Unverified Commit bcc30ddf authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!7443 [sync] PR-6037: fix-CVE-2024-26706 

Merge Pull Request from: @openeuler-sync-bot 
 

Origin pull request: 
https://gitee.com/openeuler/kernel/pulls/6037 
 
PR sync from: Cheng Yu <serein.chengyu@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/RUHXCE65FK5ZLL5DWBV5XLXBLOONSGWA/ 
fix-CVE-2024-26706

Guenter Roeck (1):
  parisc/unaligned: Rewrite 64-bit inline assembly of emulate_ldd()

Helge Deller (12):
  parisc/unaligned: Use EFAULT fixup handler in unaligned handlers
  parisc/unaligned: Rewrite inline assembly of emulate_ldh()
  parisc: Switch user access functions to signal errors in r29 instead
    of r8
  parisc: Drop strnlen_user() in favour of generic version
  parisc: Implement __get/put_kernel_nofault()
  parisc: Fix some apparent put_user() failures
  parisc: Mark ex_table entries 32-bit aligned in uaccess.h
  parisc/unaligned: Rewrite inline assembly of emulate_ldw()
  parisc/unaligned: Rewrite 32-bit inline assembly of emulate_ldd()
  parisc/unaligned: Rewrite 32-bit inline assembly of emulate_sth()
  parisc: Fix random data corruption from exception handler
  parisc/unaligned: Fix emulate_ldw() breakage


-- 
2.25.1
 
https://gitee.com/src-openeuler/kernel/issues/I9E2GP 
 
Link:https://gitee.com/openeuler/kernel/pulls/7443

 

Reviewed-by: default avatarJialin Zhang <zhangjialin11@huawei.com>
Signed-off-by: default avatarJialin Zhang <zhangjialin11@huawei.com>
parents 48be9833 c93c3824

arch/parisc/Kconfig

+0 −2
Original line number Diff line number Diff line
@@ -20,7 +20,6 @@ config PARISC 
	select RTC_DRV_GENERIC

	select INIT_ALL_POSSIBLE

	select BUG

	select BUILDTIME_TABLE_SORT

	select HAVE_PCI

	select HAVE_PERF_EVENTS

	select HAVE_KERNEL_BZIP2
@@ -64,7 +63,6 @@ config PARISC 
	select HAVE_FTRACE_MCOUNT_RECORD if HAVE_DYNAMIC_FTRACE

	select HAVE_KPROBES_ON_FTRACE

	select HAVE_DYNAMIC_FTRACE_WITH_REGS

	select SET_FS



	help

	  The PA-RISC microprocessor is designed by Hewlett-Packard and used

arch/parisc/include/asm/assembly.h

+1 −0
Original line number Diff line number Diff line
@@ -506,6 +506,7 @@ 
#define ASM_EXCEPTIONTABLE_ENTRY(fault_addr, except_addr)	\

	.section __ex_table,"aw"			!	\

	.word (fault_addr - .), (except_addr - .)	!	\

	or %r0,%r0,%r0					!	\

	.previous

arch/parisc/include/asm/extable.h

0 → 100644
+64 −0
Original line number Diff line number Diff line 
/* SPDX-License-Identifier: GPL-2.0 */

#ifndef __PARISC_EXTABLE_H

#define __PARISC_EXTABLE_H



#include <asm/ptrace.h>

#include <linux/compiler.h>



/*

 * The exception table consists of three addresses:

 *

 * - A relative address to the instruction that is allowed to fault.

 * - A relative address at which the program should continue (fixup routine)

 * - An asm statement which specifies which CPU register will

 *   receive -EFAULT when an exception happens if the lowest bit in

 *   the fixup address is set.

 *

 * Note: The register specified in the err_opcode instruction will be

 * modified at runtime if a fault happens. Register %r0 will be ignored.

 *

 * Since relative addresses are used, 32bit values are sufficient even on

 * 64bit kernel.

 */



struct pt_regs;

int fixup_exception(struct pt_regs *regs);



#define ARCH_HAS_RELATIVE_EXTABLE

struct exception_table_entry {

	int insn;	/* relative address of insn that is allowed to fault. */

	int fixup;	/* relative address of fixup routine */

	int err_opcode; /* sample opcode with register which holds error code */

};



#define ASM_EXCEPTIONTABLE_ENTRY( fault_addr, except_addr, opcode )\

	".section __ex_table,\"aw\"\n"			   \

	".align 4\n"					   \

	".word (" #fault_addr " - .), (" #except_addr " - .)\n" \

	opcode "\n"					   \

	".previous\n"



/*

 * ASM_EXCEPTIONTABLE_ENTRY_EFAULT() creates a special exception table entry

 * (with lowest bit set) for which the fault handler in fixup_exception() will

 * load -EFAULT on fault into the register specified by the err_opcode instruction,

 * and zeroes the target register in case of a read fault in get_user().

 */

#define ASM_EXCEPTIONTABLE_VAR(__err_var)		\

	int __err_var = 0

#define ASM_EXCEPTIONTABLE_ENTRY_EFAULT( fault_addr, except_addr, register )\

	ASM_EXCEPTIONTABLE_ENTRY( fault_addr, except_addr + 1, "or %%r0,%%r0," register)



static inline void swap_ex_entry_fixup(struct exception_table_entry *a,

				       struct exception_table_entry *b,

				       struct exception_table_entry tmp,

				       int delta)

{

	a->fixup = b->fixup + delta;

	b->fixup = tmp.fixup - delta;

	a->err_opcode = b->err_opcode;

	b->err_opcode = tmp.err_opcode;

}

#define swap_ex_entry_fixup swap_ex_entry_fixup



#endif

arch/parisc/include/asm/processor.h

+0 −4
Original line number Diff line number Diff line
@@ -105,10 +105,6 @@ DECLARE_PER_CPU(struct cpuinfo_parisc, cpu_data); 


#define CPU_HVERSION ((boot_cpu_data.hversion >> 4) & 0x0FFF)



typedef struct {

	int seg;  

} mm_segment_t;



#define ARCH_MIN_TASKALIGN	8



struct thread_struct {

arch/parisc/include/asm/special_insns.h

+4 −2
Original line number Diff line number Diff line
@@ -8,7 +8,8 @@ 
		"copy %%r0,%0\n"			\

		"8:\tlpa %%r0(%1),%0\n"			\

		"9:\n"					\

		ASM_EXCEPTIONTABLE_ENTRY(8b, 9b)	\

		ASM_EXCEPTIONTABLE_ENTRY(8b, 9b,	\

				"or %%r0,%%r0,%%r0")	\

		: "=&r" (pa)				\

		: "r" (va)				\

		: "memory"				\
@@ -22,7 +23,8 @@ 
		"copy %%r0,%0\n"			\

		"8:\tlpa %%r0(%%sr3,%1),%0\n"		\

		"9:\n"					\

		ASM_EXCEPTIONTABLE_ENTRY(8b, 9b)	\

		ASM_EXCEPTIONTABLE_ENTRY(8b, 9b,	\

				"or %%r0,%%r0,%%r0")	\

		: "=&r" (pa)				\

		: "r" (va)				\

		: "memory"				\