OpenE2K
/
linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
linux/arch/mips/kernel
History
James Hogan 8b3c569a39 MIPS: stack protector: Fix per-task canary switch 
Commit 1400eb6 (MIPS: r4k,octeon,r2300: stack protector: change canary
per task) was merged in v3.11 and introduced assembly in the MIPS resume
functions to update the value of the current canary in
__stack_chk_guard. However it used PTR_L resulting in a load of the
canary value, instead of PTR_LA to construct its address. The value is
intended to be random but is then treated as an address in the
subsequent LONG_S (store).

This was observed to cause a fault and panic:

CPU 0 Unable to handle kernel paging request at virtual address 139fea20, epc == 8000cc0c, ra == 8034f2a4
Oops[#1]:
...
$24   : 139fea20 1e1f7cb6
...
Call Trace:
[<8000cc0c>] resume+0xac/0x118
[<8034f2a4>] __schedule+0x5f8/0x78c
[<8034f4e0>] schedule_preempt_disabled+0x20/0x2c
[<80348eec>] rest_init+0x74/0x84
[<804dc990>] start_kernel+0x43c/0x454
Code: 3c18804b  8f184030  8cb901f8 <af190000> 00c0e021  8cb002f0 8cb102f4  8cb202f8  8cb302fc

This can also be forced by modifying
arch/mips/include/asm/stackprotector.h so that the default
__stack_chk_guard value is more likely to be a bad (or unaligned)
pointer.

Fix it to use PTR_LA instead, to load the address of the canary value,
which the LONG_S can then use to write into it.

