Received: by 2002:a05:6a10:8395:0:0:0:0 with SMTP id n21csp651011pxh; Tue, 9 Nov 2021 16:51:59 -0800 (PST) X-Google-Smtp-Source: ABdhPJyRBLMVSHBEsrsKXGB8zaTP1kAd5mIURDxsGFH5VLpum/1oq6c/RnpqixABm1WEpKJW7mSM X-Received: by 2002:a02:ba8b:: with SMTP id g11mr9103031jao.128.1636505519433; Tue, 09 Nov 2021 16:51:59 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1636505519; cv=none; d=google.com; s=arc-20160816; b=HLBO1dHRkCP/UwozsV42Rwbx+jejpBYlheT52uJbkFkhJVflfRkHCUf40vvggSp0k3 n5wrJ1W/+jqJJxeQSiDf8ua//1SrERJ4RnljdVpoK/GGzRBkTTlrpM81+wX5edoa3/1a 2h2u5R96bUeujdS8vP0RkcCuwaVkRxGnKzCUfUfZArprSIbhCbVVaxrW6MEJ4QRSqbct tvy34Vtr9JPF5FawMWRt3ifUeNQPTun0Up84yTD72nD/Ec9zxPOvFCbgWJFZSVuc/z0i Q4pCcaYJhNjelhknxCtAo7AGJ9PYWLy87X2FgRUcwkZq81nCgQ5A0W8quKGQjavlVhFa QFWQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:date:subject:from:message-id:cc:to :dkim-signature; bh=pxYQptxKAANotcVk8750InSOMFKmeE5dNUCPfDenwBA=; b=LEKFTL3P9fKtI4/WtY9ORqYmqXYn/pkmiNLr8RqHw13BZTZUaQ1uQ8glt+jZ7sO47U jH4G+jfkR3fo+xiJUipLWK8KY+ewpXVcW275d8fQrQXdJC96Qffqy5ULUNZMtynGzEcj lrQND9kcEc1Bi5b5pookT5GMX6kCljT431OyZ0YJC4PZYiAdK3R5yJBGS4rN3dgzmfLf qkhTJadv4pCCSI1GXr7TyfarvgCflZ0hVAj3OnqTcdj5enL3VReHuqQEI1GpHFvs77FO /VKD1yncTB4PbGl4baVYQZtbgsjNpfT1CamJNpdRSEzWuQXfXJS/TzW1pjM/BlKzRrqM F0Tw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=HI320WgY; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y5si44833229ill.62.2021.11.09.16.51.46; Tue, 09 Nov 2021 16:51:59 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=HI320WgY; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230313AbhKJAHY (ORCPT + 99 others); Tue, 9 Nov 2021 19:07:24 -0500 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:34081 "EHLO out1-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230308AbhKJAHX (ORCPT ); Tue, 9 Nov 2021 19:07:23 -0500 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id B08FA5C01B5; Tue, 9 Nov 2021 19:04:35 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute5.internal (MEProxy); Tue, 09 Nov 2021 19:04:35 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:date:from:message-id:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=pxYQptxKAANotcVk8750InSOMFKmeE5dNUCPfDenwBA=; b=HI320WgY mHuVSK3efM0vTvk6r9P1KKQseNrpR5JhgtWMMeYDRj/8mOQ78oH4GrzbwzuDE7VI 48UXSrjmvniZ/UM4V+mP8nJOrF4MZUZZw87kel1nztKMMLOg4eLu9wlG7Gq1Nq8o ls9Vb+PZIIGCtykdDGymGiPoCuoiosCbEupSE/NXLWfAPFbAZtgIYQ9Dm/offBYB nX8doTIWwu3lMsFcFb5PW7LzIaReglmAWbduBhcxniMdT6vqxmfSvlwYvHqk7p+9 qPZE6kDW125HUSbMdNKxuocQIT+r3d9DtaMsnVRFisIKDMfmHKlGqJsfkzyi2vKs Fv/K4I/i7fskAA== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvuddrudehgddufecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpefvkffhufffsedttdertddttddtnecuhfhrohhmpefhihhnnhcuvfhhrghinhcu oehfthhhrghinheslhhinhhugidqmheikehkrdhorhhgqeenucggtffrrghtthgvrhhnpe ekfeeukeelhfekudehheeglefgfeevffeglefhvdehheehtddvleegveefffetvdenucff ohhmrghinhepkhgvrhhnvghlrdhorhhgpdhprhhothhonhhmrghilhdrtghomhenucevlh hushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehfthhhrghinhes lhhinhhugidqmheikehkrdhorhhg X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 9 Nov 2021 19:04:30 -0500 (EST) To: Michael Ellerman , Benjamin Herrenschmidt , Paul Mackerras , "Christophe Leroy" Cc: "Christopher M. Riedl" , linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org Message-Id: <08bbe7240b384016e0b2912ecf3bf5e2d25ef2c6.1636501628.git.fthain@linux-m68k.org> From: Finn Thain Subject: [PATCH] powerpc: Fix sigset_t copy Date: Wed, 10 Nov 2021 10:47:08 +1100 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Christophe Leroy The conversion from __copy_from_user() to __get_user() introduced a regression in __get_user_sigset() in v5.13. The bug was subsequently copied and pasted in unsafe_get_user_sigset(). The regression was reported by users of the Xorg packages distributed in Debian/powerpc -- "The symptoms are that the fb screen goes blank, with the backlight remaining on and no errors logged in /var/log; wdm (or startx) run with no effect (I tried logging in in the blind, with no effect). And they are hard to kill, requiring 'kill -KILL ...'" Fix the regression by casting the __get_user() assignment lvalue to u64 so that the entire struct gets copied. Cc: Christophe Leroy Cc: Christopher M. Riedl Link: https://lore.kernel.org/linuxppc-dev/FEtBUOuFPMN4zJy4bIOqz6C4xoliCbTxS7VtMKD6UZkbvEbycUceRgGAd7e9-trRdwVN3hWAbQi0qrNx8Zgn8niTQf2KPVdw-W35czDIaeQ=@protonmail.com/ Fixes: 887f3ceb51cd ("powerpc/signal32: Convert do_setcontext[_tm]() to user access block") Fixes: d3ccc9781560 ("powerpc/signal: Use __get_user() to copy sigset_t") Reported-and-tested-by: Stan Johnson Signed-off-by: Finn Thain --- Christophe, I hope this change is the one you wanted to see upstream (?). If it is acceptable please add your signed-off-by tag. --- arch/powerpc/kernel/signal.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/powerpc/kernel/signal.h b/arch/powerpc/kernel/signal.h index 1f07317964e4..44e736b88e91 100644 --- a/arch/powerpc/kernel/signal.h +++ b/arch/powerpc/kernel/signal.h @@ -23,10 +23,10 @@ static inline int __get_user_sigset(sigset_t *dst, const sigset_t __user *src) { BUILD_BUG_ON(sizeof(sigset_t) != sizeof(u64)); - return __get_user(dst->sig[0], (u64 __user *)&src->sig[0]); + return __get_user(*(u64 *)&dst->sig[0], (u64 __user *)&src->sig[0]); } #define unsafe_get_user_sigset(dst, src, label) \ - unsafe_get_user((dst)->sig[0], (u64 __user *)&(src)->sig[0], label) + unsafe_get_user(*(u64 *)&(dst)->sig[0], (u64 __user *)&(src)->sig[0], label) #ifdef CONFIG_VSX extern unsigned long copy_vsx_to_user(void __user *to, -- 2.26.3