Paul Burton adcc81f148

MIPS: math-emu: Write-protect delay slot emulation pages ...

Mapping the delay slot emulation page as both writeable & executable
presents a security risk, in that if an exploit can write to & jump into
the page then it can be used as an easy way to execute arbitrary code.

Prevent this by mapping the page read-only for userland, and using
access_process_vm() with the FOLL_FORCE flag to write to it from
mips_dsemul().

This will likely be less efficient due to copy_to_user_page() performing
cache maintenance on a whole page, rather than a single line as in the
previous use of flush_cache_sigtramp(). However this delay slot
emulation code ought not to be running in any performance critical paths
anyway so this isn't really a problem, and we can probably do better in
copy_to_user_page() anyway in future.

A major advantage of this approach is that the fix is small & simple to
backport to stable kernels.

Reported-by: Andy Lutomirski <luto@kernel.org>
Signed-off-by: Paul Burton <paul.burton@mips.com>
Fixes: 432c6bacbd0c ("MIPS: Use per-mm page to execute branch delay slot instructions")
Cc: stable@vger.kernel.org # v4.8+
Cc: linux-mips@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: Rich Felker <dalias@libc.org>
Cc: David Daney <david.daney@cavium.com>

2018-12-20 10:00:01 -08:00

..

syscalls

mips: add system call table generation support

2018-12-14 11:19:01 -08:00

.gitignore

…

8250-platform.c

…

asm-offsets.c

MIPS: Remove struct task_struct fpu state when CONFIG_MIPS_FP_SUPPORT=n

2018-11-09 10:23:19 -08:00

binfmt_elfn32.c

y2038: globally rename compat_time to old_time32

2018-08-27 14:48:48 +02:00

binfmt_elfo32.c

y2038: globally rename compat_time to old_time32

2018-08-27 14:48:48 +02:00

bmips_5xxx_init.S

MIPS: BCM5xxx: Remove dead init_fpu code

2018-11-08 11:20:57 -08:00

bmips_vec.S

MIPS: BMIPS: Add Whirlwind (BMIPS5200) initialization code

2016-05-09 12:00:01 +02:00

branch.c

mips: annotate implicit fall throughs

2018-12-03 13:42:38 -08:00

cacheinfo.c

MIPS: Fix cacheinfo overflow

2017-02-13 18:57:34 +00:00

cevt-bcm1480.c

MIPS: clockevent drivers: Set ->min_delta_ticks and ->max_delta_ticks

2017-04-14 13:11:16 -07:00

cevt-ds1287.c

MIPS: clockevent drivers: Set ->min_delta_ticks and ->max_delta_ticks

2017-04-14 13:11:16 -07:00

cevt-gt641xx.c

MIPS: clockevent drivers: Set ->min_delta_ticks and ->max_delta_ticks

2017-04-14 13:11:16 -07:00

cevt-r4k.c

MIPS: cevt-r4k: Fix out-of-bounds array access

2017-04-10 13:31:12 +02:00

cevt-sb1250.c

MIPS: clockevent drivers: Set ->min_delta_ticks and ->max_delta_ticks

2017-04-14 13:11:16 -07:00

cevt-txx9.c

MIPS: clockevent drivers: Set ->min_delta_ticks and ->max_delta_ticks

2017-04-14 13:11:16 -07:00

cmpxchg.c

Update MIPS email addresses

2017-11-03 09:02:30 -07:00

cps-vec-ns16550.S

Update MIPS email addresses

2017-11-03 09:02:30 -07:00

cps-vec.S

MIPS: CPS: Fix MIPS_ISA_LEVEL_RAW fallout

2018-02-05 11:53:06 +00:00

cpu-bugs64.c

MIPS: Remove GCC_IMM_ASM & GCC_REG_ACCUM macros

2018-11-07 16:25:30 -08:00

cpu-probe.c

mips: annotate implicit fall throughs

2018-12-03 13:42:38 -08:00

crash_dump.c

mm: remove include/linux/bootmem.h

2018-10-31 08:54:16 -07:00

crash.c

mm: remove include/linux/bootmem.h

2018-10-31 08:54:16 -07:00

csrc-bcm1480.c

clocksource: Use a plain u64 instead of cycle_t

2016-12-25 11:04:12 +01:00

csrc-ioasic.c

clocksource: Use a plain u64 instead of cycle_t

2016-12-25 11:04:12 +01:00

csrc-r4k.c

clocksource: Use a plain u64 instead of cycle_t

2016-12-25 11:04:12 +01:00

csrc-sb1250.c

clocksource: Use a plain u64 instead of cycle_t

2016-12-25 11:04:12 +01:00

early_printk_8250.c

mips: unify prom_putchar() declarations

2018-07-17 09:40:17 -07:00

early_printk.c

mips: unify prom_putchar() declarations

2018-07-17 09:40:17 -07:00

elf.c

MIPS: Avoid FP ELF checks when CONFIG_MIPS_FP_SUPPORT=n

2018-11-09 10:23:18 -08:00

entry.S

MIPS: Add syscall detection for restartable sequences

2018-06-19 21:13:56 -07:00

ftrace.c

mips: add +1 to __NR_syscalls in uapi header

2018-12-14 11:19:01 -08:00

genex.S

MIPS: Avoid using .set mips0 to restore ISA

2018-11-09 10:23:19 -08:00

gpio_txx9.c

MIPS: txx9: switch to gpiochip_add_data()

