From: Greg Kroah-Hartman Date: Wed, 26 Aug 2020 10:35:30 +0000 (+0200) Subject: 5.7-stable patches X-Git-Tag: v5.7.19~6 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=00552e5770cdcacacc18cd4069846714849418a3;p=thirdparty%2Fkernel%2Fstable-queue.git 5.7-stable patches added patches: binfmt_flat-revert-binfmt_flat-don-t-offset-the-data-start.patch powerpc-64s-don-t-init-fscr_dscr-in-__init_fscr.patch --- diff --git a/queue-5.7/binfmt_flat-revert-binfmt_flat-don-t-offset-the-data-start.patch b/queue-5.7/binfmt_flat-revert-binfmt_flat-don-t-offset-the-data-start.patch new file mode 100644 index 00000000000..a826bdeca9c --- /dev/null +++ b/queue-5.7/binfmt_flat-revert-binfmt_flat-don-t-offset-the-data-start.patch @@ -0,0 +1,93 @@ +From 2217b982624680d19a80ebb4600d05c8586c4f96 Mon Sep 17 00:00:00 2001 +From: Max Filippov +Date: Sat, 8 Aug 2020 11:37:13 -0700 +Subject: binfmt_flat: revert "binfmt_flat: don't offset the data start" + +From: Max Filippov + +commit 2217b982624680d19a80ebb4600d05c8586c4f96 upstream. + +binfmt_flat loader uses the gap between text and data to store data +segment pointers for the libraries. Even in the absence of shared +libraries it stores at least one pointer to the executable's own data +segment. Text and data can go back to back in the flat binary image and +without offsetting data segment last few instructions in the text +segment may get corrupted by the data segment pointer. + +Fix it by reverting commit a2357223c50a ("binfmt_flat: don't offset the +data start"). + +Cc: stable@vger.kernel.org +Fixes: a2357223c50a ("binfmt_flat: don't offset the data start") +Signed-off-by: Max Filippov +Signed-off-by: Greg Ungerer +Signed-off-by: Greg Kroah-Hartman + +--- + fs/binfmt_flat.c | 20 ++++++++++++-------- + 1 file changed, 12 insertions(+), 8 deletions(-) + +--- a/fs/binfmt_flat.c ++++ b/fs/binfmt_flat.c +@@ -571,7 +571,7 @@ static int load_flat_file(struct linux_b + goto err; + } + +- len = data_len + extra; ++ len = data_len + extra + MAX_SHARED_LIBS * sizeof(unsigned long); + len = PAGE_ALIGN(len); + realdatastart = vm_mmap(NULL, 0, len, + PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE, 0); +@@ -585,7 +585,9 @@ static int load_flat_file(struct linux_b + vm_munmap(textpos, text_len); + goto err; + } +- datapos = ALIGN(realdatastart, FLAT_DATA_ALIGN); ++ datapos = ALIGN(realdatastart + ++ MAX_SHARED_LIBS * sizeof(unsigned long), ++ FLAT_DATA_ALIGN); + + pr_debug("Allocated data+bss+stack (%u bytes): %lx\n", + data_len + bss_len + stack_len, datapos); +@@ -615,7 +617,7 @@ static int load_flat_file(struct linux_b + memp_size = len; + } else { + +- len = text_len + data_len + extra; ++ len = text_len + data_len + extra + MAX_SHARED_LIBS * sizeof(u32); + len = PAGE_ALIGN(len); + textpos = vm_mmap(NULL, 0, len, + PROT_READ | PROT_EXEC | PROT_WRITE, MAP_PRIVATE, 0); +@@ -630,7 +632,9 @@ static int load_flat_file(struct linux_b + } + + realdatastart = textpos + ntohl(hdr->data_start); +- datapos = ALIGN(realdatastart, FLAT_DATA_ALIGN); ++ datapos = ALIGN(realdatastart + ++ MAX_SHARED_LIBS * sizeof(u32), ++ FLAT_DATA_ALIGN); + + reloc = (__be32 __user *) + (datapos + (ntohl(hdr->reloc_start) - text_len)); +@@ -647,9 +651,8 @@ static int load_flat_file(struct linux_b + (text_len + full_data + - sizeof(struct flat_hdr)), + 0); +- if (datapos != realdatastart) +- memmove((void *)datapos, (void *)realdatastart, +- full_data); ++ memmove((void *) datapos, (void *) realdatastart, ++ full_data); + #else + /* + * This is used on MMU systems mainly for testing. +@@ -705,7 +708,8 @@ static int load_flat_file(struct linux_b + if (IS_ERR_VALUE(result)) { + ret = result; + pr_err("Unable to read code+data+bss, errno %d\n", ret); +- vm_munmap(textpos, text_len + data_len + extra); ++ vm_munmap(textpos, text_len + data_len + extra + ++ MAX_SHARED_LIBS * sizeof(u32)); + goto err; + } + } diff --git a/queue-5.7/powerpc-64s-don-t-init-fscr_dscr-in-__init_fscr.patch