Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp1978845ybh;
        Tue, 14 Jul 2020 12:09:31 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJx8nHwg/5etWXc/oyPzs4Cy9SZHuvTy+/LRDRfaDB3ntRPg/ZVVQRpBj3yDFWgPn2x7eY1z
X-Received: by 2002:a17:906:2296:: with SMTP id p22mr5780795eja.510.1594753771489;
        Tue, 14 Jul 2020 12:09:31 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1594753771; cv=none;
        d=google.com; s=arc-20160816;
        b=wV+H7r4LfKJSlnhcMilNpWje4Wj8BzRe27fQLtw+LvCxZpr9PgZASf7ooXzQT/vCRD
         x1Ix5/8tuCDYHhFV1zGfBfYEeAePVt0PR419MOVE/SIyDEVwUe8iEvQDTFXe9lDAfyMU
         Lt16Iu9snIHK7dq7aOQv/wP4EwDrzYCPTy548Nf/BDcKbPMxXNhHwPw32pzvsNuINdQb
         PHK0o+kukhtoAWRdgWyi43S8IbZxRILLH5Ewz3b7UBGO1Ws3j0J/bffzLGwaUljNAMpC
         XS3MCNL0OMj/FD905QclrZEjmThyoVaCSchudtltvD7ygrX498r3/8Tw9liZrd04BDD2
         dAnQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=qz3WMJ+F644TQdPPBI5ykNIhY6sEAjdE1Vj8zm0/pe8=;
        b=EM2ClSTf9t10KfYsQ9ou2L1o5xlfpDi3MEbSov2bAfTmg6E0598+w81k6cVr1BOR/4
         XMqN99+K9ES0Sez5oqn2YzbKT9nh4Qnt/3HE1nD4/MYwubqQiPyiX9+BMEz76YmCnLRA
         Xm4WZ0uWtmlcdjN/DWXyzS+9c0y/vqWbQKZcv1xq/8EAgFesDZ87GWZH4Wnwi7lJK6Ec
         g8U5fQOpqamCus6zFt86ipwiidOkVvkT0SPTJYSQBvbuq5HrGVbpR8yQySzHS+HY9b+b
         GTFFI/hRHANma60hN0QnZhh/wdAaWs5pIWi9TV8R0mz1nJcRJlFd22YueFWFmsBCDTa3
         vIMw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=OVEyou0O;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id i25si12082114edr.503.2020.07.14.12.09.08;
        Tue, 14 Jul 2020 12:09:31 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=OVEyou0O;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1730556AbgGNSwm (ORCPT <rfc822;xiaochao379261131@gmail.com>
        + 99 others); Tue, 14 Jul 2020 14:52:42 -0400
Received: from mail.kernel.org ([198.145.29.99]:49452 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1730547AbgGNSwk (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 14 Jul 2020 14:52:40 -0400
Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 81CC422B3B;
        Tue, 14 Jul 2020 18:52:39 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1594752760;
        bh=RFeeKoui4KBDzdL8DbDuYvj3wRJoymkA9Cz7r5lf/L8=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=OVEyou0OlQG7DJDiwgRVy3jqGwIBiY/bQu/tyekllcxJMYGkKCJ2PXBU0bo3QxlGd
         QExxr7ryXU3yOORnHzXXNhD7ZXkKibcHCa3AAi66oGp6INuLcWvOac46N207WbAE6J
         rOt4IcJd1ItdwXOX55cQtgavxZ02rggzMXklLFxo=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Vineet Gupta <vgupta@synopsys.com>
Subject: [PATCH 5.4 099/109] ARC: entry: fix potential EFA clobber when TIF_SYSCALL_TRACE
Date:   Tue, 14 Jul 2020 20:44:42 +0200
Message-Id: <20200714184110.300014744@linuxfoundation.org>
X-Mailer: git-send-email 2.27.0
In-Reply-To: <20200714184105.507384017@linuxfoundation.org>
References: <20200714184105.507384017@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Vineet Gupta <vgupta@synopsys.com>

commit 00fdec98d9881bf5173af09aebd353ab3b9ac729 upstream.

Trap handler for syscall tracing reads EFA (Exception Fault Address),
in case strace wants PC of trap instruction (EFA is not part of pt_regs
as of current code).

However this EFA read is racy as it happens after dropping to pure
kernel mode (re-enabling interrupts). A taken interrupt could
context-switch, trigger a different task's trap, clobbering EFA for this
execution context.

Fix this by reading EFA early, before re-enabling interrupts. A slight
side benefit is de-duplication of FAKE_RET_FROM_EXCPN in trap handler.
The trap handler is common to both ARCompact and ARCv2 builds too.

This just came out of code rework/review and no real problem was reported
but is clearly a potential problem specially for strace.

Cc: <stable@vger.kernel.org>
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/arc/kernel/entry.S |   16 +++++-----------
 1 file changed, 5 insertions(+), 11 deletions(-)

--- a/arch/arc/kernel/entry.S
+++ b/arch/arc/kernel/entry.S
@@ -153,7 +153,6 @@ END(EV_Extension)
 tracesys:
 	; save EFA in case tracer wants the PC of traced task
 	; using ERET won't work since next-PC has already committed
-	lr  r12, [efa]
 	GET_CURR_TASK_FIELD_PTR   TASK_THREAD, r11
 	st  r12, [r11, THREAD_FAULT_ADDR]	; thread.fault_address
 
@@ -196,15 +195,9 @@ tracesys_exit:
 ; Breakpoint TRAP
 ; ---------------------------------------------
 trap_with_param:
-
-	; stop_pc info by gdb needs this info
-	lr  r0, [efa]
+	mov r0, r12	; EFA in case ptracer/gdb wants stop_pc
 	mov r1, sp
 
-	; Now that we have read EFA, it is safe to do "fake" rtie
-	;   and get out of CPU exception mode
-	FAKE_RET_FROM_EXCPN
-
 	; Save callee regs in case gdb wants to have a look
 	; SP will grow up by size of CALLEE Reg-File
 	; NOTE: clobbers r12
@@ -231,6 +224,10 @@ ENTRY(EV_Trap)
 
 	EXCEPTION_PROLOGUE
 
+	lr  r12, [efa]
+
+	FAKE_RET_FROM_EXCPN
+
 	;============ TRAP 1   :breakpoints
 	; Check ECR for trap with arg (PROLOGUE ensures r10 has ECR)
 	bmsk.f 0, r10, 7
@@ -238,9 +235,6 @@ ENTRY(EV_Trap)
 
 	;============ TRAP  (no param): syscall top level
 
-	; First return from Exception to pure K mode (Exception/IRQs renabled)
-	FAKE_RET_FROM_EXCPN
-
 	; If syscall tracing ongoing, invoke pre-post-hooks
 	GET_CURR_THR_INFO_FLAGS   r10
 	btst r10, TIF_SYSCALL_TRACE