Received: by 2002:a05:7412:8d09:b0:fa:4c10:6cad with SMTP id bj9csp183323rdb; Mon, 15 Jan 2024 17:37:26 -0800 (PST) X-Google-Smtp-Source: AGHT+IEpFS1Q05weJMw/jHQqCXxwXfkk3k9owKnXbD7Iru989x3YoH3bfWYf3AHX/MN9JZLfv4t+ X-Received: by 2002:a05:6358:460e:b0:175:597a:5c9 with SMTP id y14-20020a056358460e00b00175597a05c9mr8828561rwl.48.1705369046383; Mon, 15 Jan 2024 17:37:26 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1705369046; cv=none; d=google.com; s=arc-20160816; b=deKJ80xl0JAnsT/+BSPqy6KDsi759eFB4wBtFgYH6aMoqKymXKOzSyTawT3SBiYwVy U7VeAVitEmytgcc9xmlTFPgkM/W+HqQ3TEX6K/TJP0OgbaSMNEgx4T8v8A4pZH25thnT HfpN52OI+yqXFbgHQPaGTjzkEGyE8oW/ZJWov9+3oxjPh8/tXu8Q2Xmon9k8zy6nzfdN 4yJoNeJA/9MHrk0o5ggD+dZ5zG8En11GjQyySqsItAd3oICBJ4m4a1rmLPPxyFozjm8Y ZgUYO3b6Fhh3IPpLCvFhWnpCIEjOWycDQIDyTW9hgTOd/j1UhZcrEYYVvQu31fjH72w0 G2vQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=7oXNx5g/d1rALPseFVAofWqXR4f8ZXU/qtg9lnWpRU0=; fh=1Ocf2NwHWe8RPGaaCLEQTeh/QhYCKlu9Oh6XPewyxUw=; b=MuKcws5YsM4uSC05rjq5bTvpq7f6f56e4GzKa0/Qs2iKo9iVgGR/AYqafdwR7nz4zS Ue0PZUMTBkM52E7IN9ccLkuQJqSPxwL+PvKghh8lV0tq8n1teXUV5pIUikbDwwD/2Nau jl9l3p4ymwH+eJU3NdAYH/e9iIfayvJVqBuI+BFW5ZNNqlHcZdYeGUPf6K3sjPUILmKz PLkdzBrRsPuxYBieQR4AoVFihzrZ1uHgMfimsEVMy8Z/iUPUpNhw87JT32Hhztf6ZFBy CoVfPbHQVVrO2qMCFhivFmbTS0iOk1fh5qHqHhTo9MtLSSTDZtZuLwlItjgItQ1mDTWJ YFdw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=gLEQpHqO; spf=pass (google.com: domain of linux-kernel+bounces-26867-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-26867-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id qe17-20020a17090b4f9100b0028e60d88d3esi2147046pjb.138.2024.01.15.17.37.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Jan 2024 17:37:26 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-26867-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=gLEQpHqO; spf=pass (google.com: domain of linux-kernel+bounces-26867-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-26867-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 08D902830DA for ; Tue, 16 Jan 2024 01:37:26 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 38405288CE; Tue, 16 Jan 2024 01:07:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="gLEQpHqO" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6B23328DA2; Tue, 16 Jan 2024 01:07:38 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 458C9C43390; Tue, 16 Jan 2024 01:07:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1705367258; bh=H86OGZVlVypoDtrLJGZVb7QDXw1YkJEtH4tuEHm+7CA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=gLEQpHqOlohEgc5sV1Mh7a9KGfB1K6MkwJ5iZCUVzV4o3Y8kRESGh5c77aGjiQUM9 HCR+XPdoz7nE3VEQp/z288Kio2Vjnd3eZ6/m87+5ujl43b7im+KYDt+x4/0WJGwyFs 2Lk4oGXopNX5/m/+HbXMZI7nJ5xvwGUlALvcS3AaHFICx8uLvFWKsBHj+sVkFyQ/fv rczwcuUgyaDMnnsARs6EBaMWH2HergtlIGvQcpAbvXcSWdRlWMzef09iUYFL72mxvw V0gc0o/yTaY03hlbZIxHSHf4+upf04VB861Q0ojCNfOnYQXGlBCIJTOPe+7rzpXjQB Nu60j5XbpPrLQ== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Heiko Carstens , Claudio Imbrenda , Alexander Gordeev , Sasha Levin , oleg@redhat.com, gor@linux.ibm.com, linux-s390@vger.kernel.org Subject: [PATCH AUTOSEL 5.15 03/11] s390/ptrace: handle setting of fpc register correctly Date: Mon, 15 Jan 2024 20:07:03 -0500 Message-ID: <20240116010729.219219-3-sashal@kernel.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240116010729.219219-1-sashal@kernel.org> References: <20240116010729.219219-1-sashal@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore X-stable-base: Linux 5.15.147 Content-Transfer-Encoding: 8bit From: Heiko Carstens [ Upstream commit 8b13601d19c541158a6e18b278c00ba69ae37829 ] If the content of the floating point control (fpc) register of a traced process is modified with the ptrace interface the new value is tested for validity by temporarily loading it into the fpc register. This may lead to corruption of the fpc register of the tracing process: if an interrupt happens while the value is temporarily loaded into the fpc register, and within interrupt context floating point or vector registers are used, the current fp/vx registers are saved with save_fpu_regs() assuming they belong to user space and will be loaded into fp/vx registers when returning to user space. test_fp_ctl() restores the original user space fpc register value, however it will be discarded, when returning to user space. In result the tracer will incorrectly continue to run with the value that was supposed to be used for the traced process. Fix this by saving fpu register contents with save_fpu_regs() before using test_fp_ctl(). Reviewed-by: Claudio Imbrenda Signed-off-by: Heiko Carstens Signed-off-by: Alexander Gordeev Signed-off-by: Sasha Levin --- arch/s390/kernel/ptrace.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/s390/kernel/ptrace.c b/arch/s390/kernel/ptrace.c index 516c21baf3ad..014ed5b27027 100644 --- a/arch/s390/kernel/ptrace.c +++ b/arch/s390/kernel/ptrace.c @@ -392,6 +392,7 @@ static int __poke_user(struct task_struct *child, addr_t addr, addr_t data) /* * floating point control reg. is in the thread structure */ + save_fpu_regs(); if ((unsigned int) data != 0 || test_fp_ctl(data >> (BITS_PER_LONG - 32))) return -EINVAL; @@ -754,6 +755,7 @@ static int __poke_user_compat(struct task_struct *child, /* * floating point control reg. is in the thread structure */ + save_fpu_regs(); if (test_fp_ctl(tmp)) return -EINVAL; child->thread.fpu.fpc = data; @@ -917,9 +919,7 @@ static int s390_fpregs_set(struct task_struct *target, int rc = 0; freg_t fprs[__NUM_FPRS]; - if (target == current) - save_fpu_regs(); - + save_fpu_regs(); if (MACHINE_HAS_VX) convert_vx_to_fp(fprs, target->thread.fpu.vxrs); else -- 2.43.0