Received: by 10.213.65.68 with SMTP id h4csp2146200imn; Sun, 8 Apr 2018 20:55:03 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+JsiMvec8tLE6l9mdydQqZ371DsR3E7esgN3R6k6H6KaApr2259vidXlv2I30YMFPH6Bbe X-Received: by 10.98.93.141 with SMTP id n13mr27878601pfj.10.1523246103751; Sun, 08 Apr 2018 20:55:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523246103; cv=none; d=google.com; s=arc-20160816; b=gveUrW3QSReuiaHcRK5NMfwK1cj1nCIzuGcz3s3GTWrWabwpRbIXx+tgNpT350Csim pFqtAsjYsch2K72g6XdU+iVcAzldtiB0mNp/Gagq+KYtxgZ9EG4gz+KAbt5mJJY8YJ56 2lhcTgivXtasrKl/Ly18ZmsrIKMX4SX6bdvD9zIfbH5dEQRMZ7dTgyEl86RBXXxDqbzW 9bTsiE4Gt2dHgIXhFYK4sKQEirFaYNkRkpCR28Rnva81jjcTD9OSUuDapFIf+7uyBCU2 +k6ULJV+ILt/bfQYl0P9pNEW2FdavRjga4OeAAeN43rajgc8SbWK854X2cFG3BBE3WBA Kdeg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:content-transfer-encoding :spamdiagnosticmetadata:spamdiagnosticoutput:content-language :accept-language:in-reply-to:references:message-id:date:thread-index :thread-topic:subject:cc:to:from:dkim-signature :arc-authentication-results; bh=DmxEhCYZd4RGO08GTDVOAh+sM6Ycff6It5U9dlr0EY0=; b=kq927lT308fGOktk1DBxHEqebH4rE7TV/VgkuJuZHrjHcjJGepM6E3A7eqzLo7ERD2 Re8lBioqK/+pDbxt4/SXCXpY+KiibkXSHLEIvz4yONCTEaPZpf6Pv2Uwsmrk/rHE2U8b f04LWgc4g/cwxiXhIP8rkEcbtt+kpcsNLEyLc/CRy/DtXYeAzZrNhv5nuqJtuxLJfST+ iwP7rCFjnwZ09ndzV4TA6YhCXtCOZiOxEIETHGYDWX4WhcRGY4tFdPExf1xmh7bDn8oB tMhoaIVCtP5iMHhb4UDoc8OVB+TOGjP/3Kf4L+FT0hngW8hTR+sh64JZL7Cf5C7IEV3l HCPg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@microsoft.com header.s=selector1 header.b=PwH4BPdc; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=microsoft.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f64-v6si13703014plf.624.2018.04.08.20.54.26; Sun, 08 Apr 2018 20:55:03 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@microsoft.com header.s=selector1 header.b=PwH4BPdc; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=microsoft.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754377AbeDIDtN (ORCPT + 99 others); Sun, 8 Apr 2018 23:49:13 -0400 Received: from mail-bn3nam01on0100.outbound.protection.outlook.com ([104.47.33.100]:20288 "EHLO NAM01-BN3-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1754064AbeDIATb (ORCPT ); Sun, 8 Apr 2018 20:19:31 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=DmxEhCYZd4RGO08GTDVOAh+sM6Ycff6It5U9dlr0EY0=; b=PwH4BPdcncqbezgdFn7oEG6orw6Z2jpzBvonh6pO1/UkT4CK48gsqL3KiiGSzSnPjKdEoeOXdmAPhSm2gd5axAOv0jo9umqC8i+q9pjwoAJnMQnwBkDlWtOgbaMIquKPLtPUsvhMfxd/jduq61e6UACEv6+438rrXFToKtbObtc= Received: from DM5PR2101MB1032.namprd21.prod.outlook.com (52.132.128.13) by DM5PR2101MB1063.namprd21.prod.outlook.com (52.132.128.39) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.696.0; Mon, 9 Apr 2018 00:19:25 +0000 Received: from DM5PR2101MB1032.namprd21.prod.outlook.com ([fe80::8109:aef0:a777:7059]) by DM5PR2101MB1032.namprd21.prod.outlook.com ([fe80::8109:aef0:a777:7059%2]) with mapi id 15.20.0696.003; Mon, 9 Apr 2018 00:19:25 +0000 From: Sasha Levin To: "stable@vger.kernel.org" , "linux-kernel@vger.kernel.org" CC: Christoph Hellwig , Palmer Dabbelt , Sasha Levin Subject: [PATCH AUTOSEL for 4.15 110/189] riscv: disable SUM in the exception handler Thread-Topic: [PATCH AUTOSEL for 4.15 110/189] riscv: disable SUM in the exception handler Thread-Index: AQHTz5g/xo90ID6+0UGf0YFrIE8+dw== Date: Mon, 9 Apr 2018 00:18:13 +0000 Message-ID: <20180409001637.162453-110-alexander.levin@microsoft.com> References: <20180409001637.162453-1-alexander.levin@microsoft.com> In-Reply-To: <20180409001637.162453-1-alexander.levin@microsoft.