Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86 fixes from Thomas Gleixner:
"This update contains:
- MPX updates for handling 32bit processes
- A fix for a long standing bug in 32bit signal frame handling
related to FPU/XSAVE state
- Handle get_xsave_addr() correctly in KVM
- Fix SMAP check under paravirtualization
- Add a comment to the static function trace entry to avoid further
confusion about the difference to dynamic tracing"
* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/cpu: Fix SMAP check in PVOPS environments
x86/ftrace: Add comment on static function tracing
x86/fpu: Fix get_xsave_addr() behavior under virtualization
x86/fpu: Fix 32-bit signal frame handling
x86/mpx: Fix 32-bit address space calculation
x86/mpx: Do proper get_user() when running 32-bit binaries on 64-bit kernels
此提交包含在:
Linus Torvalds
@@ -585,6 +585,29 @@ static unsigned long mpx_bd_entry_to_bt_addr(struct mm_struct *mm,
|
||||
return bt_addr;
|
||||
}
|
||||
|
||||
/*
|
||||
* We only want to do a 4-byte get_user() on 32-bit. Otherwise,
|
||||
* we might run off the end of the bounds table if we are on
|
||||
* a 64-bit kernel and try to get 8 bytes.
|
||||
*/
|
||||
int get_user_bd_entry(struct mm_struct *mm, unsigned long *bd_entry_ret,
|
||||
long __user *bd_entry_ptr)
|
||||
{
|
||||
u32 bd_entry_32;
|
||||
int ret;
|
||||
|
||||
if (is_64bit_mm(mm))
|
||||
return get_user(*bd_entry_ret, bd_entry_ptr);
|
||||
|
||||
/*
|
||||
* Note that get_user() uses the type of the *pointer* to
|
||||
* establish the size of the get, not the destination.
|
||||
*/
|
||||
ret = get_user(bd_entry_32, (u32 __user *)bd_entry_ptr);
|
||||
*bd_entry_ret = bd_entry_32;
|
||||
return ret;
|
||||
}
|
||||
|
||||
/*
|
||||
* Get the base of bounds tables pointed by specific bounds
|
||||
* directory entry.
|
||||
@@ -605,7 +628,7 @@ static int get_bt_addr(struct mm_struct *mm,
|
||||
int need_write = 0;
|
||||
|
||||
pagefault_disable();
|
||||
ret = get_user(bd_entry, bd_entry_ptr);
|
||||
ret = get_user_bd_entry(mm, &bd_entry, bd_entry_ptr);
|
||||
pagefault_enable();
|
||||
if (!ret)
|
||||
break;
|
||||
@@ -700,11 +723,23 @@ static unsigned long mpx_get_bt_entry_offset_bytes(struct mm_struct *mm,
|
||||
*/
|
||||
static inline unsigned long bd_entry_virt_space(struct mm_struct *mm)
|
||||
{
|
||||
unsigned long long virt_space = (1ULL << boot_cpu_data.x86_virt_bits);
|
||||
if (is_64bit_mm(mm))
|
||||
return virt_space / MPX_BD_NR_ENTRIES_64;
|
||||
else
|
||||
return virt_space / MPX_BD_NR_ENTRIES_32;
|
||||
unsigned long long virt_space;
|
||||
unsigned long long GB = (1ULL << 30);
|
||||
|
||||
/*
|
||||
* This covers 32-bit emulation as well as 32-bit kernels
|
||||
* running on 64-bit harware.
|
||||
*/
|
||||
if (!is_64bit_mm(mm))
|
||||
return (4ULL * GB) / MPX_BD_NR_ENTRIES_32;
|
||||
|
||||
/*
|
||||
* 'x86_virt_bits' returns what the hardware is capable
|
||||
* of, and returns the full >32-bit adddress space when
|
||||
* running 32-bit kernels on 64-bit hardware.
|
||||
*/
|
||||
virt_space = (1ULL << boot_cpu_data.x86_virt_bits);
|
||||
return virt_space / MPX_BD_NR_ENTRIES_64;
|
||||
}
|
||||
|
||||
/*
|
||||
|
||||
新增問題並參考
封鎖使用者