--- /dev/null
+From 2217b982624680d19a80ebb4600d05c8586c4f96 Mon Sep 17 00:00:00 2001
+From: Max Filippov <jcmvbkbc@gmail.com>
+Date: Sat, 8 Aug 2020 11:37:13 -0700
+Subject: binfmt_flat: revert "binfmt_flat: don't offset the data start"
+
+From: Max Filippov <jcmvbkbc@gmail.com>
+
+commit 2217b982624680d19a80ebb4600d05c8586c4f96 upstream.
+
+binfmt_flat loader uses the gap between text and data to store data
+segment pointers for the libraries. Even in the absence of shared
+libraries it stores at least one pointer to the executable's own data
+segment. Text and data can go back to back in the flat binary image and
+without offsetting data segment last few instructions in the text
+segment may get corrupted by the data segment pointer.
+
+Fix it by reverting commit a2357223c50a ("binfmt_flat: don't offset the
+data start").
+
+Cc: stable@vger.kernel.org
+Fixes: a2357223c50a ("binfmt_flat: don't offset the data start")
+Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
+Signed-off-by: Greg Ungerer <gerg@linux-m68k.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/binfmt_flat.c | 20 ++++++++++++--------
+ 1 file changed, 12 insertions(+), 8 deletions(-)
+
+--- a/fs/binfmt_flat.c
++++ b/fs/binfmt_flat.c
+@@ -571,7 +571,7 @@ static int load_flat_file(struct linux_b
+ goto err;
+ }
+
+- len = data_len + extra;
++ len = data_len + extra + MAX_SHARED_LIBS * sizeof(unsigned long);
+ len = PAGE_ALIGN(len);
+ realdatastart = vm_mmap(NULL, 0, len,
+ PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE, 0);
+@@ -585,7 +585,9 @@ static int load_flat_file(struct linux_b
+ vm_munmap(textpos, text_len);
+ goto err;
+ }
+- datapos = ALIGN(realdatastart, FLAT_DATA_ALIGN);
++ datapos = ALIGN(realdatastart +
++ MAX_SHARED_LIBS * sizeof(unsigned long),
++ FLAT_DATA_ALIGN);
+
+ pr_debug("Allocated data+bss+stack (%u bytes): %lx\n",
+ data_len + bss_len + stack_len, datapos);
+@@ -615,7 +617,7 @@ static int load_flat_file(struct linux_b
+ memp_size = len;
+ } else {
+
+- len = text_len + data_len + extra;
++ len = text_len + data_len + extra + MAX_SHARED_LIBS * sizeof(u32);
+ len = PAGE_ALIGN(len);
+ textpos = vm_mmap(NULL, 0, len,
+ PROT_READ | PROT_EXEC | PROT_WRITE, MAP_PRIVATE, 0);
+@@ -630,7 +632,9 @@ static int load_flat_file(struct linux_b
+ }
+
+ realdatastart = textpos + ntohl(hdr->data_start);
+- datapos = ALIGN(realdatastart, FLAT_DATA_ALIGN);
++ datapos = ALIGN(realdatastart +
++ MAX_SHARED_LIBS * sizeof(u32),
++ FLAT_DATA_ALIGN);
+
+ reloc = (__be32 __user *)
+ (datapos + (ntohl(hdr->reloc_start) - text_len));
+@@ -647,9 +651,8 @@ static int load_flat_file(struct linux_b
+ (text_len + full_data
+ - sizeof(struct flat_hdr)),
+ 0);
+- if (datapos != realdatastart)
+- memmove((void *)datapos, (void *)realdatastart,
+- full_data);
++ memmove((void *) datapos, (void *) realdatastart,
++ full_data);
+ #else
+ /*
+ * This is used on MMU systems mainly for testing.
