[S390] vdso: clock_gettime of CLOCK_THREAD_CPUTIME_ID with noexec=on

The combination of noexec=on and a clock_gettime call with clock id CLOCK_THREAD_CPUTIME_ID is broken. The vdso code switches to the access register mode to get access to the per-cpu data structure to execute the magic ectg instruction. After the ectg instruction the code always switches back to the primary mode but for noexec=on the correct mode is the secondary mode. The effect of the bug is that the user space program looses the access to all mappings without PROT_EXEC, e.g. the stack. The problem is fixed by restoring the mode that has been active before the switch to the access register mode. Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2025-01-15 09:34:17 +00:00 · 2009-07-24 12:39:52 +02:00 · 2009-07-24 12:39:52 +02:00 · 1277580fe5
commit 1277580fe5
parent 3a6ba4600d
1 changed files with 9 additions and 2 deletions
--- a/arch/s390/kernel/vdso64/clock_gettime.S
+++ b/arch/s390/kernel/vdso64/clock_gettime.S
@ -88,10 +88,17 @@ __kernel_clock_gettime:
 	llilh	%r4,0x0100
 	sar	%a4,%r4
 	lghi	%r4,0
+	epsw	%r5,0
 	sacf	512				/* Magic ectg instruction */
 	.insn	ssf,0xc80100000000,__VDSO_ECTG_BASE(4),__VDSO_ECTG_USER(4),4
-	sacf	0
-	sar	%a4,%r2
+	tml	%r5,0x4000
+	jo	11f
+	tml	%r5,0x8000
+	jno	10f
+	sacf	256
+	j	11f
+10:	sacf	0
+11:	sar	%a4,%r2
 	algr	%r1,%r0				/* r1 = cputime as TOD value */
 	mghi	%r1,1000			/* convert to nanoseconds */
 	srlg	%r1,%r1,12			/* r1 = cputime in nanosec */