mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-10-31 08:28:13 +00:00
abc25bbcb5
When user code execution with privilege mode, it will lead to
infinite loop in the page fault handler if ARM_LPAE enabled,
The issue could be reproduced with
"echo EXEC_USERSPACE > /sys/kernel/debug/provoke-crash/DIRECT"
As Permission fault shows in ARM spec,
IFSR format when using the Short-descriptor translation table format
Permission fault: 01101 First level 01111 Second level
IFSR format when using the Long-descriptor translation table format
Permission fault: 0011LL LL bits indicate levelb.
Add is_permission_fault() function to check permission fault and die
if permission fault occurred under instruction fault in do_page_fault().
Fixes: 1d4d37159d
("ARM: 8235/1: Support for the PXN CPU feature on ARMv7")
Signed-off-by: Kefeng Wang <wangkefeng.wang@huawei.com>
Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
38 lines
862 B
C
38 lines
862 B
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
#ifndef __ARCH_ARM_FAULT_H
|
|
#define __ARCH_ARM_FAULT_H
|
|
|
|
/*
|
|
* Fault status register encodings. We steal bit 31 for our own purposes.
|
|
*/
|
|
#define FSR_LNX_PF (1 << 31)
|
|
#define FSR_CM (1 << 13)
|
|
#define FSR_WRITE (1 << 11)
|
|
#define FSR_FS4 (1 << 10)
|
|
#define FSR_FS3_0 (15)
|
|
#define FSR_FS5_0 (0x3f)
|
|
|
|
#ifdef CONFIG_ARM_LPAE
|
|
#define FSR_FS_AEA 17
|
|
#define FS_PERM_NOLL 0xC
|
|
#define FS_PERM_NOLL_MASK 0x3C
|
|
|
|
static inline int fsr_fs(unsigned int fsr)
|
|
{
|
|
return fsr & FSR_FS5_0;
|
|
}
|
|
#else
|
|
#define FSR_FS_AEA 22
|
|
#define FS_L1_PERM 0xD
|
|
#define FS_L2_PERM 0xF
|
|
|
|
static inline int fsr_fs(unsigned int fsr)
|
|
{
|
|
return (fsr & FSR_FS3_0) | (fsr & FSR_FS4) >> 6;
|
|
}
|
|
#endif
|
|
|
|
void do_bad_area(unsigned long addr, unsigned int fsr, struct pt_regs *regs);
|
|
void early_abt_enable(void);
|
|
|
|
#endif /* __ARCH_ARM_FAULT_H */
|