system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-10-23 11:46:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
linux/arch
History
Heiko Carstens 4784955a52 s390/bpf,jit: fix address randomization 
Add misssing braces to hole calculation. This resulted in an addition
instead of an substraction. Which in turn means that the jit compiler
could try to write out of bounds of the allocated piece of memory.

This bug was introduced with aa2d2c73 "s390/bpf,jit: address randomize
and write protect jit code".

Fixes this one:

[   37.320956] Unable to handle kernel pointer dereference at virtual kernel address 000003ff80231000
[   37.320984] Oops: 0011 [#1] PREEMPT SMP DEBUG_PAGEALLOC
[   37.320993] Modules linked in: dm_multipath scsi_dh eadm_sch dm_mod ctcm fsm autofs4
[   37.321007] CPU: 28 PID: 6443 Comm: multipathd Not tainted 3.10.9-61.x.20130829-s390xdefault #1
[   37.321011] task: 0000004ada778000 ti: 0000004ae3304000 task.ti: 0000004ae3304000
[   37.321014] Krnl PSW : 0704c00180000000 000000000012d1de (bpf_jit_compile+0x198e/0x23d0)
[   37.321022]            R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 EA:3
               Krnl GPRS: 000000004350207d 0000004a00000001 0000000000000007 000003ff80231002
[   37.321029]            0000000000000007 000003ff80230ffe 00000000a7740000 000003ff80230f76
[   37.321032]            000003ffffffffff 000003ff00000000 000003ff0000007d 000000000071e820
[   37.321035]            0000004adbe99950 000000000071ea18 0000004af3d9e7c0 0000004ae3307b80
[   37.321046] Krnl Code: 000000000012d1d0: 41305004            la      %r3,4(%r5)
                          000000000012d1d4: e330f0f80021        clg     %r3,248(%r15)
                         #000000000012d1da: a7240009            brc     2,12d1ec
                         >000000000012d1de: 50805000            st      %r8,0(%r5)
                          000000000012d1e2: e330f0f00004        lg      %r3,240(%r15)
                          000000000012d1e8: 41303004            la      %r3,4(%r3)
                          000000000012d1ec: e380f0e00004        lg      %r8,224(%r15)
                          000000000012d1f2: e330f0f00024        stg     %r3,240(%r15)
[   37.321074] Call Trace:
[   37.321077] ([<000000000012da78>] bpf_jit_compile+0x2228/0x23d0)
[   37.321083]  [<00000000006007c2>] sk_attach_filter+0xfe/0x214
[   37.321090]  [<00000000005d2d92>] sock_setsockopt+0x926/0xbdc
[   37.321097]  [<00000000005cbfb6>] SyS_setsockopt+0x8a/0xe8
[   37.321101]  [<00000000005ccaa8>] SyS_socketcall+0x264/0x364
[   37.321106]  [<0000000000713f1c>] sysc_nr_ok+0x22/0x28
[   37.321113]  [<000003fffce10ea8>] 0x3fffce10ea8
[   37.321118] INFO: lockdep is turned off.
[   37.321121] Last Breaking-Event-Address:
[   37.321124]  [<000000000012d192>] bpf_jit_compile+0x1942/0x23d0
[   37.321132]
[   37.321135] Kernel panic - not syncing: Fatal exception: panic_on_oops

Cc: stable@vger.kernel.org # v3.11
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
2013-09-04 17:18:55 +02:00
..
alpha alpha: Use handle_percpu_irq for the timer interrupt 2013-07-19 13:54:26 -07:00
arc ARC: [lib] strchr breakage in Big-endian configuration 2013-08-24 11:24:53 -07:00
arm pwm: Changes for v3.12-rc1 2013-09-03 21:15:23 -07:00
arm64 Perf backend fixes for arm64 where the user can cause kernel panic 2013-08-21 16:36:32 -07:00
avr32 avr32: boards/atngw100/mrmt.c: fix building error 2013-08-08 14:16:22 +02:00
blackfin Merge branch 'cpuinit_phase2' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2013-07-18 10:50:26 -07:00
c6x Merge branch 'akpm' (updates from Andrew Morton) 2013-07-03 17:12:13 -07:00
cris cris: delete __cpuinit usage from all cris files 2013-07-14 19:36:54 -04:00
frv frv/PCI: Mark pcibios_fixup_bus() as non-init 2013-07-25 12:18:42 -06:00
h8300 net: rename busy poll socket op and globals 2013-07-10 17:08:27 -07:00
hexagon arch: *: Kconfig: add "kernel/Kconfig.freezer" to "arch/*/Kconfig" 2013-08-13 17:57:49 -07:00
ia64 Driver core patches for 3.12-rc1 2013-09-03 11:37:15 -07:00
m32r m32r: delete __cpuinit usage from all m32r files 2013-07-14 19:36:55 -04:00
m68k PCI changes for the v3.12 merge window: 2013-09-03 16:24:35 -07:00
metag metag: delete __cpuinit usage from all metag files 2013-07-14 19:36:54 -04:00
microblaze microblaze: remove undefined of_get_cpu_node declaration 2013-08-21 10:23:30 +01:00
mips PCI changes for the v3.12 merge window: 2013-09-03 16:24:35 -07:00
mn10300 net: rename busy poll socket op and globals 2013-07-10 17:08:27 -07:00
openrisc openrisc: remove undefined of_get_cpu_node declaration 2013-08-21 10:23:44 +01:00
parisc parisc: Fix interrupt routing for C8000 serial ports 2013-07-31 23:42:32 +02:00
powerpc Big part of this is the addition of compression to the 2013-09-03 21:14:06 -07:00
s390 s390/bpf,jit: fix address randomization 2013-09-04 17:18:55 +02:00
score arch: *: Kconfig: add "kernel/Kconfig.freezer" to "arch/*/Kconfig" 2013-08-13 17:57:49 -07:00
sh PCI changes for the v3.12 merge window: 2013-09-03 16:24:35 -07:00
sparc sparc: delete __cpuinit/__CPUINIT usage from all users 2013-07-14 19:36:52 -04:00
tile PCI changes for the v3.12 merge window: 2013-09-03 16:24:35 -07:00
um Fix TLB gather virtual address range invalidation corner cases 2013-08-16 08:52:46 -07:00
unicore32 reboot: move arch/x86 reboot= handling to generic kernel 2013-07-09 10:33:29 -07:00
x86 PCI changes for the v3.12 merge window: 2013-09-03 16:24:35 -07:00
xtensa xtensa: delete __cpuinit usage from all xtensa files 2013-07-14 19:36:56 -04:00
.gitignore
Kconfig microblaze: fix clone syscall 2013-08-13 17:57:48 -07:00