Received: by 2002:ad5:4acb:0:0:0:0:0 with SMTP id n11csp4370623imw; Tue, 19 Jul 2022 05:31:14 -0700 (PDT) X-Google-Smtp-Source: AGRyM1v2Hxv6Xs2RB7X+GpGNzc2h55UQQmwPWdRRd1PzvLYpfLXN+UAgE+cQYMkRrbogPsjqRsWg X-Received: by 2002:a17:907:272a:b0:72b:8cd9:9ddd with SMTP id d10-20020a170907272a00b0072b8cd99dddmr30935991ejl.299.1658233874204; Tue, 19 Jul 2022 05:31:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1658233874; cv=none; d=google.com; s=arc-20160816; b=Xn4Y6c6ZFTq30zOWULXwCcvsROZmLZauRyctIyCjhkfiGFZL3EID0FbwKhw47OqWsl 58iC1Tkj4bnx659CbZAaW10YURnSV7AO8z0IknXyLkSQVQX0oczAZyGnON/Hp6OyRimk Yv46Mhff3z51bhsnR/NQ9sVQ05f4xogptiwZu1u7sF0kPcX+dSF36T+wfvyEwzsA6Tm0 AMwh+j3umYEzmrNS90lt1vVHcutqvFvUBVHrK8aXeHbcLbegF0x1+TDTA7m/lS7ORamh vCBiIuijFZpu3ZPDj1cq6JGy1oDyN6auri8Vk0I77ziSwdIrOVXXd5J/Bx1dlZUYWfj7 GiKw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=Qxphnq86mOdGh5f2fvszFdbJvwCAKzz8Ua4X3C9tlqc=; b=Q8P3Fqu0Muue1QwJmv1o6Nt/VNwyVoQHwiPHEdQgTzLKTB73Nxd7gh0BB7OMICtXfu Z1tfRwAZnxPzNlt/4sZZ3KVN7FdI9l6mXIlaGf/tlyAfC/+Vxivje76CQutTMxYWiPap 22eeYi8tMdeR9Jt1+9BrxDeWN0oYXqkUkCQmCZBTT+rBH6AGuhIisvAcuivFjNnRaQ2q 5lrS11V/k7Y0qbaEiQvN8Jja3Kd+ppFVWk1kHaAGrRbmzAQzN5yiXmWS84wWj1DiLHuK d4cNcSlNf6nc8TlC/Z8Z8JChZZ5tjewCasgqlbj1mDLCyU3bAQOMHLvYpg2UAob+u0wF FpCQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=hR3ACKGR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id c5-20020a170906528500b00726ce3b24ebsi18682842ejm.832.2022.07.19.05.30.46; Tue, 19 Jul 2022 05:31:14 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=hR3ACKGR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237608AbiGSMP5 (ORCPT + 99 others); Tue, 19 Jul 2022 08:15:57 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38004 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239211AbiGSMOW (ORCPT ); Tue, 19 Jul 2022 08:14:22 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 806D1422DD; Tue, 19 Jul 2022 05:05:23 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 396C0B81B81; Tue, 19 Jul 2022 12:05:12 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9F4AAC385A2; Tue, 19 Jul 2022 12:05:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1658232311; bh=ZsRmY19ATdi0iXR4OwxBA0GF5sb5W6FBkrSL8mWejcM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=hR3ACKGRvhSptQktSOqrX/HNgufo4NQwVao7CsiWOyWoElO03BRrWxIvQlQVHSK1+ rn3SXJZCwvvZDuXItdFJpSUHTHsJNwz/HqzzGjUBf8lRbUMRW3o5z7UBqhj9LopHXE zWC5TENKjNSR7UjiotHq2mpHYGacN2mpMyETNZDg= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Linus Walleij , Ard Biesheuvel , "Russell King (Oracle)" Subject: [PATCH 5.10 014/112] ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction Date: Tue, 19 Jul 2022 13:53:07 +0200 Message-Id: <20220719114627.362247984@linuxfoundation.org> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220719114626.156073229@linuxfoundation.org> References: <20220719114626.156073229@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.8 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Ard Biesheuvel commit e5c46fde75e43c15a29b40e5fc5641727f97ae47 