Reported-by: bobjones (via #mipslinux on IRC)
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: Gregory Fong <gregory.0xf0@gmail.com>
Cc: linux-mips@linux-mips.org
Cc: stable@vger.kernel.org
Patchwork: https://patchwork.linux-mips.org/patch/6026/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
 		2013-10-07 15:31:04 +02:00
..
.gitignore [MIPS] Ignore vmlinux.lds generated files 2008-08-26 09:10:27 +01:00
8250-platform.c mips: remove needless include of module.h from core kernel files. 2011-10-31 19:30:57 -04:00
Makefile MIPS: Consolidate idle loop / WAIT instruction support in a single file. 2013-05-22 01:34:25 +02:00
asm-offsets.c MIPS: r4k,octeon,r2300: stack protector: change canary per task 2013-07-01 15:10:52 +02:00
binfmt_elfn32.c MIPS: Compat: Fix cputime_to_timeval() arguments in compat binfmt_elf. 2013-06-06 16:11:26 +02:00
binfmt_elfo32.c MIPS: Compat: Fix cputime_to_timeval() arguments in compat binfmt_elf. 2013-06-06 16:11:26 +02:00
bmips_vec.S MIPS: BMIPS: fix slave CPU booting when physical CPU is not 0 2013-07-30 18:54:29 +02:00
branch.c MIPS: Cleanup indentation and whitespace 2013-07-01 15:10:57 +02:00
cevt-bcm1480.c MIPS: Delete __cpuinit/__CPUINIT usage from MIPS code 2013-07-14 19:36:51 -04:00
cevt-ds1287.c MIPS: Whitespace cleanup. 2013-02-01 10:00:22 +01:00
cevt-gic.c MIPS: Delete __cpuinit/__CPUINIT usage from MIPS code 2013-07-14 19:36:51 -04:00
cevt-gt641xx.c MIPS: Whitespace cleanup. 2013-02-01 10:00:22 +01:00
cevt-r4k.c MIPS: Delete __cpuinit/__CPUINIT usage from MIPS code 2013-07-14 19:36:51 -04:00
cevt-sb1250.c MIPS: Delete __cpuinit/__CPUINIT usage from MIPS code 2013-07-14 19:36:51 -04:00
cevt-smtc.c MIPS: Delete __cpuinit/__CPUINIT usage from MIPS code 2013-07-14 19:36:51 -04:00
cevt-txx9.c MIPS: Whitespace cleanup. 2013-02-01 10:00:22 +01:00
cpu-bugs64.c MIPS: Delete __cpuinit/__CPUINIT usage from MIPS code 2013-07-14 19:36:51 -04:00
cpu-probe.c MIPS: Disable usermode switching of the FR bit for MIPS R5 CPUs. 2013-09-19 11:23:10 +02:00
crash.c MIPS: Whitespace cleanup. 2013-02-01 10:00:22 +01:00
crash_dump.c mips: remove savemaxmem parameter setup 2013-07-03 16:08:03 -07:00
csrc-bcm1480.c MIPS: Whitespace cleanup. 2013-02-01 10:00:22 +01:00
csrc-gic.c MIPS: Refactor GIC clocksource code. 2013-05-09 17:55:20 +02:00
csrc-ioasic.c MIPS: DECstation HRT initialization rearrangement 2013-09-13 11:56:13 +02:00
csrc-powertv.c MIPS: Whitespace cleanup. 2013-02-01 10:00:22 +01:00
csrc-r4k.c mips: convert to clocksource_register_hz/khz 2011-02-21 13:33:50 -08:00
csrc-sb1250.c MIPS: Whitespace cleanup. 2013-02-01 10:00:22 +01:00
early_printk.c early_printk: consolidate random copies of identical code 2013-04-29 18:28:13 -07:00
entry.S Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/signal 2012-12-12 12:22:13 -08:00
ftrace.c MIPS: ftrace: Add missing CONFIG_DYNAMIC_FTRACE 2013-06-10 18:15:18 +02:00
genex.S MIPS: Idle: Break r4k_wait into two functions and fix it. 2013-05-22 01:34:28 +02:00
gpio_txx9.c [MIPS] txx9: Make gpio_txx9 entirely spinlock-safe 2008-07-15 18:44:34 +01:00
head.S MIPS: Delete __cpuinit/__CPUINIT usage from MIPS code 2013-07-14 19:36:51 -04:00
i8253.c MIPS: irq: Remove IRQF_DISABLED 2011-12-07 22:03:45 +00:00
i8259.c MIPS: Whitespace cleanup. 2013-02-01 10:00:22 +01:00
idle.c MIPS: Optimize current_cpu_type() for better code. 2013-09-17 18:50:53 +02:00
irq-gic.c MIPS: GIC: Fix gic_set_affinity infinite loop 2013-07-01 15:10:56 +02:00
irq-gt641xx.c MIPS: Whitespace cleanup. 2013-02-01 10:00:22 +01:00
irq-msc01.c MIPS: Whitespace cleanup. 2013-02-01 10:00:22 +01:00
irq-rm7000.c MIPS: Whitespace cleanup. 2013-02-01 10:00:22 +01:00
irq.c MIPS: Whitespace cleanup. 2013-02-01 10:00:22 +01:00
irq_cpu.c Merge branch 'mips-next-3.9' of git://git.linux-mips.org/pub/scm/john/linux-john into mips-for-linux-next 2013-02-21 12:51:33 +01:00
irq_txx9.c MIPS: Whitespace cleanup. 2013-02-01 10:00:22 +01:00
jump_label.c MIPS: jump label: Add MIPS support. 2011-01-18 19:30:24 +01:00
kgdb.c MIPS: Whitespace cleanup. 2013-02-01 10:00:22 +01:00
kprobes.c kprobes/mips: Fix to check double free of insn slot 2013-05-22 12:48:30 +02:00
linux32.c unify compat fanotify_mark(2), switch to COMPAT_SYSCALL_DEFINE 2013-05-09 13:46:38 -04:00
machine_kexec.c MIPS: kdump: Add support 2012-12-13 16:46:47 +01:00
mcount.S MIPS: Ftrace: Fix function tracing return address to match 2013-09-03 14:46:27 +02:00
