Merge branch 'parisc-4.1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux

Pull parisc fixes from Helge Deller: "One important patch which fixes crashes due to stack randomization on architectures where the stack grows upwards (currently parisc and metag only). This bug went unnoticed on parisc since kernel 3.14 where the flexible mmap memory layout support was added by commit 9dabf60dc4ab. The changes in fs/exec.c are inside an #ifdef CONFIG_STACK_GROWSUP section and will not affect other platforms. The other two patches rename args of the kthread_arg() function and fixes a printk output" * 'parisc-4.1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux: parisc,metag: Fix crashes due to stack randomization on stack-grows-upwards architectures parisc: copy_thread(): rename 'arg' argument to 'kthread_arg' parisc: %pf is only for function pointers
author: Linus Torvalds <torvalds@linux-foundation.org> 2015-05-15 16:06:06 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2015-05-15 16:06:06 -0400
commit: 4b470f120817a16ea28da6141ea6e3a3040b297b (patch)
tree: 8550d22831fb39fee6c758a5904c37ec81b9e2f7
parent: be5e32fc2e4b23ab443213f0c1b01cbc7ba645dc (diff)
parent: d045c77c1a69703143a36169c224429c48b9eecd (diff)
5 files changed, 17 insertions, 5 deletions
diff --git a/arch/parisc/include/asm/elf.h b/arch/parisc/include/asm/elf.h
index 3391d061eccc..78c9fd32c554 100644
--- a/arch/parisc/include/asm/elf.h
+++ b/arch/parisc/include/asm/elf.h
@@ -348,6 +348,10 @@ struct pt_regs;	/* forward declaration... */
 #define ELF_HWCAP       0
+#define STACK_RND_MASK  (is_32bit_task() ? \
+                                0x7ff >> (PAGE_SHIFT - 12) : \
+                                0x3ffff >> (PAGE_SHIFT - 12))
 struct mm_struct;
 extern unsigned long arch_randomize_brk(struct mm_struct *);
 #define arch_randomize_brk arch_randomize_brk
diff --git a/arch/parisc/kernel/process.c b/arch/parisc/kernel/process.c
index 8a488c22a99f..809905a811ed 100644
--- a/arch/parisc/kernel/process.c
+++ b/arch/parisc/kernel/process.c
@@ -181,9 +181,12 @@ int dump_task_fpu (struct task_struct *tsk, elf_fpregset_t *r)
        return 1;
 }
+/*
+ * Copy architecture-specific thread state
+ */
 int
 copy_thread(unsigned long clone_flags, unsigned long usp,
-            unsigned long arg, struct task_struct *p)
+            unsigned long kthread_arg, struct task_struct *p)
 {
        struct pt_regs *cregs = &(p->thread.regs);
        void *stack = task_stack_page(p);
@@ -195,11 +198,10 @@ copy_thread(unsigned long clone_flags, unsigned long usp,
        extern void * const child_return;
        if (unlikely(p->flags & PF_KTHREAD)) {
+                /* kernel thread */
                memset(cregs, 0, sizeof(struct pt_regs));
                if (!usp) /* idle thread */
                        return 0;
-                /* kernel thread */
                /* Must exit via ret_from_kernel_thread in order
                 * to call schedule_tail()
                 */
@@ -215,7 +217,7 @@ copy_thread(unsigned long clone_flags, unsigned long usp,
 #else
                cregs->gr[26] = usp;
 #endif
-                cregs->gr[25] = arg;
+                cregs->gr[25] = kthread_arg;
        } else {
                /* user thread */
                /* usp must be word aligned.  This also prevents users from
diff --git a/arch/parisc/kernel/sys_parisc.c b/arch/parisc/kernel/sys_parisc.c
index e1ffea2f9a0b..5aba01ac457f 100644
--- a/arch/parisc/kernel/sys_parisc.c
+++ b/arch/parisc/kernel/sys_parisc.c
@@ -77,6 +77,9 @@ static unsigned long mmap_upper_limit(void)
        if (stack_base > STACK_SIZE_MAX)
                stack_base = STACK_SIZE_MAX;
+        /* Add space for stack randomization. */
+        stack_base += (STACK_RND_MASK << PAGE_SHIFT);
        return PAGE_ALIGN(STACK_TOP - stack_base);
 }
diff --git a/drivers/parisc/superio.c b/drivers/parisc/superio.c
index 8be2096c8423..deeaed544222 100644
--- a/drivers/parisc/superio.c
+++ b/drivers/parisc/superio.c
@@ -348,7 +348,7 @@ int superio_fixup_irq(struct pci_dev *pcidev)
                BUG();
                return -1;
        }
-        printk("superio_fixup_irq(%s) ven 0x%x dev 0x%x from %pf\n",
+        printk(KERN_DEBUG "superio_fixup_irq(%s) ven 0x%x dev 0x%x from %ps\n",
                pci_name(pcidev),
                pcidev->vendor, pcidev->device,
                __builtin_return_address(0));
diff --git a/fs/exec.c b/fs/exec.c
index 49a1c61433b7..1977c2a553ac 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -659,6 +659,9 @@ int setup_arg_pages(struct linux_binprm *bprm,
        if (stack_base > STACK_SIZE_MAX)
                stack_base = STACK_SIZE_MAX;
+        /* Add space for stack randomization. */
+        stack_base += (STACK_RND_MASK << PAGE_SHIFT);
        /* Make sure we didn't let the argument array grow too large. */
        if (vma->vm_end - vma->vm_start > stack_base)
                return -ENOMEM;
author	Linus Torvalds <torvalds@linux-foundation.org>	2015-05-15 16:06:06 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2015-05-15 16:06:06 -0400
commit	4b470f120817a16ea28da6141ea6e3a3040b297b (patch)
tree	8550d22831fb39fee6c758a5904c37ec81b9e2f7
parent	be5e32fc2e4b23ab443213f0c1b01cbc7ba645dc (diff)
parent	d045c77c1a69703143a36169c224429c48b9eecd (diff)