upstream. After emulating a misaligned load or store issued in Thumb mode, we have to advance the IT state by hand, or it will get out of sync with the actual instruction stream, which means we'll end up applying the wrong condition code to subsequent instructions. This might corrupt the program state rather catastrophically. So borrow the it_advance() helper from the probing code, and use it on CPSR if the emulated instruction is Thumb. Cc: Reviewed-by: Linus Walleij Signed-off-by: Ard Biesheuvel Signed-off-by: Russell King (Oracle) Signed-off-by: Greg Kroah-Hartman --- arch/arm/include/asm/ptrace.h | 26 ++++++++++++++++++++++++++ arch/arm/mm/alignment.c | 3 +++ arch/arm/probes/decode.h | 26 +------------------------- 3 files changed, 30 insertions(+), 25 deletions(-) --- a/arch/arm/include/asm/ptrace.h +++ b/arch/arm/include/asm/ptrace.h @@ -164,5 +164,31 @@ static inline unsigned long user_stack_p ((current_stack_pointer | (THREAD_SIZE - 1)) - 7) - 1; \ }) + +/* + * Update ITSTATE after normal execution of an IT block instruction. + * + * The 8 IT state bits are split into two parts in CPSR: + * ITSTATE<1:0> are in CPSR<26:25> + * ITSTATE<7:2> are in CPSR<15:10> + */ +static inline unsigned long it_advance(unsigned long cpsr) +{ + if ((cpsr & 0x06000400) == 0) { + /* ITSTATE<2:0> == 0 means end of IT block, so clear IT state */ + cpsr &= ~PSR_IT_MASK; + } else { + /* We need to shift left ITSTATE<4:0> */ + const unsigned long mask = 0x06001c00; /* Mask ITSTATE<4:0> */ + unsigned long it = cpsr & mask; + it <<= 1; + it |= it >> (27 - 10); /* Carry ITSTATE<2> to correct place */ + it &= mask; + cpsr &= ~mask; + cpsr |= it; + } + return cpsr; +} + #endif /* __ASSEMBLY__ */ #endif --- a/arch/arm/mm/alignment.c +++ b/arch/arm/mm/alignment.c @@ -935,6 +935,9 @@ do_alignment(unsigned long addr, unsigne if (type == TYPE_LDST) do_alignment_finish_ldst(addr, instr, regs, offset); + if (thumb_mode(regs)) + regs->ARM_cpsr = it_advance(regs->ARM_cpsr); + return 0; bad_or_fault: --- a/arch/arm/probes/decode.h +++ b/arch/arm/probes/decode.h @@ -14,6 +14,7 @@ #include #include #include +#include #include void __init arm_probes_decode_init(void); @@ -35,31 +36,6 @@ void __init find_str_pc_offset(void); #endif -/* - * Update ITSTATE after normal execution of an IT block instruction. - * - * The 8 IT state bits are split into two parts in CPSR: - * ITSTATE<1:0> are in CPSR<26:25> - * ITSTATE<7:2> are in CPSR<15:10> - */ -static inline unsigned long it_advance(unsigned long cpsr) - { - if ((cpsr & 0x06000400) == 0) { - /* ITSTATE<2:0> == 0 means end of IT block, so clear IT state */ - cpsr &= ~PSR_IT_MASK; - } else { - /* We need to shift left ITSTATE<4:0> */ - const unsigned long mask = 0x06001c00; /* Mask ITSTATE<4:0> */ - unsigned long it = cpsr & mask; - it <<= 1; - it |= it >> (27 - 10); /* Carry ITSTATE<2> to correct place */ - it &= mask; - cpsr &= ~mask; - cpsr |= it; - } - return cpsr; -} - static inline void __kprobes bx_write_pc(long pcv, struct pt_regs *regs) { long cpsr = regs->ARM_cpsr;