AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2024-12-13 11:06:49 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
62dd86ac01
linux_dsm_epyc7002/arch/x86/kernel
History
Josh Poimboeuf 62dd86ac01 x86/unwind: Fix dereference of untrusted pointer 
Tetsuo Handa and Fengguang Wu reported a panic in the unwinder:

  BUG: unable to handle kernel NULL pointer dereference at 000001f2
  IP: update_stack_state+0xd4/0x340
  *pde = 00000000

  Oops: 0000 [#1] PREEMPT SMP
  CPU: 0 PID: 18728 Comm: 01-cpu-hotplug Not tainted 4.13.0-rc4-00170-gb09be67 #592
  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.3-20161025_171302-gandalf 04/01/2014
  task: bb0b53c0 task.stack: bb3ac000
  EIP: update_stack_state+0xd4/0x340
  EFLAGS: 00010002 CPU: 0
  EAX: 0000a570 EBX: bb3adccb ECX: 0000f401 EDX: 0000a570
  ESI: 00000001 EDI: 000001ba EBP: bb3adc6b ESP: bb3adc3f
   DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
  CR0: 80050033 CR2: 000001f2 CR3: 0b3a7000 CR4: 00140690
  DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
  DR6: fffe0ff0 DR7: 00000400
  Call Trace:
   ? unwind_next_frame+0xea/0x400
   ? __unwind_start+0xf5/0x180
   ? __save_stack_trace+0x81/0x160
   ? save_stack_trace+0x20/0x30
   ? __lock_acquire+0xfa5/0x12f0
   ? lock_acquire+0x1c2/0x230
   ? tick_periodic+0x3a/0xf0
   ? _raw_spin_lock+0x42/0x50
   ? tick_periodic+0x3a/0xf0
   ? tick_periodic+0x3a/0xf0
   ? debug_smp_processor_id+0x12/0x20
   ? tick_handle_periodic+0x23/0xc0
   ? local_apic_timer_interrupt+0x63/0x70
   ? smp_trace_apic_timer_interrupt+0x235/0x6a0
   ? trace_apic_timer_interrupt+0x37/0x3c
   ? strrchr+0x23/0x50
  Code: 0f 95 c1 89 c7 89 45 e4 0f b6 c1 89 c6 89 45 dc 8b 04 85 98 cb 74 bc 88 4d e3 89 45 f0 83 c0 01 84 c9 89 04 b5 98 cb 74 bc 74 3b <8b> 47 38 8b 57 34 c6 43 1d 01 25 00 00 02 00 83 e2 03 09 d0 83
  EIP: update_stack_state+0xd4/0x340 SS:ESP: 0068:bb3adc3f
  CR2: 00000000000001f2
  ---[ end trace 0d147fd4aba8ff50 ]---
  Kernel panic - not syncing: Fatal exception in interrupt

On x86-32, after decoding a frame pointer to get a regs address,
regs_size() dereferences the regs pointer when it checks regs->cs to see
if the regs are user mode.  This is dangerous because it's possible that
what looks like a decoded frame pointer is actually a corrupt value, and
we don't want the unwinder to make things worse.

Instead of calling regs_size() on an unsafe pointer, just assume they're
kernel regs to start with.  Later, once it's safe to access the regs, we
can do the user mode check and corresponding safety check for the
remaining two regs.

Reported-and-tested-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Reported-and-tested-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Byungchul Park <byungchul.park@lge.com>
Cc: LKP <lkp@01.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Fixes: 5ed8d8bb38 ("x86/unwind: Move common code into update_stack_state()")
Link: http://lkml.kernel.org/r/7f95b9a6993dec7674b3f3ab3dcd3294f7b9644d.1507597785.git.jpoimboe@redhat.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2017-10-10 12:49:47 +02:00
..
