From 1277580fe5dfb5aef84854bdb7983657df00b920 Mon Sep 17 00:00:00 2001 From: Martin Schwidefsky Date: Fri, 24 Jul 2009 12:39:52 +0200 Subject: [S390] vdso: clock_gettime of CLOCK_THREAD_CPUTIME_ID with noexec=on The combination of noexec=on and a clock_gettime call with clock id CLOCK_THREAD_CPUTIME_ID is broken. The vdso code switches to the access register mode to get access to the per-cpu data structure to execute the magic ectg instruction. After the ectg instruction the code always switches back to the primary mode but for noexec=on the correct mode is the secondary mode. The effect of the bug is that the user space program looses the access to all mappings without PROT_EXEC, e.g. the stack. The problem is fixed by restoring the mode that has been active before the switch to the access register mode. Signed-off-by: Martin Schwidefsky --- arch/s390/kernel/vdso64/clock_gettime.S | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/arch/s390/kernel/vdso64/clock_gettime.S b/arch/s390/kernel/vdso64/clock_gettime.S index 79dbfee..49106c6 100644 --- a/arch/s390/kernel/vdso64/clock_gettime.S +++ b/arch/s390/kernel/vdso64/clock_gettime.S @@ -88,10 +88,17 @@ __kernel_clock_gettime: llilh %r4,0x0100 sar %a4,%r4 lghi %r4,0 + epsw %r5,0 sacf 512 /* Magic ectg instruction */ .insn ssf,0xc80100000000,__VDSO_ECTG_BASE(4),__VDSO_ECTG_USER(4),4 - sacf 0 - sar %a4,%r2 + tml %r5,0x4000 + jo 11f + tml %r5,0x8000 + jno 10f + sacf 256 + j 11f +10: sacf 0 +11: sar %a4,%r2 algr %r1,%r0 /* r1 = cputime as TOD value */ mghi %r1,1000 /* convert to nanoseconds */ srlg %r1,%r1,12 /* r1 = cputime in nanosec */ -- cgit v1.1