m68k: Disable/restore interrupts in hwreg_present()/hwreg_write()
authorGeert Uytterhoeven <geert@linux-m68k.org>
Sun, 28 Sep 2014 08:50:06 +0000 (10:50 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 30 Oct 2014 16:35:11 +0000 (09:35 -0700)
commit394359bd95c76762ee2919f6bcec47f241e80e77
tree9781e99f7c75b76173df18f9901e8908cd67eb32
parentbd6174827fa6862fc2b59c2e0eeee5e5329befa2
m68k: Disable/restore interrupts in hwreg_present()/hwreg_write()

commit e4dc601bf99ccd1c95b7e6eef1d3cf3c4b0d4961 upstream.

hwreg_present() and hwreg_write() temporarily change the VBR register to
another vector table. This table contains a valid bus error handler
only, all other entries point to arbitrary addresses.

If an interrupt comes in while the temporary table is active, the
processor will start executing at such an arbitrary address, and the
kernel will crash.

While most callers run early, before interrupts are enabled, or
explicitly disable interrupts, Finn Thain pointed out that macsonic has
one callsite that doesn't, causing intermittent boot crashes.
There's another unsafe callsite in hilkbd.

Fix this for good by disabling and restoring interrupts inside
hwreg_present() and hwreg_write().

Explicitly disabling interrupts can be removed from the callsites later.

Reported-by: Finn Thain <fthain@telegraphics.com.au>
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
arch/m68k/mm/hwtest.c