random code execution - kernel oops

Johannes Berg johannes at sipsolutions.net
Wed Jun 20 02:06:52 EST 2007


On Mon, 2007-06-18 at 15:04 +0200, Johannes Berg wrote:
> unsigned long hx = 0x4bfcc50c;
> int main()
> {
>   asm("bl hx");
> }

The net result of which is trying to execute code in a region without
access permissions.

Segher dug into the problem and suggested the patch below which does
indeed fix the problem:

---
 arch/powerpc/mm/fault.c |    5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

--- wireless-dev.orig/arch/powerpc/mm/fault.c	2007-06-19 16:12:16.080612233 +0200
+++ wireless-dev/arch/powerpc/mm/fault.c	2007-06-19 16:12:27.480612233 +0200
@@ -279,14 +279,13 @@ good_area:
 #endif /* CONFIG_8xx */
 
 	if (is_exec) {
-#ifdef CONFIG_PPC64
+#if !(defined(CONFIG_4xx) || defined(CONFIG_BOOKE))
 		/* protection fault */
 		if (error_code & DSISR_PROTFAULT)
 			goto bad_area;
 		if (!(vma->vm_flags & VM_EXEC))
 			goto bad_area;
-#endif
-#if defined(CONFIG_4xx) || defined(CONFIG_BOOKE)
+#else
 		pte_t *ptep;
 		pmd_t *pmdp;
 





More information about the Linuxppc-dev mailing list