diff options
| author | Michael Neuling <mikey@neuling.org> | 2018-09-25 19:36:47 +1000 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2018-10-20 09:51:31 +0200 |
| commit | 16b07d3af6402ede0ab3dbcf342a99e972fce8bc (patch) | |
| tree | 2ad19a800f4306abf9bb55b3744219d8f0433105 /crypto/sha3_generic.c | |
| parent | 42c08c3675b0b671f386d0168f3441f55dacb24a (diff) | |
powerpc/tm: Avoid possible userspace r1 corruption on reclaim
[ Upstream commit 96dc89d526ef77604376f06220e3d2931a0bfd58 ]
Current we store the userspace r1 to PACATMSCRATCH before finally
saving it to the thread struct.
In theory an exception could be taken here (like a machine check or
SLB miss) that could write PACATMSCRATCH and hence corrupt the
userspace r1. The SLB fault currently doesn't touch PACATMSCRATCH, but
others do.
We've never actually seen this happen but it's theoretically
possible. Either way, the code is fragile as it is.
This patch saves r1 to the kernel stack (which can't fault) before we
turn MSR[RI] back on. PACATMSCRATCH is still used but only with
MSR[RI] off. We then copy r1 from the kernel stack to the thread
struct once we have MSR[RI] back on.
Suggested-by: Breno Leitao <leitao@debian.org>
Signed-off-by: Michael Neuling <mikey@neuling.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'crypto/sha3_generic.c')
0 files changed, 0 insertions, 0 deletions