Received: by 10.192.165.156 with SMTP id m28csp1178105imm; Wed, 11 Apr 2018 14:00:17 -0700 (PDT) X-Google-Smtp-Source: AIpwx48qgpSNib6sZMVjLFbn7MU7jMODYonufzTLZpzWhi9oy5UFRxuQ3ghRA8aUVRHBwfPAgQCe X-Received: by 2002:a17:902:2863:: with SMTP id e90-v6mr6825491plb.58.1523480417815; Wed, 11 Apr 2018 14:00:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523480417; cv=none; d=google.com; s=arc-20160816; b=qD/AvdiG7m0nbZPW8EqZqwDDDVUp6IELJYUFFw2Z2mwVk+V28lDRIKrAzPojy5KKOP UkqAos9p3Dm3vA52cyrNNn8cQUIhf3eSptmg1qKnfb0odP6e0ZZyVYw5tAnU0ExZwAlB dgHIW4cW/c8cMzsl2N2DchRK34ZW8j/Nhdt0OzxRcJ3vMJ7OyzJ6n5pynUn7P6/p2Wxg VCRa+K2KLnoKrKzQLm7DhjZ1BnjZyDuFLfzVG9GaOPasvojb+RJMRrZz+QjyiLxuiVoa JNU3Wb2VoGQO7Y5k4P+VNq1Ihvtbi0ZST9izc2VuB0eKh8lZWJMb9TM0XCP6w4DQ2eUm MJGQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=/ZpuUvSAbJwqc9D4jEDIMfwj9OskU+HoSYsvIQ1YLe8=; b=JP4XMWCwXZkIwwPkmcmbvBEizTAT5gsVUmuN1aRrj1E0d/eccSCjh4x1gXO4dy8QTZ kF8z14Vif9ET3WX1pT3pvGa0LTCWrOhOLjUVgyizW1DwgaMPUIA8kXKX+hDfmO2Jc+La rrs4Fmyv4MiH8la06MYKGG70FdqDVYVMpldmcYLPIXdJB9CzNe/lFLK6gsk1ct+p2BT+ P6UxxJVcdOF9H1oRGCviuSYCQzMenhS4ZhGN1NzLzAA6WmkKHMQuDoaPX5fSKoHLZiQ4 HElKJLgyXkkdOGb8TwemY2pEsnS57qq9sx7e+fEj6g1Rh0K1OhgQ896i/kRj7LdJMT8n 5t/w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d68si1387507pfl.337.2018.04.11.13.59.40; Wed, 11 Apr 2018 14:00:17 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932202AbeDKSo1 (ORCPT + 99 others); Wed, 11 Apr 2018 14:44:27 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:58224 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755383AbeDKSoX (ORCPT ); Wed, 11 Apr 2018 14:44:23 -0400 Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 871412D; Wed, 11 Apr 2018 18:44:22 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Andrey Konovalov , Josh Poimboeuf , Cong Wang , "David S . Miller" , Dmitry Vyukov , Eric Dumazet , Kostya Serebryany , Linus Torvalds , Marcelo Ricardo Leitner , Neil Horman , Peter Zijlstra , Thomas Gleixner , Vlad Yasevich , linux-sctp@vger.kernel.org, netdev , syzkaller , Ingo Molnar , Sasha Levin Subject: [PATCH 4.4 004/190] x86/asm: Dont use RBP as a temporary register in csum_partial_copy_generic() Date: Wed, 11 Apr 2018 20:34:10 +0200 Message-Id: <20180411183550.335450079@linuxfoundation.org> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180411183550.114495991@linuxfoundation.org> References: <20180411183550.114495991@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.4-stable review patch. If anyone has any objections, please let me know. ------------------ From: Josh Poimboeuf [ Upstream commit 42fc6c6cb1662ba2fa727dd01c9473c63be4e3b6 ] Andrey Konovalov reported the following warning while fuzzing the kernel with syzkaller: WARNING: kernel stack regs at ffff8800686869f8 in a.out:4933 has bad 'bp' value c3fc855a10167ec0 The unwinder dump revealed that RBP had a bad value when an interrupt occurred in csum_partial_copy_generic(). That function saves RBP on the stack and then overwrites it, using it as a scratch register. That's problematic because it breaks stack traces if an interrupt occurs in the middle of the function. Replace the usage of RBP with another callee-saved register (R15) so stack traces are no longer affected. Reported-by: Andrey Konovalov Tested-by: Andrey Konovalov Signed-off-by: Josh Poimboeuf Cc: Cong Wang Cc: David S . Miller Cc: Dmitry Vyukov Cc: Eric Dumazet Cc: Kostya Serebryany Cc: Linus Torvalds Cc: Marcelo Ricardo Leitner Cc: Neil Horman Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: Vlad Yasevich Cc: linux-sctp@vger.kernel.org Cc: netdev Cc: syzkaller Link: http://lkml.kernel.org/r/4b03a961efda5ec9bfe46b7b9c9ad72d1efad343.1493909486.git.jpoimboe@redhat.com Signed-off-by: Ingo Molnar Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- arch/x86/lib/csum-copy_64.S | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) --- a/arch/x86/lib/csum-copy_64.S +++ b/arch/x86/lib/csum-copy_64.S @@ -55,7 +55,7 @@ ENTRY(csum_partial_copy_generic) movq %r12, 3*8(%rsp) movq %r14, 4*8(%rsp) movq %r13, 5*8(%rsp) - movq %rbp, 6*8(%rsp) + movq %r15, 6*8(%rsp) movq %r8, (%rsp) movq %r9, 1*8(%rsp) @@ -74,7 +74,7 @@ ENTRY(csum_partial_copy_generic) /* main loop. clear in 64 byte blocks */ /* r9: zero, r8: temp2, rbx: temp1, rax: sum, rcx: saved length */ /* r11: temp3, rdx: temp4, r12 loopcnt */ - /* r10: temp5, rbp: temp6, r14 temp7, r13 temp8 */ + /* r10: temp5, r15: temp6, r14 temp7, r13 temp8 */ .p2align 4 .Lloop: source @@ -89,7 +89,7 @@ ENTRY(csum_partial_copy_generic) source movq 32(%rdi), %r10 source - movq 40(%rdi), %rbp + movq 40(%rdi), %r15 source movq 48(%rdi), %r14 source @@ -103,7 +103,7 @@ ENTRY(csum_partial_copy_generic) adcq %r11, %rax adcq %rdx, %rax adcq %r10, %rax - adcq %rbp, %rax + adcq %r15, %rax adcq %r14, %rax adcq %r13, %rax @@ -121,7 +121,7 @@ ENTRY(csum_partial_copy_generic) dest movq %r10, 32(%rsi) dest - movq %rbp, 40(%rsi) + movq %r15, 40(%rsi) dest movq %r14, 48(%rsi) dest @@ -203,7 +203,7 @@ ENTRY(csum_partial_copy_generic) movq 3*8(%rsp), %r12 movq 4*8(%rsp), %r14 movq 5*8(%rsp), %r13 - movq 6*8(%rsp), %rbp + movq 6*8(%rsp), %r15 addq $7*8, %rsp ret