projects
/
firefly-linux-kernel-4.4.55.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
53c656c
)
powerpc/rtas: Validate rtas.entry before calling enter_rtas()
author
Vasant Hegde
<hegdevasant@linux.vnet.ibm.com>
Fri, 16 Oct 2015 10:23:29 +0000
(15:53 +0530)
committer
Michael Ellerman
<mpe@ellerman.id.au>
Thu, 22 Oct 2015 00:03:25 +0000
(11:03 +1100)
Currently we do not validate rtas.entry before calling enter_rtas(). This
leads to a kernel oops when user space calls rtas system call on a powernv
platform (see below). This patch adds code to validate rtas.entry before
making enter_rtas() call.
Oops: Exception in kernel mode, sig: 4 [#1]
SMP NR_CPUS=1024 NUMA PowerNV
task:
c000000004294b80
ti:
c0000007e1a78000
task.ti:
c0000007e1a78000
NIP:
0000000000000000
LR:
0000000000009c14
CTR:
c000000000423140
REGS:
c0000007e1a7b920
TRAP: 0e40 Not tainted (3.18.17-340.el7_1.pkvm3_1_0.2400.1.ppc64le)
MSR:
1000000000081000
<HV,ME> CR:
00000000
XER:
00000000
CFAR:
c000000000009c0c
SOFTE: 0
NIP [
0000000000000000
] (null)
LR [
0000000000009c14
] 0x9c14
Call Trace:
[
c0000007e1a7bba0
] [
c00000000041a7f4
] avc_has_perm_noaudit+0x54/0x110 (unreliable)
[
c0000007e1a7bd80
] [
c00000000002ddc0
] ppc_rtas+0x150/0x2d0
[
c0000007e1a7be30
] [
c000000000009358
] syscall_exit+0x0/0x98
Cc: stable@vger.kernel.org # v3.2+
Fixes: 55190f88789a ("powerpc: Add skeleton PowerNV platform")
Reported-by: NAGESWARA R. SASTRY <nasastry@in.ibm.com>
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
[mpe: Reword change log, trim oops, and add stable + fixes]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
arch/powerpc/kernel/rtas.c
patch
|
blob
|
history
diff --git
a/arch/powerpc/kernel/rtas.c
b/arch/powerpc/kernel/rtas.c
index 84bf934cf74874eab39926b292c6fa7534829d24..5a753fae8265ae8fc2f9e2e99152c0192fd62b9d 100644
(file)
--- a/
arch/powerpc/kernel/rtas.c
+++ b/
arch/powerpc/kernel/rtas.c
@@
-1043,6
+1043,9
@@
asmlinkage int ppc_rtas(struct rtas_args __user *uargs)
if (!capable(CAP_SYS_ADMIN))
return -EPERM;
+ if (!rtas.entry)
+ return -EINVAL;
+
if (copy_from_user(&args, uargs, 3 * sizeof(u32)) != 0)
return -EFAULT;