From 9dba44aaf80908a6d7ca5d0bd52710273d7f64e7 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Wed, 5 Oct 2016 12:25:14 +0200 Subject: [PATCH] 4.4-stable patches added patches: mips-fix-uretprobe-implementation.patch mips-malta-fix-iocu-disable-switch-read-for-mips64.patch mips-uprobes-fix-use-of-uninitialised-variable.patch mips-uprobes-remove-incorrect-set_orig_insn.patch --- .../mips-fix-uretprobe-implementation.patch | 34 +++++++++ ...-iocu-disable-switch-read-for-mips64.patch | 74 +++++++++++++++++++ ...es-fix-use-of-uninitialised-variable.patch | 48 ++++++++++++ ...robes-remove-incorrect-set_orig_insn.patch | 65 ++++++++++++++++ queue-4.4/series | 4 + 5 files changed, 225 insertions(+) create mode 100644 queue-4.4/mips-fix-uretprobe-implementation.patch create mode 100644 queue-4.4/mips-malta-fix-iocu-disable-switch-read-for-mips64.patch create mode 100644 queue-4.4/mips-uprobes-fix-use-of-uninitialised-variable.patch create mode 100644 queue-4.4/mips-uprobes-remove-incorrect-set_orig_insn.patch diff --git a/queue-4.4/mips-fix-uretprobe-implementation.patch b/queue-4.4/mips-fix-uretprobe-implementation.patch new file mode 100644 index 00000000000..c68bbcb1e83 --- /dev/null +++ b/queue-4.4/mips-fix-uretprobe-implementation.patch @@ -0,0 +1,34 @@ +From db06068a4fd44a57b642b369d2a295b8448f6b65 Mon Sep 17 00:00:00 2001 +From: Marcin Nowakowski +Date: Thu, 22 Sep 2016 15:38:31 +0200 +Subject: MIPS: fix uretprobe implementation + +From: Marcin Nowakowski + +commit db06068a4fd44a57b642b369d2a295b8448f6b65 upstream. + +arch_uretprobe_hijack_return_addr should replace the return address for +a call with a trampoline address. + +Signed-off-by: Marcin Nowakowski +Fixes: 40e084a506eb ('MIPS: Add uprobes support.') +Cc: linux-mips@linux-mips.org +Patchwork: https://patchwork.linux-mips.org/patch/14298/ +Signed-off-by: Ralf Baechle +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/kernel/uprobes.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/mips/kernel/uprobes.c ++++ b/arch/mips/kernel/uprobes.c +@@ -257,7 +257,7 @@ unsigned long arch_uretprobe_hijack_retu + ra = regs->regs[31]; + + /* Replace the return address with the trampoline address */ +- regs->regs[31] = ra; ++ regs->regs[31] = trampoline_vaddr; + + return ra; + } diff --git a/queue-4.4/mips-malta-fix-iocu-disable-switch-read-for-mips64.patch b/queue-4.4/mips-malta-fix-iocu-disable-switch-read-for-mips64.patch new file mode 100644 index 00000000000..6727d95d0b3 --- /dev/null +++ b/queue-4.4/mips-malta-fix-iocu-disable-switch-read-for-mips64.patch @@ -0,0 +1,74 @@ +From 305723ab439e14debc1d339aa04e835d488b8253 Mon Sep 17 00:00:00 2001 +From: Paul Burton +Date: Fri, 2 Sep 2016 16:07:10 +0100 +Subject: MIPS: Malta: Fix IOCU disable switch read for MIPS64 + +From: Paul Burton + +commit 305723ab439e14debc1d339aa04e835d488b8253 upstream. + +Malta boards used with CPU emulators feature a switch to disable use of +an IOCU. Software has to check this switch & ignore any present IOCU if +the switch is closed. The read used to do this was unsafe for 64 bit +kernels, as it simply casted the address 0xbf403000 to a pointer & +dereferenced it. Whilst in a 32 bit kernel this would access kseg1, in a +64 bit kernel this attempts to access xuseg & results in an address +error exception. + +Fix by accessing a correctly formed ckseg1 address generated using the +CKSEG1ADDR macro. + +Whilst modifying this code, define the name of the register and the bit +we