acpi dmi: Mark all struct dmi_system_id instances const 2017-09-14 11:59:30 +02:00
apic Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-09-12 11:34:39 -07:00
cpu x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier 2017-09-17 18:59:08 +02:00
fpu x86/fpu: Use using_compacted_format() instead of open coded X86_FEATURE_XSAVES 2017-09-26 09:43:48 +02:00
kprobes kprobes/x86: Remove IRQ disabling from jprobe handlers 2017-10-03 19:11:48 +02:00
.gitignore
alternative.c x86: Clarify/fix no-op barriers for text_poke_bp() 2017-08-10 17:35:19 +02:00
amd_gart_64.c x86: remove arch specific dma_supported implementation 2017-06-28 06:54:46 -07:00
amd_nb.c x86/amd_nb: Add SMN and Indirect Data Fabric access for AMD Fam17h 2016-11-16 20:46:38 +01:00
apb_timer.c Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2016-12-25 14:30:04 -08:00
aperture_64.c x86/boot/e820: Prefix the E820_* type names with "E820_TYPE_" 2017-01-28 22:55:22 +01:00
apm_32.c dmi: Mark all struct dmi_system_id instances const 2017-09-14 11:59:30 +02:00
asm-offsets_32.c x86/lguest: Remove lguest support 2017-08-24 09:57:28 +02:00
asm-offsets_64.c x86/xen: Get rid of paravirt op adjust_exception_frame 2017-08-31 21:35:10 +02:00
asm-offsets.c efi: Get and store the secure boot status 2017-02-07 10:42:10 +01:00
audit_64.c
bootflag.c
check.c
cpuid.c Merge branch 'smp-hotplug-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2016-12-12 19:25:04 -08:00
crash_dump_32.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
crash_dump_64.c
crash.c kexec: move vmcoreinfo out of the kernel's .bss section 2017-07-12 16:25:59 -07:00
devicetree.c x86/devicetree: Convert to using %pOF instead of ->full_name 2017-07-21 10:14:15 +02:00
doublefault.c sched/headers: Prepare for new header dependencies before moving code to <linux/sched/debug.h> 2017-03-02 08:42:34 +01:00
dumpstack_32.c x86/dumpstack: Fix interrupt and exception stack boundary checks 2017-07-18 10:56:23 +02:00
dumpstack_64.c x86/dumpstack: Fix interrupt and exception stack boundary checks 2017-07-18 10:56:23 +02:00
dumpstack.c x86/asm/32: Remove a bunch of '& 0xffff' from pt_regs segment reads 2017-07-30 12:04:41 +02:00
e820.c x86/boot/e820: Add support to determine the E820 type of an address 2017-07-18 11:38:01 +02:00
early_printk.c x86/earlyprintk: Add support for earlyprintk via USB3 debug port 2017-03-21 12:30:16 +01:00
early-quirks.c ACPI updates for v4.14-rc1 2017-09-05 12:45:03 -07:00
ebda.c
eisa.c x86/eisa: Add missing include 2017-08-31 21:34:48 +02:00
espfix_64.c x86/mm: Provide general kernel support for memory encryption 2017-07-18 11:38:00 +02:00
ftrace_32.S x86/ftrace: Fix ebp in ftrace_regs_caller that screws up unwinder 2017-04-21 09:48:16 +02:00
ftrace_64.S x86/ftrace: Use Makefile logic instead of #ifdef for compiling ftrace_*.o 2017-03-24 10:14:08 +01:00
ftrace.c x86/ftrace: Make sure that ftrace trampolines are not RWX 2017-05-26 22:37:02 -04:00
head32.c x86/idt: Move early IDT setup out of 32-bit asm 2017-08-29 12:07:26 +02:00
head64.c Merge branch 'x86-apic-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-09-04 17:43:56 -07:00
head_32.S x86/idt: Remove superfluous ALIGNment 2017-08-31 15:47:02 +02:00
head_64.S x86/mm: Provide general kernel support for memory encryption 2017-07-18 11:38:00 +02:00
hpet.c x86/hpet: Cure interface abuse in the resume path 2017-08-01 13:02:37 +02:00
hw_breakpoint.c
i8237.c
i8253.c
i8259.c x86: i8259: export legacy_pic symbol 2017-04-14 12:08:51 +02:00
