| Message ID | 20181204132733.14422-1-stefan@agner.ch (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [v2,1/2] pci: imx6: avoid dereferencing program counter from user mode | expand |
On Tue, Dec 04, 2018 at 02:27:32PM +0100, Stefan Agner wrote: > The custom fault handler is currently only meant to handle kernel > mode bus faults. Exit in case the abort happened in user mode. > > Signed-off-by: Stefan Agner <stefan@agner.ch> > --- > drivers/pci/controller/dwc/pci-imx6.c | 10 ++++++++-- > 1 file changed, 8 insertions(+), 2 deletions(-) If this series is still aimed at mainline I need Lucas' ACK to merge it. Lorenzo > diff --git a/drivers/pci/controller/dwc/pci-imx6.c b/drivers/pci/controller/dwc/pci-imx6.c > index 69f86234f7c0..54a29e441303 100644 > --- a/drivers/pci/controller/dwc/pci-imx6.c > +++ b/drivers/pci/controller/dwc/pci-imx6.c > @@ -270,8 +270,14 @@ static int imx6q_pcie_abort_handler(unsigned long addr, > unsigned int fsr, struct pt_regs *regs) > { > unsigned long pc = instruction_pointer(regs); > - unsigned long instr = *(unsigned long *)pc; > - int reg = (instr >> 12) & 15; > + unsigned long instr; > + int reg; > + > + if (user_mode(regs)) > + return 1; > + > + instr = *(unsigned long *)pc; > + reg = (instr >> 12) & 15; > > /* > * If the instruction being executed was a read, > -- > 2.19.1 >
Am Dienstag, den 04.12.2018, 14:27 +0100 schrieb Stefan Agner: > The custom fault handler is currently only meant to handle kernel > mode bus faults. Exit in case the abort happened in user mode. > > Signed-off-by: Stefan Agner <stefan@agner.ch> Reviewed-by: Lucas Stach <l.stach@pengutronix.de> > --- > drivers/pci/controller/dwc/pci-imx6.c | 10 ++++++++-- > 1 file changed, 8 insertions(+), 2 deletions(-) > > diff --git a/drivers/pci/controller/dwc/pci-imx6.c b/drivers/pci/controller/dwc/pci-imx6.c > index 69f86234f7c0..54a29e441303 100644 > --- a/drivers/pci/controller/dwc/pci-imx6.c > +++ b/drivers/pci/controller/dwc/pci-imx6.c > @@ -270,8 +270,14 @@ static int imx6q_pcie_abort_handler(unsigned long addr, > unsigned int fsr, struct pt_regs *regs) > { > unsigned long pc = instruction_pointer(regs); > - unsigned long instr = *(unsigned long *)pc; > - int reg = (instr >> 12) & 15; > + unsigned long instr; > + int reg; > + > + if (user_mode(regs)) > + return 1; > + > + instr = *(unsigned long *)pc; > + reg = (instr >> 12) & 15; > > /* > * If the instruction being executed was a read,
diff --git a/drivers/pci/controller/dwc/pci-imx6.c b/drivers/pci/controller/dwc/pci-imx6.c index 69f86234f7c0..54a29e441303 100644 --- a/drivers/pci/controller/dwc/pci-imx6.c +++ b/drivers/pci/controller/dwc/pci-imx6.c @@ -270,8 +270,14 @@ static int imx6q_pcie_abort_handler(unsigned long addr, unsigned int fsr, struct pt_regs *regs) { unsigned long pc = instruction_pointer(regs); - unsigned long instr = *(unsigned long *)pc; - int reg = (instr >> 12) & 15; + unsigned long instr; + int reg; + + if (user_mode(regs)) + return 1; + + instr = *(unsigned long *)pc; + reg = (instr >> 12) & 15; /* * If the instruction being executed was a read,
The custom fault handler is currently only meant to handle kernel mode bus faults. Exit in case the abort happened in user mode. Signed-off-by: Stefan Agner <stefan@agner.ch> --- drivers/pci/controller/dwc/pci-imx6.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-)