From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 19 Apr 2021 12:23:58 +0000 (+0200)
Subject: 4.14-stable patches
X-Git-Tag: v5.4.114~11
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3a35a67ef4d7afd41a55559fbe501fcd26353cd8;p=thirdparty%2Fkernel%2Fstable-queue.git

4.14-stable patches

added patches:
	arm-9071-1-uprobes-don-t-hook-on-thumb-instructions.patch
---

diff --git a/queue-4.14/arm-9071-1-uprobes-don-t-hook-on-thumb-instructions.patch b/queue-4.14/arm-9071-1-uprobes-don-t-hook-on-thumb-instructions.patch
new file mode 100644
index 00000000000..32369fe6908
--- /dev/null
+++ b/queue-4.14/arm-9071-1-uprobes-don-t-hook-on-thumb-instructions.patch
@@ -0,0 +1,48 @@
+From d2f7eca60b29006285d57c7035539e33300e89e5 Mon Sep 17 00:00:00 2001
+From: Fredrik Strupe <fredrik@strupe.net>
+Date: Mon, 5 Apr 2021 21:52:05 +0100
+Subject: ARM: 9071/1: uprobes: Don't hook on thumb instructions
+
+From: Fredrik Strupe <fredrik@strupe.net>
+
+commit d2f7eca60b29006285d57c7035539e33300e89e5 upstream.
+
+Since uprobes is not supported for thumb, check that the thumb bit is
+not set when matching the uprobes instruction hooks.
+
+The Arm UDF instructions used for uprobes triggering
+(UPROBE_SWBP_ARM_INSN and UPROBE_SS_ARM_INSN) coincidentally share the
+same encoding as a pair of unallocated 32-bit thumb instructions (not
+UDF) when the condition code is 0b1111 (0xf). This in effect makes it
+possible to trigger the uprobes functionality from thumb, and at that
+using two unallocated instructions which are not permanently undefined.
+
+Signed-off-by: Fredrik Strupe <fredrik@strupe.net>
+Cc: stable@vger.kernel.org
+Fixes: c7edc9e326d5 ("ARM: add uprobes support")
+Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/arm/probes/uprobes/core.c |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/arch/arm/probes/uprobes/core.c
++++ b/arch/arm/probes/uprobes/core.c
+@@ -207,7 +207,7 @@ unsigned long uprobe_get_swbp_addr(struc
+ static struct undef_hook uprobes_arm_break_hook = {
+ 	.instr_mask	= 0x0fffffff,
+ 	.instr_val	= (UPROBE_SWBP_ARM_INSN & 0x0fffffff),
+-	.cpsr_mask	= MODE_MASK,
++	.cpsr_mask	= (PSR_T_BIT | MODE_MASK),
+ 	.cpsr_val	= USR_MODE,
+ 	.fn		= uprobe_trap_handler,
+ };
+@@ -215,7 +215,7 @@ static struct undef_hook uprobes_arm_bre
+ static struct undef_hook uprobes_arm_ss_hook = {
+ 	.instr_mask	= 0x0fffffff,
+ 	.instr_val	= (UPROBE_SS_ARM_INSN & 0x0fffffff),
+-	.cpsr_mask	= MODE_MASK,
++	.cpsr_mask	= (PSR_T_BIT | MODE_MASK),
+ 	.cpsr_val	= USR_MODE,
+ 	.fn		= uprobe_trap_handler,
+ };
diff --git a/queue-4.14/series b/queue-4.14/series
index 61b2aa1a772..c524cbf5320 100644
--- a/queue-4.14/series
+++ b/queue-4.14/series
@@ -33,3 +33,4 @@ ibmvnic-avoid-calling-napi_disable-twice.patch
 ibmvnic-remove-duplicate-napi_schedule-call-in-do_reset-function.patch
 ibmvnic-remove-duplicate-napi_schedule-call-in-open-function.patch
 arm-footbridge-fix-pci-interrupt-mapping.patch
+arm-9071-1-uprobes-don-t-hook-on-thumb-instructions.patch