2016-02-19 09:51:44 +01:00

head.S

MIPS/head: Store ELF appended dtb in a global variable too

2018-09-25 16:27:24 -07:00

i8253.c

License cleanup: add SPDX GPL-2.0 license identifier to files with no license

2017-11-02 11:10:55 +01:00

idle.c

MIPS: Loongson: Add Loongson-3A R2.1 basic support

2018-11-19 15:20:31 -08:00

irq_txx9.c

MIPS: Whitespace cleanup.

2013-02-01 10:00:22 +01:00

irq-gt641xx.c

MIPS: Whitespace cleanup.

2013-02-01 10:00:22 +01:00

irq-msc01.c

MIPS: MSC: Prevent out-of-bounds writes to MIPS SC ioremap'd region

2014-06-26 10:48:23 +01:00

irq-rm7000.c

MIPS: Whitespace cleanup.

2013-02-01 10:00:22 +01:00

irq.c

MIPS: Introduce irq_stack

2017-01-03 16:34:34 +01:00

jump_label.c

jump_label: Reorder hotplug lock and jump_label_lock

2017-05-26 10:10:45 +02:00

kgdb.c

MIPS: KGDB: Use kernel context for sleeping threads

2017-04-12 22:29:22 +02:00

kprobes.c

bpf/error-inject/kprobes: Clear current_kprobe and enable preempt in kprobe

2018-06-21 12:33:19 +02:00

linux32.c

MIPS: Delete unused code in linux32.c

2018-08-01 13:20:27 -07:00

machine_kexec.c

MIPS: kdump: Mark cpu back online before rebooting

2018-09-28 10:09:03 -07:00

Makefile

mips: rename scall64-64.S to scall64-n64.S

2018-12-14 11:19:01 -08:00

mcount.S

mips: ftrace: fix static function graph tracing

2018-06-19 15:00:12 -07:00

mips_machine.c

MIPS: move mips_{set,get}_machine_name() to a more generic place

2013-05-08 01:19:07 +02:00

mips-cm.c

MIPS: CM: Drop WARN_ON(vp != 0)

2018-01-10 16:47:25 +01:00

mips-cpc.c

MIPS: CPC: Map registers using DT in mips_cpc_default_phys_base()

2018-02-08 14:02:01 +00:00

mips-mt-fpaff.c

License cleanup: add SPDX GPL-2.0 license identifier to files with no license

2017-11-02 11:10:55 +01:00

mips-mt.c

MIPS: MT: Remove norps command line parameter

2018-11-26 22:49:14 -08:00

mips-r2-to-r6-emul.c

MIPS: Ensure emulated FP sets PF_USED_MATH

2018-11-09 10:23:14 -08:00

module.c

Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus

2017-07-15 10:59:54 -07:00

octeon_switch.S

Kbuild: rename CC_STACKPROTECTOR[_STRONG] config variables

2018-06-14 12:21:18 +09:00

perf_event_mipsxx.c

MIPS: perf: Fix perf with MT counting other threads

2018-05-15 15:53:44 +01:00

perf_event.c

sched/headers: Prepare for new header dependencies before moving code to <linux/sched/task_stack.h>

2017-03-02 08:42:36 +01:00

pm-cps.c

MIPS: pm-cps: Block system suspend when a JTAG probe is present

2018-03-09 13:53:26 +00:00

pm.c

MIPS: Fix watchpoint restoration

2016-05-09 12:00:02 +02:00

probes-common.h

MIPS: Update email address for Marcin Nowakowski

2017-11-02 10:58:43 +00:00

proc.c

License cleanup: add SPDX GPL-2.0 license identifier to files with no license

2017-11-02 11:10:55 +01:00

process.c

MIPS: Remove struct mm_context_t fp_mode_switching field

2018-12-17 22:05:40 -08:00

prom.c

mm: remove include/linux/bootmem.h

2018-10-31 08:54:16 -07:00

ptrace32.c

MIPS: ptrace: Remove FP support when CONFIG_MIPS_FP_SUPPORT=n

2018-11-09 10:23:17 -08:00

ptrace.c

MIPS: ptrace: introduce NT_MIPS_MSA regset

2018-11-20 21:05:39 -08:00

r4k_fpu.S

MIPS: Simplify FP context initialization

2018-11-09 10:23:13 -08:00

r4k_switch.S

Kbuild: rename CC_STACKPROTECTOR[_STRONG] config variables

2018-06-14 12:21:18 +09:00

r2300_fpu.S

MIPS: Simplify FP context initialization

2018-11-09 10:23:13 -08:00

r2300_switch.S

Kbuild: rename CC_STACKPROTECTOR[_STRONG] config variables

2018-06-14 12:21:18 +09:00

relocate_kernel.S

MIPS: kexec: fix typos

2018-06-24 09:26:01 -07:00

relocate.c

MIPS: Remove no-op/identity casts

2018-08-31 11:49:20 -07:00

reset.c

MIPS: Hang more efficiently on halt/powerdown/restart

2018-03-09 11:22:43 +00:00

rtlx-cmp.c

MIPS: APRP: Fix an issue when device_create() fails.