care about within it, which indicates whether PCI DMA is routed to +the IOCU or straight to DRAM. The code previously checked that bit 0 was +also set, but the least significant 7 bits of the CONFIG_GEN0 register +contain the value of the MReqInfo signal provided to the IOCU OCP bus, +so singling out bit 0 makes little sense & that part of the check is +dropped. + +Signed-off-by: Paul Burton +Fixes: b6d92b4a6bdb ("MIPS: Add option to disable software I/O coherency.") +Cc: Matt Redfearn +Cc: Masahiro Yamada +Cc: Kees Cook +Cc: linux-mips@linux-mips.org +Cc: linux-kernel@vger.kernel.org +Patchwork: https://patchwork.linux-mips.org/patch/14187/ +Signed-off-by: Ralf Baechle +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/mti-malta/malta-setup.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +--- a/arch/mips/mti-malta/malta-setup.c ++++ b/arch/mips/mti-malta/malta-setup.c +@@ -39,6 +39,9 @@ + #include + #endif + ++#define ROCIT_CONFIG_GEN0 0x1f403000 ++#define ROCIT_CONFIG_GEN0_PCI_IOCU BIT(7) ++ + extern void malta_be_init(void); + extern int malta_be_handler(struct pt_regs *regs, int is_fixup); + +@@ -107,6 +110,8 @@ static void __init fd_activate(void) + static int __init plat_enable_iocoherency(void) + { + int supported = 0; ++ u32 cfg; ++ + if (mips_revision_sconid == MIPS_REVISION_SCON_BONITO) { + if (BONITO_PCICACHECTRL & BONITO_PCICACHECTRL_CPUCOH_PRES) { + BONITO_PCICACHECTRL |= BONITO_PCICACHECTRL_CPUCOH_EN; +@@ -129,7 +134,8 @@ static int __init plat_enable_iocoherenc + } else if (mips_cm_numiocu() != 0) { + /* Nothing special needs to be done to enable coherency */ + pr_info("CMP IOCU detected\n"); +- if ((*(unsigned int *)0xbf403000 & 0x81) != 0x81) { ++ cfg = __raw_readl((u32 *)CKSEG1ADDR(ROCIT_CONFIG_GEN0)); ++ if (!(cfg & ROCIT_CONFIG_GEN0_PCI_IOCU)) { + pr_crit("IOCU OPERATION DISABLED BY SWITCH - DEFAULTING TO SW IO COHERENCY\n"); + return 0; + } diff --git a/queue-4.4/mips-uprobes-fix-use-of-uninitialised-variable.patch b/queue-4.4/mips-uprobes-fix-use-of-uninitialised-variable.patch new file mode 100644 index 00000000000..aae3ba0d1b7 --- /dev/null +++ b/queue-4.4/mips-uprobes-fix-use-of-uninitialised-variable.patch @@ -0,0 +1,48 @@ +From ca86c9ef2b322ebf24772009fdea037688cbdac1 Mon Sep 17 00:00:00 2001 +From: Marcin Nowakowski +Date: Thu, 22 Sep 2016 15:38:33 +0200 +Subject: MIPS: uprobes: fix use of uninitialised variable + +From: Marcin Nowakowski + +commit ca86c9ef2b322ebf24772009fdea037688cbdac1 upstream. + +arch_uprobe_pre_xol needs to emulate a branch if a branch instruction +has been replaced with a breakpoint, but in fact an uninitialised local +variable was passed to the emulator routine instead of the original +instruction + +Signed-off-by: Marcin Nowakowski +Fixes: 40e084a506eb ('MIPS: Add uprobes support.') +Cc: linux-mips@linux-mips.org +Patchwork: https://patchwork.linux-mips.org/patch/14300/ +Signed-off-by: Ralf Baechle +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/kernel/uprobes.