Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp3924976pxu; Sun, 20 Dec 2020 22:20:44 -0800 (PST) X-Google-Smtp-Source: ABdhPJwcqWnvs8Xw3ywBSVMHhBkC611WAow6zC9njisOg7MeHKdNpwoa9tCFyS4lbofGXK3pcCTQ X-Received: by 2002:a05:6402:4c1:: with SMTP id n1mr609460edw.66.1608531644002; Sun, 20 Dec 2020 22:20:44 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1608531643; cv=none; d=google.com; s=arc-20160816; b=nXCAJHlpNAUSSt0Qksfj/rIpWxxck+ZPH+GTKh9eVdDbdSrWkvFwKCp+qME8BLf2rI DgtYGgeNyiXg49cp58F3H8KS2N2hTcbkcAaympSGBs2RM4f8115UW3//OL4XvHQ25UCW yfyR1tprpassQbRtFBs0zeLCkfFWgx2O7eww1u9CfNJjKqbx+kwyaxwriWB4t6BVzPnZ GgCSVPtf1w7rBYbls+TLoNf4GR3HShxi9xJYmVyKMVgPSuoeLNU38npgEsLZZUf+r1fL uJR1MKOura8Y7vWu/yz7cDKSllNkAZamRMvhizqLuzJt9oHr+6K5IGHQVjPjMYZbm7iT SDtg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:date:cc:to:subject:from:message-id; bh=gKkHWIaRYlzJTYfyMJ7idkKBhQ3afOeA52Lch5n9j/I=; b=Amorueww1z1kRbWoOfVfgSq17sQGljF5a5azMWzsCqhzBTSwPmjKfU0AKVxBL5zmON QMkvZSArmyzxULzzPk9C7NCNE3GFO9R39Fs1cI8+tatvOwpi2AH2qWwiHe8LLPRiggMc nYR1cbT5EJo3mBUrcOqrG1Dqe63RmQyFT0OkhT+M4NntPfl/2Klx+0q4wtlABhpMqwJY S7sp1BrjTALRn8e1FTxHmYkr3pLBTqOpqaiWYCP0czJVuWlmVNIuNeU/9PwjYn6zIoX7 xiF7W45MjCXI/rk6QGL8+JHOdsnHgxxCW4xNeN6SJR06//rg1lX7RX2ot/fnVjrVPbiV q/UQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id j7si7938330ejf.125.2020.12.20.22.20.21; Sun, 20 Dec 2020 22:20:43 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727891AbgLUGSu (ORCPT + 99 others); Mon, 21 Dec 2020 01:18:50 -0500 Received: from pegase1.c-s.fr ([93.17.236.30]:10417 "EHLO pegase1.c-s.fr" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725984AbgLUGSu (ORCPT ); Mon, 21 Dec 2020 01:18:50 -0500 Received: from localhost (mailhub1-int [192.168.12.234]) by localhost (Postfix) with ESMTP id 4Czq5g2cWMz9txlJ; Mon, 21 Dec 2020 07:17:59 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at c-s.fr Received: from pegase1.c-s.fr ([192.168.12.234]) by localhost (pegase1.c-s.fr [192.168.12.234]) (amavisd-new, port 10024) with ESMTP id GBQLneuKLPej; Mon, 21 Dec 2020 07:17:59 +0100 (CET) Received: from messagerie.si.c-s.fr (messagerie.si.c-s.fr [192.168.25.192]) by pegase1.c-s.fr (Postfix) with ESMTP id 4Czq5g0rh1z9txlH; Mon, 21 Dec 2020 07:17:59 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by messagerie.si.c-s.fr (Postfix) with ESMTP id F35F58B790; Mon, 21 Dec 2020 07:18:03 +0100 (CET) X-Virus-Scanned: amavisd-new at c-s.fr Received: from messagerie.si.c-s.fr ([127.0.0.1]) by localhost (messagerie.si.c-s.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id 4_zuVwtqaYyp; Mon, 21 Dec 2020 07:18:03 +0100 (CET) Received: from localhost.localdomain (unknown [192.168.4.90]) by messagerie.si.c-s.fr (Postfix) with ESMTP id B01418B75B; Mon, 21 Dec 2020 07:18:03 +0100 (CET) Received: by localhost.localdomain (Postfix, from userid 0) id 75B4B66935; Mon, 21 Dec 2020 06:18:03 +0000 (UTC) Message-Id: From: Christophe Leroy Subject: [PATCH] powerpc/32: Fix vmap stack - Properly set r1 before activating MMU on syscall too To: Benjamin Herrenschmidt , Paul Mackerras , Michael Ellerman Cc: linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org Date: Mon, 21 Dec 2020 06:18:03 +0000 (UTC) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org We need r1 to be properly set before activating MMU, otherwise any new exception taken while saving registers into the stack in syscall prologs will use the user stack, which is wrong and will even lockup or crash when KUAP is selected. Do that by switching the meaning of r11 and r1 until we have saved r1 to the stack: copy r1 into r11 and setup the new stack pointer in r1. To avoid complicating and impacting all generic and specific prolog code (and more), copy back r1 into r11 once r11 is save onto the stack. We could get rid of copying r1 back and forth at the cost of rewriting everything to use r1 instead of r11 all the way when CONFIG_VMAP_STACK is set, but the effort is probably not worth it for now. Fixes: da7bb43ab9da ("powerpc/32: Fix vmap stack - Properly set r1 before activating MMU") Cc: stable@vger.kernel.org Signed-off-by: Christophe Leroy --- arch/powerpc/kernel/head_32.h | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/arch/powerpc/kernel/head_32.h b/arch/powerpc/kernel/head_32.h index 541664d95702..a2f72c966baf 100644 --- a/arch/powerpc/kernel/head_32.h +++ b/arch/powerpc/kernel/head_32.h @@ -121,18 +121,28 @@ #ifdef CONFIG_VMAP_STACK mfspr r11, SPRN_SRR0 mtctr r11 -#endif andi. r11, r9, MSR_PR - lwz r11,TASK_STACK-THREAD(r12) + mr r11, r1 + lwz r1,TASK_STACK-THREAD(r12) beq- 99f - addi r11, r11, THREAD_SIZE - INT_FRAME_SIZE -#ifdef CONFIG_VMAP_STACK + addi r1, r1, THREAD_SIZE - INT_FRAME_SIZE li r10, MSR_KERNEL & ~(MSR_IR | MSR_RI) /* can take DTLB miss */ mtmsr r10 isync + tovirt(r12, r12) + stw r11,GPR1(r1) + stw r11,0(r1) + mr r11, r1 +#else + andi. r11, r9, MSR_PR + lwz r11,TASK_STACK-THREAD(r12) + beq- 99f + addi r11, r11, THREAD_SIZE - INT_FRAME_SIZE + tophys(r11, r11) + stw r1,GPR1(r11) + stw r1,0(r11) + tovirt(r1, r11) /* set new kernel sp */ #endif - tovirt_vmstack r12, r12 - tophys_novmstack r11, r11 mflr r10 stw r10, _LINK(r11) #ifdef CONFIG_VMAP_STACK @@ -140,9 +150,6 @@ #else mfspr r10,SPRN_SRR0 #endif - stw r1,GPR1(r11) - stw r1,0(r11) - tovirt_novmstack r1, r11 /* set new kernel sp */ stw r10,_NIP(r11) mfcr r10 rlwinm r10,r10,0,4,2 /* Clear SO bit in CR */ -- 2.25.0