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [52.168.54.252] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1;DM5PR2101MB1063;7:40G2cevw1GIzcXrJXhL2U9sBLcpBErTz37L8zIposRjb0HBSuw1MuLBRY+VQPX+qy5s4KXoZw6uLF+jVCaYn3p2zrrg9tvfaQcuoVc3I58PzVNbKDXk3yitxBQXb3xbKhlSThemwsN61xX3bzAOZc8Z6VpQfqFwB2tUyqH3QafUwhwGdh4oeOgETG7N4n7jBCm36JchF/1Zv7ScZDGON0ROle67cxSGtEdBiAsRgAmsTJWBU+pRyH80nyr2e8TS+;20:/1iw9l7OvqsBjr+o97zbxONkbr7dwJKYU7qoIqcbJi8MW/PlbmceVjIGLSU7CT77+HYDTnwvDjBXTQiTI7nvnIWf/7l0DJnSg/JDH6Nzb+7zIZzhBdUqxznnugevqRE7e4D6eteB6DZimV45zkTqIMecxIAaZsjvGbMagYLAFP4= x-ms-office365-filtering-ht: Tenant X-MS-Office365-Filtering-Correlation-Id: 2832af2a-fc41-4d0e-ba3a-08d59daf8ceb x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(3008032)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7193020);SRVR:DM5PR2101MB1063; x-ms-traffictypediagnostic: DM5PR2101MB1063: authentication-results: spf=none (sender IP is ) smtp.mailfrom=Alexander.Levin@microsoft.com; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(28532068793085)(89211679590171); x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(8211001083)(61425038)(6040522)(2401047)(5005006)(8121501046)(93006095)(93001095)(3231221)(944501327)(52105095)(3002001)(10201501046)(6055026)(61426038)(61427038)(6041310)(20161123558120)(20161123562045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(6072148)(201708071742011);SRVR:DM5PR2101MB1063;BCL:0;PCL:0;RULEID:;SRVR:DM5PR2101MB1063; x-forefront-prvs: 0637FCE711 x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(346002)(39380400002)(39860400002)(376002)(396003)(366004)(189003)(199004)(2900100001)(6436002)(7736002)(10090500001)(102836004)(3660700001)(6506007)(76176011)(305945005)(4326008)(5250100002)(97736004)(26005)(25786009)(6512007)(2906002)(81166006)(106356001)(107886003)(68736007)(14454004)(86612001)(66066001)(10290500003)(59450400001)(6666003)(5660300001)(81156014)(478600001)(476003)(486006)(6486002)(72206003)(3280700002)(99286004)(105586002)(36756003)(1076002)(2616005)(11346002)(53936002)(446003)(8676002)(186003)(3846002)(54906003)(6116002)(2501003)(8936002)(316002)(110136005)(86362001)(22452003)(22906009)(217873001);DIR:OUT;SFP:1102;SCL:1;SRVR:DM5PR2101MB1063;H:DM5PR2101MB1032.namprd21.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:1; received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts) x-microsoft-antispam-message-info: VIP7CAy98ceYcJF62IE/GH9CVNi0qP0hHQlpejAMQTV+jEASv3pQXAlr+48Htdt0no0ZlDerIhpPTehBKHOThGv9sEynTBDf9y564hGNxL6cGcprUZeXUDRtuM1ZhN/N4t/kemVFS83YD/pYd1w74k61/jzgpw/+OkWAhoFCEp7MiwSw+yMYTL7UXEEt5ZvMUvMgwyl/0oC0i+dvBFsnvHiBSSV/stJ893w3v+zFQ5zX3bYW8Ios5aeJ4sDY3UqhT6XT4Q710rxjfDH4W4p5Cap7/NrfhBrQs2uiATPXt6zBphtmzVPCm78/jGjhCay/PIaOzmQ4MP9GTuGQ3klzTXWv9up5Zy3bMDG7s/TRRXjhLW+JjSN9NC32AGa3sxro95nafFJG0HQ12Vl06gDExG/P/8sbQq1+NHfooq7Gtc8= spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-Network-Message-Id: 2832af2a-fc41-4d0e-ba3a-08d59daf8ceb X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Apr 2018 00:18:13.2248 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR2101MB1063 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Christoph Hellwig [ Upstream commit fe9b842f72921fb18b93cf47a255f374289ef242 ] The SUM bit is enabled at the beginning of the copy_{to,from}_user and {get,put}_user routines, and cleared before they return. But these user copy helper can be interrupted by exceptions, in which case the SUM bit will remain set, which leads to elevated privileges for the code running in exception context, as that can now access userspace address space unconditionally. This frequently happens when the user copy routines access freshly allocated user memory that hasn't been faulted in, and a pagefault needs to be taken before the user copy routines can continue. Fix this by unconditionally clearing SUM when the exception handler is called - the restore code will automatically restore it based on the saved value. Signed-off-by: Christoph Hellwig Signed-off-by: Palmer Dabbelt Signed-off-by: Sasha Levin --- arch/riscv/kernel/entry.S | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/arch/riscv/kernel/entry.S b/arch/riscv/kernel/entry.S index 7404ec222406..87fc045be51f 100644 --- a/arch/riscv/kernel/entry.S +++ b/arch/riscv/kernel/entry.S @@ -78,10 +78,13 @@ _save_context: REG_S x31, PT_T6(sp) =20 /* - * Disable FPU to detect illegal usage of - * floating point in kernel space + * Disable user-mode memory access as it should only be set in the + * actual user copy routines. + * + * Disable the FPU to detect illegal usage of floating point in kernel + * space. */ - li t0, SR_FS + li t0, SR_SUM | SR_FS =20 REG_L s0, TASK_TI_USER_SP(tp) csrrc s1, sstatus, t0 --=20 2.15.1