From patchwork Fri Dec 12 11:11:58 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Thompson X-Patchwork-Id: 42179 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-la0-f72.google.com (mail-la0-f72.google.com [209.85.215.72]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 34A8C26C6D for ; Fri, 12 Dec 2014 11:12:18 +0000 (UTC) Received: by mail-la0-f72.google.com with SMTP id gq15sf4787670lab.7 for ; Fri, 12 Dec 2014 03:12:17 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:delivered-to:from:to:cc:subject :date:message-id:x-original-sender:x-original-authentication-results :precedence:mailing-list:list-id:list-post:list-help:list-archive :list-unsubscribe; bh=lwpwhT3LDarbFmK0utl9dHESMuZVmMxgzGUlQcRHVg0=; b=R7RNygRWTI4+Kbsh7hJ3v01YPX4x1jONx/olOVwDvFEn4IOWZE1M8m/JmFa4iKmDar H18smIml5kows+xLmdrAzWDNDcpjmR9ZkiZWE25u33T1yZswmNqknFMpY4XCO2CuYFEn vYCBAO6AtpVsjuHUm1aksfKWMrhc3fp1wvYVnXz8qPw+/KAq5m0ELykgN0V2xuSlfaLk 87kuSdrPh8XLBioosF8iQWYdE8U3+PgcVB4hz+zHZqjlyfI1mSXrckHUtdvOmpZp8MRE M86oc4gcFF6JP881H4b0Eq3ji9r1KyeCAaEZdcou51w+QGYYozS8I8VFND36lnTkQoOP eRyA== X-Gm-Message-State: ALoCoQmPHbhKQPlJJAqHLhM6vPGNgOU8eg/7tPIB6WM0s5TnZ7Oq0945V3KjjhNuYn+l/hOj3ZdF X-Received: by 10.180.101.40 with SMTP id fd8mr614159wib.5.1418382737159; Fri, 12 Dec 2014 03:12:17 -0800 (PST) MIME-Version: 1.0 X-BeenThere: patchwork-forward@linaro.org Received: by 10.152.203.136 with SMTP id kq8ls395277lac.84.gmail; Fri, 12 Dec 2014 03:12:16 -0800 (PST) X-Received: by 10.112.222.135 with SMTP id qm7mr9068010lbc.19.1418382736814; Fri, 12 Dec 2014 03:12:16 -0800 (PST) Received: from mail-la0-f41.google.com (mail-la0-f41.google.com. [209.85.215.41]) by mx.google.com with ESMTPS id rv5si1076410lbb.22.2014.12.12.03.12.16 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 12 Dec 2014 03:12:16 -0800 (PST) Received-SPF: pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.215.41 as permitted sender) client-ip=209.85.215.41; Received: by mail-la0-f41.google.com with SMTP id hv19so5875948lab.0 for ; Fri, 12 Dec 2014 03:12:16 -0800 (PST) X-Received: by 10.112.130.132 with SMTP id oe4mr14771655lbb.82.1418382736734; Fri, 12 Dec 2014 03:12:16 -0800 (PST) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patches@linaro.org Received: by 10.112.142.69 with SMTP id ru5csp815918lbb; Fri, 12 Dec 2014 03:12:15 -0800 (PST) X-Received: by 10.180.90.133 with SMTP id bw5mr6794322wib.50.1418382735147; Fri, 12 Dec 2014 03:12:15 -0800 (PST) Received: from mail-wi0-f175.google.com (mail-wi0-f175.google.com. [209.85.212.175]) by mx.google.com with ESMTPS id mu4si2264389wib.3.2014.12.12.03.12.14 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 12 Dec 2014 03:12:15 -0800 (PST) Received-SPF: pass (google.com: domain of daniel.thompson@linaro.org designates 209.85.212.175 as permitted sender) client-ip=209.85.212.175; Received: by mail-wi0-f175.google.com with SMTP id l15so2111615wiw.14 for ; Fri, 12 Dec 2014 03:12:14 -0800 (PST) X-Received: by 10.194.23.10 with SMTP id i10mr25566972wjf.11.1418382734773; Fri, 12 Dec 2014 03:12:14 -0800 (PST) Received: from sundance.lan (cpc4-aztw19-0-0-cust157.18-1.cable.virginm.net. [82.33.25.158]) by mx.google.com with ESMTPSA id d5sm1379973wjb.34.2014.12.12.03.12.12 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 