From: Helge Deller deller@gmx.de
mainline inclusion from mainline-v5.16-rc7 commit 484730e5862f6b872dca13840bed40fd7c60fa26 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I947PH CVE: CVE-2021-46928
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
--------------------------------
When a trap 7 (Instruction access rights) occurs, this means the CPU couldn't execute an instruction due to missing execute permissions on the memory region. In this case it seems the CPU didn't even fetched the instruction from memory and thus did not store it in the cr19 (IIR) register before calling the trap handler. So, the trap handler will find some random old stale value in cr19.
This patch simply overwrites the stale IIR value with a constant magic "bad food" value (0xbaadf00d), in the hope people don't start to try to understand the various random IIR values in trap 7 dumps.
Noticed-by: John David Anglin dave.anglin@bell.net Signed-off-by: Helge Deller deller@gmx.de --- arch/parisc/kernel/traps.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/arch/parisc/kernel/traps.c b/arch/parisc/kernel/traps.c index abeb5321a83f..f509ce685f0e 100644 --- a/arch/parisc/kernel/traps.c +++ b/arch/parisc/kernel/traps.c @@ -697,6 +697,8 @@ void notrace handle_interruption(int code, struct pt_regs *regs) } up_read(¤t->mm->mmap_sem); } + /* CPU could not fetch instruction, so clear stale IIR value. */ + regs->iir = 0xbaadf00d; /* Fall Through */ case 27: /* Data memory protection ID trap */
反馈: 您发送到kernel@openeuler.org的补丁/补丁集,已成功转换为PR! PR链接地址: https://gitee.com/openeuler/kernel/pulls/4811 邮件列表地址:https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/A...
FeedBack: The patch(es) which you have sent to kernel@openeuler.org mailing list has been converted to a pull request successfully! Pull request link: https://gitee.com/openeuler/kernel/pulls/4811 Mailing list address: https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/A...