2014-08-01 17:30:35 +02:00

rtlx-mt.c

MIPS: APRP: Fix an issue when device_create() fails.

2014-08-01 17:30:35 +02:00

rtlx.c

vfs: do bulk POLL* -> EPOLL* replacement

2018-02-11 14:34:03 -08:00

scall32-o32.S

mips: generate uapi header and system call table files

2018-12-14 11:19:02 -08:00

scall64-n32.S

mips: generate uapi header and system call table files

2018-12-14 11:19:02 -08:00

scall64-n64.S

mips: generate uapi header and system call table files

2018-12-14 11:19:02 -08:00

scall64-o32.S

mips: generate uapi header and system call table files

2018-12-14 11:19:02 -08:00

segment.c

MIPS: Print segment physical address when EU=1

2016-07-28 11:44:30 +02:00

setup.c

memblock: stop using implicit alignment to SMP_CACHE_BYTES

2018-10-31 08:54:16 -07:00

signal32.c

compat: Move compat_timespec/ timeval to compat_time.h

2018-04-19 13:29:54 +02:00

signal_n32.c

MIPS: Remove nabi_no_regargs

2018-08-01 13:20:15 -07:00

signal_o32.c

MIPS: Remove nabi_no_regargs

2018-08-01 13:20:15 -07:00

signal-common.h

MIPS: Save MSA extended context around signals

2015-09-03 12:07:59 +02:00

signal.c

MIPS: signal: Remove FP context support when CONFIG_MIPS_FP_SUPPORT=n

2018-11-09 10:23:17 -08:00

smp-bmips.c

MIPS: kexec: Make a framework for both jumping and halting on nonboot CPUs

2018-09-22 10:31:50 -07:00

smp-cmp.c

MIPS: smp-cmp: Fix vpe_id build error

2017-11-01 23:23:00 +00:00

smp-cps.c

MIPS: kexec: CPS systems to halt nonboot CPUs

2018-09-22 10:32:33 -07:00

smp-mt.c

MIPS: Use mips_gic_present() in place of gic_present

2017-09-04 13:53:14 +02:00

smp-up.c

MIPS: SMP: Allow boot_secondary SMP op to return errors

2017-08-30 00:57:27 +02:00

smp.c

MIPS changes for 4.15

2017-11-15 11:36:08 -08:00

spinlock_test.c

License cleanup: add SPDX GPL-2.0 license identifier to files with no license

2017-11-02 11:10:55 +01:00

spram.c

MIPS: Add P6600 cases to CPU switch statements

2016-05-13 14:01:52 +02:00

stacktrace.c

sched/headers: Prepare for new header dependencies before moving code to <linux/sched/task_stack.h>

2017-03-02 08:42:36 +01:00

sync-r4k.c

License cleanup: add SPDX GPL-2.0 license identifier to files with no license

2017-11-02 11:10:55 +01:00

syscall.c

MIPS: Avoid using .set mips0 to restore ISA

2018-11-09 10:23:19 -08:00

sysrq.c

License cleanup: add SPDX GPL-2.0 license identifier to files with no license

2017-11-02 11:10:55 +01:00

time.c

MIPS: Convert update_persistent_clock() to update_persistent_clock64()

2018-05-14 23:58:23 +01:00

topology.c

License cleanup: add SPDX GPL-2.0 license identifier to files with no license

2017-11-02 11:10:55 +01:00

traps.c

MIPS: Don't dump Hi & Lo regs on >= MIPSr6

2018-11-09 17:20:12 -08:00

unaligned.c

MIPS: Fix do_ade() closing brace indentation

2018-11-09 17:20:01 -08:00

uprobes.c

Uprobe: Additional argument arch_uprobe to uprobe_write_opcode()

2018-08-13 20:08:33 -04:00

vdso.c

MIPS: math-emu: Write-protect delay slot emulation pages

2018-12-20 10:00:01 -08:00

vmlinux.lds.S

MIPS: Enable dead code elimination

2018-11-21 15:36:49 -08:00

vpe-cmp.c

MIPS: APRP: Add VPE loader support for CMP platforms.

2014-01-22 20:19:02 +01:00

vpe-mt.c

MIPS: MT: Remove SMTC support

2014-05-24 00:07:01 +02:00

vpe.c

mm: remove include/linux/bootmem.h

2018-10-31 08:54:16 -07:00

watch.c

mips: annotate implicit fall throughs

2018-12-03 13:42:38 -08:00