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +--- a/arch/mips/kernel/uprobes.c ++++ b/arch/mips/kernel/uprobes.c +@@ -157,7 +157,6 @@ bool is_trap_insn(uprobe_opcode_t *insn) + int arch_uprobe_pre_xol(struct arch_uprobe *aup, struct pt_regs *regs) + { + struct uprobe_task *utask = current->utask; +- union mips_instruction insn; + + /* + * Now find the EPC where to resume after the breakpoint has been +@@ -168,10 +167,10 @@ int arch_uprobe_pre_xol(struct arch_upro + unsigned long epc; + + epc = regs->cp0_epc; +- __compute_return_epc_for_insn(regs, insn); ++ __compute_return_epc_for_insn(regs, ++ (union mips_instruction) aup->insn[0]); + aup->resume_epc = regs->cp0_epc; + } +- + utask->autask.saved_trap_nr = current->thread.trap_nr; + current->thread.trap_nr = UPROBE_TRAP_NR; + regs->cp0_epc = current->utask->xol_vaddr; diff --git a/queue-4.4/mips-uprobes-remove-incorrect-set_orig_insn.patch b/queue-4.4/mips-uprobes-remove-incorrect-set_orig_insn.patch new file mode 100644 index 00000000000..6b3e5dbec2f --- /dev/null +++ b/queue-4.4/mips-uprobes-remove-incorrect-set_orig_insn.patch @@ -0,0 +1,65 @@ +From ddabfa5c2e33f1b495f3e0176de7057850915c0b Mon Sep 17 00:00:00 2001 +From: Marcin Nowakowski +Date: Thu, 22 Sep 2016 15:38:32 +0200 +Subject: MIPS: uprobes: remove incorrect set_orig_insn + +From: Marcin Nowakowski + +commit ddabfa5c2e33f1b495f3e0176de7057850915c0b upstream. + +Generic kernel code implements a weak version of set_orig_insn that +moves cached 'insn' from arch_uprobe to the original code location when +the trap is removed. +MIPS variant used arch_uprobe->orig_inst which was never initialised +properly, so this code only inserted a nop instead of the original +instruction. With that change orig_inst can also be safely removed. + +Signed-off-by: Marcin Nowakowski +Fixes: 40e084a506eb ('MIPS: Add uprobes support.') +Cc: linux-mips@linux-mips.org +Patchwork: https://patchwork.linux-mips.org/patch/14299/ +Signed-off-by: Ralf Baechle +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/include/asm/uprobes.h | 1 - + arch/mips/kernel/uprobes.c | 18 ------------------ + 2 files changed, 19 deletions(-) + +--- a/arch/mips/include/asm/uprobes.h ++++ b/arch/mips/include/asm/uprobes.h +@@ -36,7 +36,6 @@ struct arch_uprobe { + unsigned long resume_epc; + u32 insn[2]; + u32 ixol[2]; +- union mips_instruction orig_inst[MAX_UINSN_BYTES / 4]; + }; + + struct arch_uprobe_task { +--- a/arch/mips/kernel/uprobes.c ++++ b/arch/mips/kernel/uprobes.c +@@ -280,24 +280,6 @@ int __weak set_swbp(struct arch_uprobe * + return uprobe_write_opcode(mm, vaddr, UPROBE_SWBP_INSN); + } + +-/** +- * set_orig_insn - Restore the original instruction. +- * @mm: the probed process address space. +- * @auprobe: arch specific probepoint information. +- * @vaddr: the virtual address to insert the opcode. +- * +- * For mm @mm, restore the original opcode (opcode) at @vaddr. +- * Return 0 (success) or a negative errno. +- * +- * This overrides the weak version in kernel/events/uprobes.c. +- */ +-int set_orig_insn(struct arch_uprobe *auprobe, struct mm_struct *mm, +- unsigned long vaddr) +-{ +- return uprobe_write_opcode(mm, vaddr, +- *(uprobe_opcode_t *)&auprobe->orig_inst[0].word); +-} +- + void __weak arch_uprobe_copy_ixol(struct page *page, unsigned long vaddr, + void *src, unsigned long len) + { diff --git a/queue-4.4/series b/queue-4.4/series index 06a1ae15052..87922439ef2 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -30,3 +30,7 @@ gpio-sa1100-fix-irq-probing-for-ucb1x00.patch irqchip-gicv3-silence-noisy-debug_per_cpu_maps-warning.patch arm-8618-1-decompressor-reset-ttbcr-fields-to-use-ttbr0-on-armv7.patch arm64-debug-avoid-resetting-stepping-state-machine-when-tif_singlestep.patch +mips-uprobes-remove-incorrect-set_orig_insn.patch +mips-fix-uretprobe-implementation.patch +mips-malta-fix-iocu-disable-switch-read-for-mips64.patch +mips-uprobes-fix-use-of-uninitialised-variable.patch -- 2.47.3