+@@ -705,7 +708,8 @@ static int load_flat_file(struct linux_b
+ if (IS_ERR_VALUE(result)) {
+ ret = result;
+ pr_err("Unable to read code+data+bss, errno %d\n", ret);
+- vm_munmap(textpos, text_len + data_len + extra);
++ vm_munmap(textpos, text_len + data_len + extra +
++ MAX_SHARED_LIBS * sizeof(u32));
+ goto err;
+ }
+ }
--- /dev/null
+From 0828137e8f16721842468e33df0460044a0c588b Mon Sep 17 00:00:00 2001
+From: Michael Ellerman <mpe@ellerman.id.au>
+Date: Thu, 28 May 2020 00:58:40 +1000
+Subject: powerpc/64s: Don't init FSCR_DSCR in __init_FSCR()
+
+From: Michael Ellerman <mpe@ellerman.id.au>
+
+commit 0828137e8f16721842468e33df0460044a0c588b upstream.
+
+__init_FSCR() was added originally in commit 2468dcf641e4 ("powerpc:
+Add support for context switching the TAR register") (Feb 2013), and
+only set FSCR_TAR.
+
+At that point FSCR (Facility Status and Control Register) was not
+context switched, so the setting was permanent after boot.
+
+Later we added initialisation of FSCR_DSCR to __init_FSCR(), in commit
+54c9b2253d34 ("powerpc: Set DSCR bit in FSCR setup") (Mar 2013), again
+that was permanent after boot.
+
+Then commit 2517617e0de6 ("powerpc: Fix context switch DSCR on
+POWER8") (Aug 2013) added a limited context switch of FSCR, just the
+FSCR_DSCR bit was context switched based on thread.dscr_inherit. That
+commit said "This clears the H/FSCR DSCR bit initially", but it
+didn't, it left the initialisation of FSCR_DSCR in __init_FSCR().
+However the initial context switch from init_task to pid 1 would clear
+FSCR_DSCR because thread.dscr_inherit was 0.
+
+That commit also introduced the requirement that FSCR_DSCR be clear
+for user processes, so that we can take the facility unavailable
+interrupt in order to manage dscr_inherit.
+
+Then in commit 152d523e6307 ("powerpc: Create context switch helpers
+save_sprs() and restore_sprs()") (Dec 2015) FSCR was added to
+thread_struct. However it still wasn't fully context switched, we just
+took the existing value and set FSCR_DSCR if the new thread had
+dscr_inherit set. FSCR was still initialised at boot to FSCR_DSCR |
+FSCR_TAR, but that value was not propagated into the thread_struct, so
+the initial context switch set FSCR_DSCR back to 0.
+
+Finally commit b57bd2de8c6c ("powerpc: Improve FSCR init and context
+switching") (Jun 2016) added a full context switch of the FSCR, and
+added an initialisation of init_task.thread.fscr to FSCR_TAR |
+FSCR_EBB, but omitted FSCR_DSCR.
+
+The end result is that swapper runs with FSCR_DSCR set because of the
+initialisation in __init_FSCR(), but no other processes do, they use
+the value from init_task.thread.fscr.
+
+Having FSCR_DSCR set for swapper allows it to access SPR 3 from
+userspace, but swapper never runs userspace, so it has no useful
+effect. It's also confusing to have the value initialised in two
+places to two different values.
+
+So remove FSCR_DSCR from __init_FSCR(), this at least gets us to the
+point where there's a single value of FSCR, even if it's still set in
+two places.
+
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Tested-by: Alistair Popple <alistair@popple.id.au>
+Link: https://lore.kernel.org/r/20200527145843.2761782-1-mpe@ellerman.id.au
+Cc: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/powerpc/kernel/cpu_setup_power.S | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/powerpc/kernel/cpu_setup_power.S
++++ b/arch/powerpc/kernel/cpu_setup_power.S
+@@ -184,7 +184,7 @@ __init_LPCR_ISA300:
+
+ __init_FSCR:
+ mfspr r3,SPRN_FSCR
+- ori r3,r3,FSCR_TAR|FSCR_DSCR|FSCR_EBB
++ ori r3,r3,FSCR_TAR|FSCR_EBB
+ mtspr SPRN_FSCR,r3
+ blr
+
ethtool-fix-preserving-of-wanted-feature-bits-in-netlink-interface.patch
ethtool-account-for-hw_features-in-netlink-interface.patch
ethtool-don-t-omit-the-netlink-reply-if-no-features-were-changed.patch
+powerpc-64s-don-t-init-fscr_dscr-in-__init_fscr.patch
+binfmt_flat-revert-binfmt_flat-don-t-offset-the-data-start.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
