pcie@ffe200000: missing ranges for PCI bridge (or not a bridge) also defined at /kisskb/src/arch/powerpc/boot/dts/fsl/p4080si-post.dtsi:58.7-84.3 /kisskb/src/arch/powerpc/boot/dts/fsl/p4080si-post.dtsi:68.9-83.4: Warning (pci_bridge): /pcie@ffe200000/pcie@0: missing ranges for PCI bridge (or not a bridge) /kisskb/src/arch/powerpc/boot/dts/fsl/oca4080.dts:136.23-138.4: Warning (pci_bridge): /pcie@ffe201000: missing ranges for PCI bridge (or not a bridge) also defined at /kisskb/src/arch/powerpc/boot/dts/fsl/p4080si-post.dtsi:87.7-113.3 /kisskb/src/arch/powerpc/boot/dts/fsl/p4080si-post.dtsi:97.9-112.4: Warning (pci_bridge): /pcie@ffe201000/pcie@0: missing ranges for PCI bridge (or not a bridge) /kisskb/src/arch/powerpc/boot/dts/fsl/oca4080.dts:140.23-142.4: Warning (pci_bridge): /pcie@ffe202000: missing ranges for PCI bridge (or not a bridge) also defined at /kisskb/src/arch/powerpc/boot/dts/fsl/p4080si-post.dtsi:116.7-142.3 /kisskb/src/arch/powerpc/boot/dts/fsl/p4080si-post.dtsi:126.9-141.4: Warning (pci_bridge): /pcie@ffe202000/pcie@0: missing ranges for PCI bridge (or not a bridge) arch/powerpc/boot/dts/fsl/oca4080.dtb: Warning (unit_address_format): Failed prerequisite 'pci_bridge' arch/powerpc/boot/dts/fsl/oca4080.dtb: Warning (pci_device_reg): Failed prerequisite 'pci_bridge' arch/powerpc/boot/dts/fsl/oca4080.dtb: Warning (pci_device_bus_num): Failed prerequisite 'pci_bridge' /kisskb/src/arch/powerpc/boot/dts/fsl/pq3-mpic.dtsi:38.2-25: Warning (interrupts_property): /soc@fffe00000/mdio@24000/ethernet-phy@0:#interrupt-cells: size is (8), expected multiple of 16 /kisskb/src/arch/powerpc/boot/dts/fsl/pq3-mpic.dtsi:38.2-25: Warning (interrupts_property): /soc@fffe00000/mdio@24000/ethernet-phy@1:#interrupt-cells: size is (8), expected multiple of 16 /kisskb/src/arch/powerpc/boot/dts/fsl/p2020rdb-pc_32b.dts:59.22-62.4: Warning (pci_bridge): /pcie@ffe08000: missing ranges for PCI bridge (or not a bridge) also defined at /kisskb/src/arch/powerpc/boot/dts/fsl/p2020si-post.dtsi:100.7-126.3 /kisskb/src/arch/powerpc/boot/dts/fsl/p2020si-post.dtsi:109.9-125.4: Warning (pci_bridge): /pcie@ffe08000/pcie@0: missing ranges for PCI bridge (or not a bridge) arch/powerpc/boot/dts/fsl/p2020rdb-pc_32b.dtb: Warning (unit_address_format): Failed prerequisite 'pci_bridge' arch/powerpc/boot/dts/fsl/p2020rdb-pc_32b.dtb: Warning (pci_device_reg): Failed prerequisite 'pci_bridge' arch/powerpc/boot/dts/fsl/p2020rdb-pc_32b.dtb: Warning (pci_device_bus_num): Failed prerequisite 'pci_bridge' /kisskb/src/arch/powerpc/boot/dts/fsl/p2020rdb-pc_36b.dts:59.23-62.4: Warning (pci_bridge): /pcie@fffe08000: missing ranges for PCI bridge (or not a bridge) also defined at /kisskb/src/arch/powerpc/boot/dts/fsl/p2020si-post.dtsi:100.7-126.3 /kisskb/src/arch/powerpc/boot/dts/fsl/p2020si-post.dtsi:109.9-125.4: Warning (pci_bridge): /pcie@fffe08000/pcie@0: missing ranges for PCI bridge (or not a bridge) arch/powerpc/boot/dts/fsl/p2020rdb-pc_36b.dtb: Warning (unit_address_format): Failed prerequisite 'pci_bridge' arch/powerpc/boot/dts/fsl/p2020rdb-pc_36b.dtb: Warning (pci_device_reg): Failed prerequisite 'pci_bridge' arch/powerpc/boot/dts/fsl/p2020rdb-pc_36b.dtb: Warning (pci_device_bus_num): Failed prerequisite 'pci_bridge' /kisskb/src/arch/powerpc/boot/dts/fsl/p2020rdb.dts:251.22-254.4: Warning (pci_bridge): /pcie@ffe08000: missing ranges for PCI bridge (or not a bridge) also defined at /kisskb/src/arch/powerpc/boot/dts/fsl/p2020si-post.dtsi:43.7-68.3 /kisskb/src/arch/powerpc/boot/dts/fsl/p2020si-post.dtsi:52.9-67.4: Warning (pci_bridge): /pcie@ffe08000/pcie@0: missing ranges for PCI bridge (or not a bridge) arch/powerpc/boot/dts/fsl/p2020rdb.dtb: Warning (unit_address_format): Failed prerequisite 'pci_bridge' arch/powerpc/boot/dts/fsl/p2020rdb.dtb: Warning (pci_device_reg): Failed prerequisite 'pci_bridge' arch/powerpc/boot/dts/fsl/p2020rdb.dtb: Warning (pci_device_bus_num): Failed prerequisite 'pci_bridge' /kisskb/src/arch/powerpc/boot/dts/fsl/mpc8541cds.dts:341.15-350.5: Warning (pci_device_reg): /pci@e0008000/i8259@19000: PCI unit address format error, expected "12,0" /kisskb/src/arch/powerpc/boot/dts/fsl/mpc8541cds.dts:330.3-21: Warning (pci_device_bus_num): /pci@e0008000/i8259@19000:bus-range: PCI bus number 1 out of range, expected (0 - 0) /kisskb/src/arch/powerpc/boot/dts/fsl/mvme7100.dts:135.22-137.4: Warning (pci_bridge): /pcie@f1008000: missing ranges for PCI bridge (or not a bridge) also defined at /kisskb/src/arch/powerpc/boot/dts/fsl/mpc8641si-post.dtsi:92.7-117.3 /kisskb/src/arch/powerpc/boot/dts/fsl/mpc8641si-post.dtsi:102.9-116.4: Warning (pci_bridge): /pcie@f1008000/pcie@0: missing ranges for PCI bridge (or not a bridge) /kisskb/src/arch/powerpc/boot/dts/fsl/mvme7100.dts:139.22-141.4: Warning (pci_bridge): /pcie@f1009000: missing ranges for PCI bridge (or not a bridge) also defined at /kisskb/src/arch/powerpc/boot/dts/fsl/mpc8641si-post.dtsi:119.7-144.3 /kisskb/src/arch/powerpc/boot/dts/fsl/mpc8641si-post.dtsi:129.9-143.4: Warning (pci_bridge): /pcie@f1009000/pcie@0: missing ranges for PCI bridge (or not a bridge) arch/powerpc/boot/dts/fsl/mvme7100.dtb: Warning (unit_address_format): Failed prerequisite 'pci_bridge' arch/powerpc/boot/dts/fsl/mvme7100.dtb: Warning (pci_device_reg): Failed prerequisite 'pci_bridge' arch/powerpc/boot/dts/fsl/mvme7100.dtb: Warning (pci_device_bus_num): Failed prerequisite 'pci_bridge' /kisskb/src/arch/powerpc/boot/dts/fsl/mvme7100.dts:30.11-32.6: Warning (i2c_bus_reg): /soc@f1000000/i2c@3000/rtc@68: missing or empty reg property /kisskb/src/arch/powerpc/boot/dts/mpc5121.dtsi:397.13-406.5: Warning (spi_bus_bridge): /soc@80000000/psc@11400: node name for SPI buses should be 'spi' also defined at /kisskb/src/arch/powerpc/boot/dts/ac14xx.dts:305.19-326.5 /kisskb/src/arch/powerpc/boot/dts/mpc5121.dtsi:409.13-418.5: Warning (spi_bus_bridge): /soc@80000000/psc@11500: node name for SPI buses should be 'spi' also defined at /kisskb/src/arch/powerpc/boot/dts/ac14xx.dts:329.19-344.5 arch/powerpc/boot/dts/ac14xx.dtb: Warning (spi_bus_reg): Failed prerequisite 'spi_bus_bridge' Error: External symbol 'memset' referenced from prom_init.c make[3]: *** [/kisskb/src/arch/powerpc/kernel/Makefile:204: arch/powerpc/kernel/prom_init_check] Error 1 make[3]: *** Waiting for unfinished jobs.... make[2]: *** [/kisskb/src/scripts/Makefile.build:500: arch/powerpc/kernel] Error 2 make[1]: *** [/kisskb/src/Makefile:1839: arch/powerpc] Error 2 make[1]: *** Waiting for unfinished jobs.... make: *** [Makefile:219: __sub-make] Error 2 Command 'make -s -j 120 ARCH=powerpc O=/kisskb/build/powerpc-fixes_powerpc-allyesconfig_powerpc-gcc11 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-11.1.0-nolibc/powerpc64-linux/bin/powerpc64-linux- ' returned non-zero exit status 2 # rm -rf /kisskb/build/powerpc-fixes_powerpc-allyesconfig_powerpc-gcc11 # Build took: 0:07:41.046285