12 Dec 2014 03:12:13 -0800 (PST) From: Daniel Thompson To: Russell King Cc: Daniel Thompson , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, patches@linaro.org, linaro-kernel@lists.linaro.org, John Stultz , Sumit Semwal Subject: [RFC PATCH] arm: Remove early stack deallocation from restore_user_regs Date: Fri, 12 Dec 2014 11:11:58 +0000 Message-Id: <1418382718-16323-1-git-send-email-daniel.thompson@linaro.org> X-Mailer: git-send-email 1.9.3 X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: daniel.thompson@linaro.org X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.215.41 as permitted sender) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Precedence: list Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org List-ID: X-Google-Group-Id: 836684582541 List-Post: , List-Help: , List-Archive: List-Unsubscribe: , Currently restore_user_regs deallocates the SVC stack early in its execution and relies on no exception being taken between the deallocation and the registers being restored. The introduction of a default FIQ handler that also uses the SVC stack breaks this assumption and can result in corrupted register state. This patch works around the problem by removing the early stack deallocation and using r2 as a temporary instead. I have not found a way to do this without introducing an extra mov instruction to the macro. Signed-off-by: Daniel Thompson --- Notes: I have recently started to hook up the PMU via FIQ (although its slightly hacky at present) and was seeing random userspace SEGVs when perf was running (after ~100,000 or so FIQs). Instrumenting the code eventually revealed that in almost all cases the last FIQ handler to run prior the SEGV had interrupted ret_to_user_from_irq or ret_fast_syscall. Very occasionally it was in the fault handling code (because that code runs as part of SEGV handling and the PMU is instrumenting that too). No SEGV problems have been observed since fixing the issue. This version of the patch has seen >7M FIQs and an older version (based on cpsid f) ran overnight. arch/arm/kernel/entry-header.S | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) -- 1.9.3 diff --git a/arch/arm/kernel/entry-header.S b/arch/arm/kernel/entry-header.S index 4176df721bf0..1a0045abead7 100644 --- a/arch/arm/kernel/entry-header.S +++ b/arch/arm/kernel/entry-header.S @@ -253,21 +253,22 @@ .endm .macro restore_user_regs, fast = 0, offset = 0 - ldr r1, [sp, #\offset + S_PSR] @ get calling cpsr - ldr lr, [sp, #\offset + S_PC]! @ get pc + mov r2, sp + ldr r1, [r2, #\offset + S_PSR] @ get calling cpsr + ldr lr, [r2, #\offset + S_PC]! @ get pc msr spsr_cxsf, r1 @ save in spsr_svc #if defined(CONFIG_CPU_V6) || defined(CONFIG_CPU_32v6K) @ We must avoid clrex due to Cortex-A15 erratum #830321 - strex r1, r2, [sp] @ clear the exclusive monitor + strex r1, r2, [r2] @ clear the exclusive monitor #endif .if \fast - ldmdb sp, {r1 - lr}^ @ get calling r1 - lr + ldmdb r2, {r1 - lr}^ @ get calling r1 - lr .else - ldmdb sp, {r0 - lr}^ @ get calling r0 - lr + ldmdb r2, {r0 - lr}^ @ get calling r0 - lr .endif mov r0, r0 @ ARMv5T and earlier require a nop @ after ldm {}^ - add sp, sp, #S_FRAME_SIZE - S_PC + add sp, sp, #\offset + S_FRAME_SIZE movs pc, lr @ return & move spsr_svc into cpsr .endm