From patchwork Fri Jan 1 12:39:22 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 59097 Delivered-To: patch@linaro.org Received: by 10.112.130.2 with SMTP id oa2csp3939997lbb; Fri, 1 Jan 2016 04:39:42 -0800 (PST) X-Received: by 10.67.14.3 with SMTP id fc3mr108698214pad.134.1451651982723; Fri, 01 Jan 2016 04:39:42 -0800 (PST) Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y70si8656661pfi.132.2016.01.01.04.39.42; Fri, 01 Jan 2016 04:39:42 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dkim=neutral (body hash did not verify) header.i=@linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751801AbcAAMjk (ORCPT + 29 others); Fri, 1 Jan 2016 07:39:40 -0500 Received: from mail-wm0-f41.google.com ([74.125.82.41]:36667 "EHLO mail-wm0-f41.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751158AbcAAMjh (ORCPT ); Fri, 1 Jan 2016 07:39:37 -0500 Received: by mail-wm0-f41.google.com with SMTP id l65so104200644wmf.1 for ; Fri, 01 Jan 2016 04:39:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=3hD3/MkBpu4lMgzyowoliyTYa7CxJ5+XexHCmbEE6ec=; b=TjhakenY7BWenTJhmt05x5zuqCtCgRKNQHGha286jSPwCS2mPGZEKLPKLJfoqJrkhs sUymrHpyjAyC6LGrvgbpeeBLuHFm8uzz25KvVgdMr0Gl+//5E+x4z7Q8c+CBvjO2bnO0 LKcW9TwuSRBRoF5QYTg7Od1ijlOdIEUnB5fqA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=3hD3/MkBpu4lMgzyowoliyTYa7CxJ5+XexHCmbEE6ec=; b=IognEbK2wUSmRHQctfdMiNZ9Z/vMKJ+cS1jDNQWwFusMrmL0dIr+CNcVpwfqjPhYRb 5lXSVjbgFUUse95oFUZNJ4c31bmWZioMinHoq2zbKVzZBGQpHK/d5hz/V7b4LVfs2mJY WpZ4V5eUZITGKrjEvhaVwU1XsW10XZrG6cjAnHJ61wK5H4adVwxVcDPsJUF9WFyYV/Dg dxawl1K/kF64o1e+konk5WPMb8pptR8AKSp03In3+qeXzou2ifTuRQGBQISWP8FcXaEX Q3QzD4RpOWRM0HFX0Dbl1SNKtKwK0KQTLrhCf/wxwN2+T1ysfo9rIs7AwDqdUgXWfHka oPNw== X-Gm-Message-State: ALoCoQnuvk0vbwobCdURKLF+UpX5VI8bBW2MBncKnKxlVdbKOllgklNjeji4z+nwMUKIvhGDZE1vSplhD6+71O9HfsifEuxLzg== X-Received: by 10.194.116.97 with SMTP id jv1mr81134510wjb.38.1451651976445; Fri, 01 Jan 2016 04:39:36 -0800 (PST) Received: from localhost.localdomain (cag06-7-83-153-85-71.fbx.proxad.net. [83.153.85.71]) by smtp.gmail.com with ESMTPSA id m65sm41812318wma.13.2016.01.01.04.39.34 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 01 Jan 2016 04:39:35 -0800 (PST) From: Ard Biesheuvel To: schwidefsky@de.ibm.com, heiko.carstens@de.ibm.com, linux-s390@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Ard Biesheuvel Subject: [PATCH] s390: fix normalization bug in exception table sorting Date: Fri, 1 Jan 2016 13:39:22 +0100 Message-Id: <1451651962-4180-1-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 1.9.1 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The normalization pass in the sorting routine of the relative exception table serves two purposes: - it ensures that the address fields of the exception table entries are fully ordered, so that no ambiguities arise between entries with identical instruction offsets (i.e., when two instructions that are exactly 8 bytes apart each have an exception table entry associated with them) - it ensures that the offsets of both the instruction and the fixup fields of each entry are relative to their final location after sorting. Commit eb608fb366de ("s390/exceptions: switch to relative exception table entries") ported the relative exception table format from x86, but modified the sorting routine to only normalize the instruction offset field and not the fixup offset field. The result is that the fixup offset of each entry will be relative to the original location of the entry before sorting, likely leading to crashes when those entries are dereferenced. Fixes: eb608fb366de ("s390/exceptions: switch to relative exception table entries") Signed-off-by: Ard Biesheuvel --- arch/s390/mm/extable.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) -- 1.9.1 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/ diff --git a/arch/s390/mm/extable.c b/arch/s390/mm/extable.c index 4d1ee88864e8..18c8b819b0aa 100644 --- a/arch/s390/mm/extable.c +++ b/arch/s390/mm/extable.c @@ -52,12 +52,16 @@ void sort_extable(struct exception_table_entry *start, int i; /* Normalize entries to being relative to the start of the section */ - for (p = start, i = 0; p < finish; p++, i += 8) + for (p = start, i = 0; p < finish; p++, i += 8) { p->insn += i; + p->fixup += i + 4; + } sort(start, finish - start, sizeof(*start), cmp_ex, NULL); /* Denormalize all entries */ - for (p = start, i = 0; p < finish; p++, i += 8) + for (p = start, i = 0; p < finish; p++, i += 8) { p->insn -= i; + p->fixup -= i + 4; + } } #ifdef CONFIG_MODULES