mips-mt-fpaff.c sched: Rename sched.c as sched/core.c in comments and Documentation 2013-06-19 12:58:42 +02:00
mips-mt.c Merge branch 'master' into for-next 2012-04-08 21:48:52 +02:00
mips_ksyms.c MIPS: Whitespace cleanup. 2013-02-01 10:00:22 +01:00
mips_machine.c MIPS: move mips_{set,get}_machine_name() to a more generic place 2013-05-08 01:19:07 +02:00
module-rela.c MIPS: Whitespace cleanup. 2013-02-01 10:00:22 +01:00
module.c MIPS: Whitespace cleanup. 2013-02-01 10:00:22 +01:00
octeon_switch.S MIPS: stack protector: Fix per-task canary switch 2013-10-07 15:31:04 +02:00
perf_event.c MIPS: perf: Reorganize contents of perf support files. 2011-10-24 23:34:26 +01:00
perf_event_mipsxx.c MIPS: Whitespace cleanup. 2013-02-01 10:00:22 +01:00
proc.c MIPS: Get rid of MIPS I flag and test macros. 2013-07-01 15:10:56 +02:00
process.c MIPS: Fix typos and cleanup comment 2013-07-01 15:10:57 +02:00
prom.c of: Specify initrd location using 64-bit 2013-07-24 11:10:01 +01:00
ptrace.c MIPS: Implement HAVE_CONTEXT_TRACKING. 2013-06-10 18:02:30 +02:00
ptrace32.c MIPS: Whitespace cleanup. 2013-02-01 10:00:22 +01:00
r4k_fpu.S update David Miller's old email address 2011-04-06 06:19:38 -07:00
r4k_switch.S MIPS: stack protector: Fix per-task canary switch 2013-10-07 15:31:04 +02:00
r2300_fpu.S MIPS: Whitespace cleanup. 2013-02-01 10:00:22 +01:00
r2300_switch.S MIPS: stack protector: Fix per-task canary switch 2013-10-07 15:31:04 +02:00
r6000_fpu.S update David Miller's old email address 2011-04-06 06:19:38 -07:00
relocate_kernel.S MIPS: kdump: Skip walking indirection page for crashkernels 2013-09-05 20:53:37 +02:00
reset.c mips: migrate core kernel file from module.h --> export.h 2011-10-31 19:30:56 -04:00
rtlx.c MIPS: Fix rtlx build error. 2013-06-21 18:07:03 +02:00
scall32-o32.S Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus 2013-07-13 14:52:21 -07:00
scall64-64.S MIPS: Cleanup flags in syscall flags handlers. 2013-06-10 18:01:26 +02:00
scall64-n32.S MIPS: Cleanup flags in syscall flags handlers. 2013-06-10 18:01:26 +02:00
scall64-o32.S MIPS: Cleanup flags in syscall flags handlers. 2013-06-10 18:01:26 +02:00
setup.c MIPS: kexec: Fix random crashes while loading crashkernel 2013-09-05 20:53:43 +02:00
signal-common.h most of set_current_blocked() callers want SIGKILL/SIGSTOP removed from set 2012-06-01 12:58:51 -04:00
signal.c MIPS: Implement HAVE_CONTEXT_TRACKING. 2013-06-10 18:02:30 +02:00
signal32.c Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus 2013-03-02 07:44:16 -08:00
signal_n32.c Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus 2013-03-02 07:44:16 -08:00
smp-bmips.c MIPS: BMIPS: fix hardware interrupt routing for boot CPU != 0 2013-08-05 13:35:18 +02:00
smp-cmp.c MIPS: Fix SMP core calculations when using MT support. 2013-09-13 11:59:51 +02:00
smp-mt.c MIPS: Delete __cpuinit/__CPUINIT usage from MIPS code 2013-07-14 19:36:51 -04:00
smp-up.c MIPS: Delete __cpuinit/__CPUINIT usage from MIPS code 2013-07-14 19:36:51 -04:00
smp.c MIPS: Delete __cpuinit/__CPUINIT usage from MIPS code 2013-07-14 19:36:51 -04:00
smtc-asm.S MIPS: microMIPS: Add support for exception handling. 2013-05-09 17:55:18 +02:00
smtc-proc.c mips: single_open() leaks 2013-05-05 00:10:21 -04:00
smtc.c MIPS: Delete __cpuinit/__CPUINIT usage from MIPS code 2013-07-14 19:36:51 -04:00
spinlock_test.c mips: migrate core kernel file from module.h --> export.h 2011-10-31 19:30:56 -04:00
spram.c MIPS: Delete __cpuinit/__CPUINIT usage from MIPS code 2013-07-14 19:36:51 -04:00
stacktrace.c mips: migrate core kernel file from module.h --> export.h 2011-10-31 19:30:56 -04:00
sync-r4k.c MIPS: Delete __cpuinit/__CPUINIT usage from MIPS code 2013-07-14 19:36:51 -04:00
syscall.c Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus 2013-03-02 07:44:16 -08:00
time.c MIPS: Optimize current_cpu_type() for better code. 2013-09-17 18:50:53 +02:00
topology.c MIPS: Add arch generic CPU hotplug 2009-06-24 18:34:40 +01:00
traps.c MIPS: Optimize current_cpu_type() for better code. 2013-09-17 18:50:53 +02:00
unaligned.c MIPS: Declare emulate_load_store_microMIPS as a static function. 2013-07-01 15:10:57 +02:00
vdso.c coredump: remove VM_ALWAYSDUMP flag 2012-03-23 16:58:42 -07:00
vmlinux.lds.S MIPS: Discard .eh_frame sections in linker script. 2013-08-26 15:33:41 +02:00
vpe.c MIPS: kernel: vpe: Make vpe_attrs an array of pointers. 2013-09-13 15:12:48 +02:00
watch.c MIPS: Delete __cpuinit/__CPUINIT usage from MIPS code 2013-07-14 19:36:51 -04:00