[Bug 567956] Re: ARM: Incorrect prefetch abort handling can cause a spin instead of SIGSEGV

Dave Martin Dave.Martin at arm.com
Thu Apr 22 11:01:07 UTC 2010 

>From alkml:

Jamie Lokier [jamie at shareable.org] wrote:
[...]
The above patch addresses ARMv6/v7 with NX mappings - and probably only those > TASK_SIZE; NX mappings < TASK_SIZE should have been caught by the PROT_EXEC check already in fault.c.
If I'm right, the NX one is more serious if you can trip a kernel bug into doing this, because it'll result in an unkillable process, stuck in kernel mode and spinning.  But only if you trip a kernel bug.


So it looks like it cound be worth pulling this patch in but SRU is probably good enough— this only becomes a problem if there is already a kernel bug somewhere involving a jump to a random address.


** Description changed:

  http://article.gmane.org/gmane.linux.kernel.commits.head/213639
  
  "    ARM: 5728/1: Proper prefetch abort handling on ARMv6 and ARMv7
  
-     Currently, on ARMv6 and ARMv7, if an application tries to execute
-     code (or garbage) on non-executable page it hangs. It caused by
-     incorrect prefetch abort handling. Now every prefetch abort
-     processes as a translation fault. "
+     Currently, on ARMv6 and ARMv7, if an application tries to execute
+     code (or garbage) on non-executable page it hangs. It caused by
+     incorrect prefetch abort handling. Now every prefetch abort
+     processes as a translation fault. "
  
  I believe the patch was merges in 2.6.32, so it is _probably_ already
  applied in the dove tree (but it might be worth checking)
  
  This patch doesn't appear critical; it just affects cases where
  processes are already crashing by trying to execute in invalid address
  space.  I'm not aware of any real problems in lucid caused by this at
  present.
+ 
+ 
+ Test case:
+ 
+ int main(void)
+ {
+ 	((void (*)(void))0xc0000000)();
+ }

** Description changed:

  http://article.gmane.org/gmane.linux.kernel.commits.head/213639
  
  "    ARM: 5728/1: Proper prefetch abort handling on ARMv6 and ARMv7
  
      Currently, on ARMv6 and ARMv7, if an application tries to execute
      code (or garbage) on non-executable page it hangs. It caused by
      incorrect prefetch abort handling. Now every prefetch abort
      processes as a translation fault. "
  
  I believe the patch was merges in 2.6.32, so it is _probably_ already
  applied in the dove tree (but it might be worth checking)
  
  This patch doesn't appear critical; it just affects cases where
  processes are already crashing by trying to execute in invalid address
  space.  I'm not aware of any real problems in lucid caused by this at
  present.
  
- 
  Test case:
  
  int main(void)
  {
- 	((void (*)(void))0xc0000000)();
+  ((void (*)(void))0xc0000000)();
  }
+ 
+ Desired result is SIGSEGV.

-- 
ARM: Incorrect prefetch abort handling can cause a spin instead of SIGSEGV
https://bugs.launchpad.net/bugs/567956
You received this bug notification because you are a member of Kernel
Bugs, which is subscribed to linux-fsl-imx51 in ubuntu.

More information about the kernel-bugs mailing list