>From alkml: Jamie Lokier [jamie at shareable.org] wrote: [...] The above patch addresses ARMv6/v7 with NX mappings - and probably only those > TASK_SIZE; NX mappings < TASK_SIZE should have been caught by the PROT_EXEC check already in fault.c. If I'm right, the NX one is more serious if you can trip a kernel bug into doing this, because it'll result in an unkillable process, stuck in kernel mode and spinning. But only if you trip a kernel bug.
So it looks like it cound be worth pulling this patch in but SRU is probably good enough— this only becomes a problem if there is already a kernel bug somewhere involving a jump to a random address. ** Description changed: http://article.gmane.org/gmane.linux.kernel.commits.head/213639 " ARM: 5728/1: Proper prefetch abort handling on ARMv6 and ARMv7 - Currently, on ARMv6 and ARMv7, if an application tries to execute - code (or garbage) on non-executable page it hangs. It caused by - incorrect prefetch abort handling. Now every prefetch abort - processes as a translation fault. " + Currently, on ARMv6 and ARMv7, if an application tries to execute + code (or garbage) on non-executable page it hangs. It caused by + incorrect prefetch abort handling. Now every prefetch abort + processes as a translation fault. " I believe the patch was merges in 2.6.32, so it is _probably_ already applied in the dove tree (but it might be worth checking) This patch doesn't appear critical; it just affects cases where processes are already crashing by trying to execute in invalid address space. I'm not aware of any real problems in lucid caused by this at present. + + + Test case: + + int main(void) + { + ((void (*)(void))0xc0000000)(); + } ** Description changed: http://article.gmane.org/gmane.linux.kernel.commits.head/213639 " ARM: 5728/1: Proper prefetch abort handling on ARMv6 and ARMv7 Currently, on ARMv6 and ARMv7, if an application tries to execute code (or garbage) on non-executable page it hangs. It caused by incorrect prefetch abort handling. Now every prefetch abort processes as a translation fault. " I believe the patch was merges in 2.6.32, so it is _probably_ already applied in the dove tree (but it might be worth checking) This patch doesn't appear critical; it just affects cases where processes are already crashing by trying to execute in invalid address space. I'm not aware of any real problems in lucid caused by this at present. - Test case: int main(void) { - ((void (*)(void))0xc0000000)(); + ((void (*)(void))0xc0000000)(); } + + Desired result is SIGSEGV. -- ARM: Incorrect prefetch abort handling can cause a spin instead of SIGSEGV https://bugs.launchpad.net/bugs/567956 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