idt.c x86/idt: Fix the X86_TRAP_BP gate 2017-09-01 11:04:56 +02:00
io_delay.c dmi: Mark all struct dmi_system_id instances const 2017-09-14 11:59:30 +02:00
ioport.c Second batch of KVM changes for 4.11 merge window 2017-03-04 11:36:19 -08:00
irq_32.c x86/asm: Use register variable to get stack pointer value 2017-09-29 19:39:44 +02:00
irq_64.c sched/headers: Prepare for new header dependencies before moving code to <linux/sched/task_stack.h> 2017-03-02 08:42:36 +01:00
irq_work.c x86/irq_work: Make it depend on APIC 2017-08-29 11:42:30 +02:00
irq.c x86/ipi: Make platform IPI depend on APIC 2017-08-29 11:42:29 +02:00
irqinit.c x86/idt: Move interrupt gate initialization to IDT code 2017-08-29 12:07:28 +02:00
itmt.c sched/x86: Remove unnecessary TBM3 check to update topology 2017-01-19 08:42:37 +01:00
jump_label.c jump_label: Reorder hotplug lock and jump_label_lock 2017-05-26 10:10:45 +02:00
kdebugfs.c x86, mpparse, x86/acpi, x86/PCI, x86/dmi, SFI: Use memremap() for RAM mappings 2017-07-18 11:37:58 +02:00
kexec-bzimage64.c x86/boot/e820: Rename the e820_table_firmware to e820_table_kexec 2017-07-05 10:09:02 +02:00
kgdb.c sched/x86: Add 'struct inactive_task_frame' to better document the sleeping task stack frame 2016-08-24 12:27:41 +02:00
ksysfs.c x86/sysfs: Fix off-by-one error in loop termination 2017-09-25 09:36:16 +02:00
kvm.c kvm/x86: Handle async PF in RCU read-side critical sections 2017-09-29 17:05:17 +02:00
kvmclock.c sched/headers: Prepare for new header dependencies before moving code to <linux/sched/clock.h> 2017-03-02 08:42:27 +01:00
ldt.c x86/ldt/64: Refresh DS and ES when modify_ldt changes an entry 2017-07-27 09:12:57 +02:00
livepatch.c livepatch/x86: apply alternatives and paravirt patches after relocations 2016-08-18 23:41:55 +02:00
machine_kexec_32.c x86/idt: Consolidate IDT invalidation 2017-08-29 12:07:26 +02:00
machine_kexec_64.c x86/mm, kexec: Fix memory corruption with SME on successive kexecs 2017-07-30 12:09:12 +02:00
Makefile x86/idt: Create file for IDT related code 2017-08-29 12:07:25 +02:00
mmconf-fam10h_64.c
module.c x86/unwind: Add the ORC unwinder 2017-07-26 13:18:20 +02:00
mpparse.c x86/boot: Use memremap() to map the MPF and MPC data 2017-07-18 11:38:02 +02:00
msr.c x86/msr: Remove bogus cleanup from the error path 2016-12-25 10:47:41 +01:00
nmi_selftest.c x86/nmi: Fix timeout test in test_nmi_ipi() 2017-06-20 12:52:43 +02:00
nmi.c x86/nmi: Use raw lock 2017-08-16 20:40:09 +02:00
paravirt_patch_32.c x86/paravirt: Mark unused patch_default label 2016-12-22 17:43:35 +01:00
paravirt_patch_64.c x86/paravirt: Mark unused patch_default label 2016-12-22 17:43:35 +01:00
paravirt-spinlocks.c 4.11 is going to be a relatively large release for KVM, with a little over 2017-02-22 18:22:53 -08:00
paravirt.c x86/paravirt: Remove no longer used paravirt functions 2017-09-13 10:55:15 +02:00
pci-calgary_64.c x86: remove arch specific dma_supported implementation 2017-06-28 06:54:46 -07:00
pci-dma.c x86, swiotlb: Add memory encryption support 2017-07-18 11:38:03 +02:00
pci-iommu_table.c
pci-nommu.c x86, swiotlb: Add memory encryption support 2017-07-18 11:38:03 +02:00
pci-swiotlb.c x86, swiotlb: Add memory encryption support 2017-07-18 11:38:03 +02:00
pcspeaker.c
perf_regs.c sched/headers: Prepare for new header dependencies before moving code to <linux/sched/task_stack.h> 2017-03-02 08:42:36 +01:00
platform-quirks.c x86/lguest: Remove lguest support 2017-08-24 09:57:28 +02:00
pmem.c