b/queue-5.7/powerpc-64s-don-t-init-fscr_dscr-in-__init_fscr.patch new file mode 100644 index 00000000000..3c27f6e37f1 --- /dev/null +++ b/queue-5.7/powerpc-64s-don-t-init-fscr_dscr-in-__init_fscr.patch @@ -0,0 +1,79 @@ +From 0828137e8f16721842468e33df0460044a0c588b Mon Sep 17 00:00:00 2001 +From: Michael Ellerman +Date: Thu, 28 May 2020 00:58:40 +1000 +Subject: powerpc/64s: Don't init FSCR_DSCR in __init_FSCR() + +From: Michael Ellerman + +commit 0828137e8f16721842468e33df0460044a0c588b upstream. + +__init_FSCR() was added originally in commit 2468dcf641e4 ("powerpc: +Add support for context switching the TAR register") (Feb 2013), and +only set FSCR_TAR. + +At that point FSCR (Facility Status and Control Register) was not +context switched, so the setting was permanent after boot. + +Later we added initialisation of FSCR_DSCR to __init_FSCR(), in commit +54c9b2253d34 ("powerpc: Set DSCR bit in FSCR setup") (Mar 2013), again +that was permanent after boot. + +Then commit 2517617e0de6 ("powerpc: Fix context switch DSCR on +POWER8") (Aug 2013) added a limited context switch of FSCR, just the +FSCR_DSCR bit was context switched based on thread.dscr_inherit. That +commit said "This clears the H/FSCR DSCR bit initially", but it +didn't, it left the initialisation of FSCR_DSCR in __init_FSCR(). +However the initial context switch from init_task to pid 1 would clear +FSCR_DSCR because thread.dscr_inherit was 0. + +That commit also introduced the requirement that FSCR_DSCR be clear +for user processes, so that we can take the facility unavailable +interrupt in order to manage dscr_inherit. + +Then in commit 152d523e6307 ("powerpc: Create context switch helpers +save_sprs() and restore_sprs()") (Dec 2015) FSCR was added to +thread_struct. However it still wasn't fully context switched, we just +took the existing value and set FSCR_DSCR if the new thread had +dscr_inherit set. FSCR was still initialised at boot to FSCR_DSCR | +FSCR_TAR, but that value was not propagated into the thread_struct, so +the initial context switch set FSCR_DSCR back to 0. + +Finally commit b57bd2de8c6c ("powerpc: Improve FSCR init and context +switching") (Jun 2016) added a full context switch of the FSCR, and +added an initialisation of init_task.thread.fscr to FSCR_TAR | +FSCR_EBB, but omitted FSCR_DSCR. + +The end result is that swapper runs with FSCR_DSCR set because of the +initialisation in __init_FSCR(), but no other processes do, they use +the value from init_task.thread.fscr. + +Having FSCR_DSCR set for swapper allows it to access SPR 3 from +userspace, but swapper never runs userspace, so it has no useful +effect. It's also confusing to have the value initialised in two +places to two different values. + +So remove FSCR_DSCR from __init_FSCR(), this at least gets us to the +point where there's a single value of FSCR, even if it's still set in +two places. + +Signed-off-by: Michael Ellerman +Tested-by: Alistair Popple +Link: https://lore.kernel.org/r/20200527145843.2761782-1-mpe@ellerman.id.au +Cc: Thadeu Lima de Souza Cascardo +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/kernel/cpu_setup_power.S | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/powerpc/kernel/cpu_setup_power.S ++++ b/arch/powerpc/kernel/cpu_setup_power.S +@@ -184,7 +184,7 @@ __init_LPCR_ISA300: + + __init_FSCR: + mfspr r3,SPRN_FSCR +- ori r3,r3,FSCR_TAR|FSCR_DSCR|FSCR_EBB ++ ori r3,r3,FSCR_TAR|FSCR_EBB + mtspr SPRN_FSCR,r3 + blr + diff --git a/queue-5.7/series b/queue-5.7/series index 3eff90c3ce0..8d34931068c 100644 --- a/queue-5.7/series +++ b/queue-5.7/series @@ -11,3 +11,5 @@ net-ena-make-missed_tx-stat-incremental.patch ethtool-fix-preserving-of-wanted-feature-bits-in-netlink-interface.patch ethtool-account-for-hw_features-in-netlink-interface.patch ethtool-don-t-omit-the-netlink-reply-if-no-features-were-changed.patch +powerpc-64s-don-t-init-fscr_dscr-in-__init_fscr.patch +binfmt_flat-revert-binfmt_flat-don-t-offset-the-data-start.patch