From patchwork Thu Mar 13 18:15:52 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Catalin Marinas X-Patchwork-Id: 26213 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-oa0-f72.google.com (mail-oa0-f72.google.com [209.85.219.72]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 5C5DB206A0 for ; Thu, 13 Mar 2014 18:20:09 +0000 (UTC) Received: by mail-oa0-f72.google.com with SMTP id g12sf5201929oah.3 for ; Thu, 13 Mar 2014 11:20:08 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:delivered-to:from:to:subject:date:message-id :in-reply-to:references:cc:precedence:list-id:list-unsubscribe :list-archive:list-post:list-help:list-subscribe:mime-version:sender :errors-to:x-original-sender:x-original-authentication-results :mailing-list:content-type:content-transfer-encoding; bh=ElQFfAMc02rC+8MKVO5tUPHpukxE92EY4obochC0+vs=; b=WNDA46ZUi8FUgakfFa+e2uYHmpxa8asc/wFbPRhpEVUYiFVEBezwtJ8MM2YfgdCXz2 Ksln1JNpKIBL0zytq57yPsj7xYwOe70ePbI7aog6KQ4m2HUWqCGh3It+eex7gC52Lkr4 XLYqy3wLmc90yfTyQ9yD2Oll1bK4aNVxO7TmOcBqgTz0oNUvex8vNdJCWBv7yM52ql+d PjEkTcKdTjN3XiHVqCi/c8HkSTt7K7ZO5kz+JBe7nk3lgDB5xcvoOhN0vmx1vLMp72wM c1JM8SCC9Bb+Ovnx20Kkb3CriPDxlYJC80nkgI3iG4sv3Rftz4bptBPZx+E/AKv1vjFR urMw== X-Gm-Message-State: ALoCoQm3rzWU1NlU5r8Tvv7fnUz/4HD6J9hBqRaezO8bf4OY/gm/H4KbIhyeyJFi6l3n5HKkkFmX X-Received: by 10.182.98.230 with SMTP id el6mr1320553obb.10.1394734808850; Thu, 13 Mar 2014 11:20:08 -0700 (PDT) X-BeenThere: patchwork-forward@linaro.org Received: by 10.140.85.231 with SMTP id n94ls441414qgd.24.gmail; Thu, 13 Mar 2014 11:20:08 -0700 (PDT) X-Received: by 10.58.122.164 with SMTP id lt4mr2661960veb.2.1394734808755; Thu, 13 Mar 2014 11:20:08 -0700 (PDT) Received: from mail-ve0-f170.google.com (mail-ve0-f170.google.com [209.85.128.170]) by mx.google.com with ESMTPS id fi2si1113045vdb.153.2014.03.13.11.20.08 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 13 Mar 2014 11:20:08 -0700 (PDT) Received-SPF: neutral (google.com: 209.85.128.170 is neither permitted nor denied by best guess record for domain of patch+caf_=patchwork-forward=linaro.org@linaro.org) client-ip=209.85.128.170; Received: by mail-ve0-f170.google.com with SMTP id pa12so1566608veb.1 for ; Thu, 13 Mar 2014 11:20:08 -0700 (PDT) X-Received: by 10.58.34.101 with SMTP id y5mr2610261vei.8.1394734808630; Thu, 13 Mar 2014 11:20:08 -0700 (PDT) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patch@linaro.org Received: by 10.220.78.9 with SMTP id i9csp397883vck; Thu, 13 Mar 2014 11:20:08 -0700 (PDT) X-Received: by 10.194.84.144 with SMTP id z16mr2931544wjy.23.1394734807527; Thu, 13 Mar 2014 11:20:07 -0700 (PDT) Received: from casper.infradead.org (casper.infradead.org. [2001:770:15f::2]) by mx.google.com with ESMTPS id v6si2407372wif.28.2014.03.13.11.20.07 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 13 Mar 2014 11:20:07 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org designates 2001:770:15f::2 as permitted sender) client-ip=2001:770:15f::2; Received: from merlin.infradead.org ([2001:4978:20e::2]) by casper.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux)) id 1WOACE-0003nM-Am; Thu, 13 Mar 2014 18:17:34 +0000 Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux)) id 1WOABy-0001te-DZ; Thu, 13 Mar 2014 18:17:18 +0000 Received: from fw-tnat.cambridge.arm.com ([217.140.96.21] helo=cam-smtp0.cambridge.arm.com) by merlin.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux)) id 1WOABQ-0001px-1W for linux-arm-kernel@lists.infradead.org; Thu, 13 Mar 2014 18:16:45 +0000 Received: from e102109-lin.cambridge.arm.com (e102109-lin.cambridge.arm.com [10.1.203.182]) by cam-smtp0.cambridge.arm.com (8.13.8/8.13.8) with ESMTP id s2DIG6SG032222; Thu, 13 Mar 2014 18:16:07 GMT From: Catalin Marinas To: Russell King - ARM Linux Subject: [PATCH 5/5] arm: Enable IRQs before attempting to read user space in __und_usr Date: Thu, 13 Mar 2014 18:15:52 +0000 Message-Id: <1394734552-4704-6-git-send-email-catalin.marinas@arm.com> X-Mailer: git-send-email 1.7.12.3 In-Reply-To: <1394734552-4704-1-git-send-email-catalin.marinas@arm.com> References: <1394734552-4704-1-git-send-email-catalin.marinas@arm.