probe_roms.c x86/boot/e820: Move asm/e820.h to asm/e820/api.h 2017-01-28 09:31:13 +01:00
process_32.c Merge branch 'x86-cache-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-09-04 13:56:37 -07:00
process_64.c Merge branch 'x86-cache-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-09-04 13:56:37 -07:00
process.c x86/mm, kexec: Allow kexec to be used with SME 2017-07-18 11:38:04 +02:00
ptrace.c x86/arch_prctl/64: Rename do_arch_prctl() to do_arch_prctl_64() 2017-03-20 16:10:32 +01:00
pvclock.c sched/headers: Prepare for new header dependencies before moving code to <linux/sched/nmi.h> 2017-03-02 08:42:30 +01:00
quirks.c treewide: Consolidate Apple DMI checks 2017-08-03 23:26:22 +02:00
reboot_fixups_32.c
reboot.c x86/mm/64: Fix reboot interaction with CR4.PCIDE 2017-10-09 13:31:04 +02:00
relocate_kernel_32.S
relocate_kernel_64.S x86/mm, kexec: Fix memory corruption with SME on successive kexecs 2017-07-30 12:09:12 +02:00
resource.c x86/boot/e820: Harmonize the 'struct e820_table' fields 2017-01-28 09:33:16 +01:00
rtc.c timekeeping: Ignore the bogus sleep time if pm_trace is enabled 2016-11-29 18:02:58 +01:00
setup_percpu.c treewide: make "nr_cpu_ids" unsigned 2017-09-08 18:26:48 -07:00
setup.c x86/mm/64: Initialize CR4.PCIDE early 2017-09-13 09:54:43 +02:00
signal_compat.c signal: Remove kernel interal si_code magic 2017-07-24 14:30:28 -05:00
signal.c x86/fpu: Rename fpu::fpstate_active to fpu::initialized 2017-09-26 09:43:36 +02:00
smp.c x86/tracing: Disentangle pagefault and resched IPI tracing key 2017-08-29 11:42:29 +02:00
smpboot.c x86/mm/32: Load a sane CR3 before cpu_init() on secondary CPUs 2017-09-17 18:59:09 +02:00
stacktrace.c stacktrace/x86: add function for detecting reliable stack traces 2017-03-08 09:18:02 +01:00
step.c x86/asm/32: Remove a bunch of '& 0xffff' from pt_regs segment reads 2017-07-30 12:04:41 +02:00
sys_x86_64.c x86/mm: Prepare to expose larger address space to userspace 2017-07-21 10:05:18 +02:00
sysfb_efi.c
sysfb_simplefb.c x86/sysfb: Fix lfb_size calculation 2016-11-16 09:38:23 +01:00
sysfb.c
tboot.c iommu/vt-d: Correctly disable Intel IOMMU force on 2017-06-15 16:41:10 +02:00
tce_64.c
time.c x86/time: Make setup_default_timer_irq() static 2017-06-13 08:42:09 +02:00
tls.c x86/asm: Replace access to desc_struct:a/b fields 2017-08-29 12:07:25 +02:00
tls.h
topology.c
trace_clock.c
tracepoint.c x86/tracing: Disentangle pagefault and resched IPI tracing key 2017-08-29 11:42:29 +02:00
traps.c x86/asm: Use register variable to get stack pointer value 2017-09-29 19:39:44 +02:00
tsc_msr.c x86/tsc: Set TSC_KNOWN_FREQ and TSC_RELIABLE flags on Intel Atom SoCs 2016-11-18 10:58:31 +01:00
tsc_sync.c x86/tsc: Remove the TSC_ADJUST clamp 2017-06-04 21:55:53 +02:00
tsc.c Merge branch 'x86-timers-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-07-03 18:01:50 -07:00
unwind_frame.c x86/unwind: Fix dereference of untrusted pointer 2017-10-10 12:49:47 +02:00
unwind_guess.c x86/unwind: Add the ORC unwinder 2017-07-26 13:18:20 +02:00
unwind_orc.c x86/unwind: Add the ORC unwinder 2017-07-26 13:18:20 +02:00
uprobes.c uprobes/x86: Fix RIP-relative handling of EVEX-encoded instructions 2016-08-12 08:29:24 +02:00
verify_cpu.S
vm86_32.c x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly() 2017-04-26 10:02:06 +02:00
vmlinux.lds.S x86/unwind: Add the ORC unwinder 2017-07-26 13:18:20 +02:00
vsmp_64.c
x86_init.c x86/boot/e820: Rename default_machine_specific_memory_setup() to e820__memory_setup_default() 2017-01-28 14:42:26 +01:00