# git rev-parse -q --verify 4f3175979e62de3b929bfa54a0db4b87d36257a7^{commit} 4f3175979e62de3b929bfa54a0db4b87d36257a7 already have revision, skipping fetch # git checkout -q -f -B kisskb 4f3175979e62de3b929bfa54a0db4b87d36257a7 # git clean -qxdf # < git log -1 # commit 4f3175979e62de3b929bfa54a0db4b87d36257a7 # Author: Nathan Lynch # Date: Thu Aug 10 22:37:55 2023 -0500 # # powerpc/rtas_flash: allow user copy to flash block cache objects # # With hardened usercopy enabled (CONFIG_HARDENED_USERCOPY=y), using the # /proc/powerpc/rtas/firmware_update interface to prepare a system # firmware update yields a BUG(): # # kernel BUG at mm/usercopy.c:102! # Oops: Exception in kernel mode, sig: 5 [#1] # LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries # Modules linked in: # CPU: 0 PID: 2232 Comm: dd Not tainted 6.5.0-rc3+ #2 # Hardware name: IBM,8408-E8E POWER8E (raw) 0x4b0201 0xf000004 of:IBM,FW860.50 (SV860_146) hv:phyp pSeries # NIP: c0000000005991d0 LR: c0000000005991cc CTR: 0000000000000000 # REGS: c0000000148c76a0 TRAP: 0700 Not tainted (6.5.0-rc3+) # MSR: 8000000000029033 CR: 24002242 XER: 0000000c # CFAR: c0000000001fbd34 IRQMASK: 0 # [ ... GPRs omitted ... ] # NIP usercopy_abort+0xa0/0xb0 # LR usercopy_abort+0x9c/0xb0 # Call Trace: # usercopy_abort+0x9c/0xb0 (unreliable) # __check_heap_object+0x1b4/0x1d0 # __check_object_size+0x2d0/0x380 # rtas_flash_write+0xe4/0x250 # proc_reg_write+0xfc/0x160 # vfs_write+0xfc/0x4e0 # ksys_write+0x90/0x160 # system_call_exception+0x178/0x320 # system_call_common+0x160/0x2c4 # # The blocks of the firmware image are copied directly from user memory # to objects allocated from flash_block_cache, so flash_block_cache must # be created using kmem_cache_create_usercopy() to mark it safe for user # access. # # Fixes: 6d07d1cd300f ("usercopy: Restrict non-usercopy caches to size 0") # Signed-off-by: Nathan Lynch # Reviewed-by: Kees Cook # [mpe: Trim and indent oops] # Signed-off-by: Michael Ellerman # Link: https://msgid.link/20230810-rtas-flash-vs-hardened-usercopy-v2-1-dcf63793a938@linux.ibm.com # < /opt/cross/kisskb/korg/gcc-5.5.0-nolibc/powerpc64-linux/bin/powerpc64-linux-gcc --version # < /opt/cross/kisskb/korg/gcc-5.5.0-nolibc/powerpc64-linux/bin/powerpc64-linux-ld --version # < git log --format=%s --max-count=1 4f3175979e62de3b929bfa54a0db4b87d36257a7 # make -s -j 32 ARCH=powerpc O=/kisskb/build/powerpc-fixes_52xx_tqm5200_defconfig_powerpc-gcc5 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-5.5.0-nolibc/powerpc64-linux/bin/powerpc64-linux- 52xx/tqm5200_defconfig # < make -s -j 32 ARCH=powerpc O=/kisskb/build/powerpc-fixes_52xx_tqm5200_defconfig_powerpc-gcc5 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-5.5.0-nolibc/powerpc64-linux/bin/powerpc64-linux- help # make -s -j 32 ARCH=powerpc O=/kisskb/build/powerpc-fixes_52xx_tqm5200_defconfig_powerpc-gcc5 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-5.5.0-nolibc/powerpc64-linux/bin/powerpc64-linux- olddefconfig # make -s -j 32 ARCH=powerpc O=/kisskb/build/powerpc-fixes_52xx_tqm5200_defconfig_powerpc-gcc5 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-5.5.0-nolibc/powerpc64-linux/bin/powerpc64-linux- Completed OK # rm -rf /kisskb/build/powerpc-fixes_52xx_tqm5200_defconfig_powerpc-gcc5 # Build took: 0:01:00.136006