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20140313_141644_417333_549B9B84 X-CRM114-Status: GOOD ( 13.12 ) X-Spam-Score: -2.6 (--) X-Spam-Report: SpamAssassin version 3.3.2 on merlin.infradead.org summary: Content analysis details: (-2.6 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [217.140.96.21 listed in list.dnswl.org] -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay domain -0.0 SPF_PASS SPF: sender matches SPF record -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] Cc: Hartley Sweeten , Ryan Mallon , linux-arm-kernel@lists.infradead.org X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: , List-Help: , List-Subscribe: , MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: catalin.marinas@arm.com X-Original-Authentication-Results: mx.google.com; spf=neutral (google.com: 209.85.128.170 is neither permitted nor denied by best guess record for domain of patch+caf_=patchwork-forward=linaro.org@linaro.org) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org X-Google-Group-Id: 836684582541 The Undef abort handler in the kernel reads the undefined instruction from user space. If the page table was modified from another CPU, the user access could fail and do_page_fault() will be executed with interrupts disabled. This can potentially deadlock on ARM11MPCore or on Cortex-A15 with erratum 798181 workaround enabled (both implying IPI for TLB maintenance with page table lock held). This patch enables the IRQs in __und_usr before attempting to read the instruction from user space. Signed-off-by: Catalin Marinas Cc: Hartley Sweeten Cc: Ryan Mallon Acked-by: Catalin Marinas --- arch/arm/kernel/entry-armv.S | 11 +++++++---- arch/arm/kernel/iwmmxt.S | 2 +- arch/arm/mach-ep93xx/crunch-bits.S | 2 +- arch/arm/vfp/entry.S | 3 +-- 4 files changed, 10 insertions(+), 8 deletions(-) diff --git a/arch/arm/kernel/entry-armv.S b/arch/arm/kernel/entry-armv.S index 1879e8dd2acc..5fc897cf409b 100644 --- a/arch/arm/kernel/entry-armv.S +++ b/arch/arm/kernel/entry-armv.S @@ -413,6 +413,11 @@ __und_usr: @ adr r9, BSYM(ret_from_exception) + @ IRQs must be enabled before attempting to read the instruction from + @ user space since that could cause a page/translation fault if the + @ page table was modified by another CPU. + enable_irq + tst r3, #PSR_T_BIT @ Thumb mode? bne __und_usr_thumb sub r4, r2, #4 @ ARM instr at LR - 4 @@ -517,7 +522,7 @@ ENDPROC(__und_usr) * r9 = normal "successful" return address * r10 = this threads thread_info structure * lr = unrecognised instruction return address - * IRQs disabled, FIQs enabled. + * IRQs enabled, FIQs enabled. */ @ @ Fall-through from Thumb-2 __und_usr @@ -624,7 +629,6 @@ call_fpe: #endif do_fpe: - enable_irq ldr r4, .LCfp add r10, r10, #TI_FPSTATE @ r10 = workspace ldr pc, [r4] @ Call FP module USR entry point @@ -652,8 +656,7 @@ __und_usr_fault_32: b 1f __und_usr_fault_16: mov r1, #2 -1: enable_irq - mov r0, sp +1: mov r0, sp adr lr, BSYM(ret_from_exception) b __und_fault ENDPROC(__und_usr_fault_32) diff --git a/arch/arm/kernel/iwmmxt.S b/arch/arm/kernel/iwmmxt.S index c52f3e225aeb..da3117054712 100644 --- a/arch/arm/kernel/iwmmxt.S +++ b/arch/arm/kernel/iwmmxt.S @@ -61,7 +61,7 @@ * r9 = ret_from_exception * lr = undefined instr exit * - * called from prefetch exception handler with interrupts disabled + * called from prefetch exception handler with interrupts enabled */ ENTRY(iwmmxt_task_enable) diff --git a/arch/arm/mach-ep93xx/crunch-bits.S b/arch/arm/mach-ep93xx/crunch-bits.S index 890c5df2b4fe..85e765534003 100644 --- a/arch/arm/mach-ep93xx/crunch-bits.S +++ b/arch/arm/mach-ep93xx/crunch-bits.S @@ -62,7 +62,7 @@ * r9 = ret_from_exception * lr = undefined instr exit * - * called from prefetch exception handler with interrupts disabled + * called from prefetch exception handler with interrupts enabled */ ENTRY(crunch_task_enable) inc_preempt_count r10, r3 diff --git a/arch/arm/vfp/entry.S b/arch/arm/vfp/entry.S index f0759e70fb86..fe6ca574d093 100644 --- a/arch/arm/vfp/entry.S +++ b/arch/arm/vfp/entry.S @@ -22,11 +22,10 @@ @ r9 = normal "successful" return address @ r10 = this threads thread_info structure @ lr = unrecognised instruction return address -@ IRQs disabled. +@ IRQs enabled. @ ENTRY(do_vfp) inc_preempt_count r10, r4 - enable_irq ldr r4, .LCvfp ldr r11, [r10, #TI_CPU] @ CPU number add r10, r10, #TI_VFPSTATE @ r10 = workspace