From patchwork Mon Jan 5 15:12:38 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Thompson X-Patchwork-Id: 42748 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-lb0-f200.google.com (mail-lb0-f200.google.com [209.85.217.200]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 57CE226670 for ; Mon, 5 Jan 2015 15:13:42 +0000 (UTC) Received: by mail-lb0-f200.google.com with SMTP id f15sf12392365lbj.3 for ; Mon, 05 Jan 2015 07:13:41 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:delivered-to:from:to:cc:subject :date:message-id:in-reply-to:references:x-original-sender :x-original-authentication-results:precedence:mailing-list:list-id :list-post:list-help:list-archive:list-unsubscribe; bh=U0uEMdtOf1PkXtxX5oeWHaRhMFTuifI/FUwibjluewg=; b=aDwsLLuhevmcyaPQDFSa0tmsTbfUkvzdu36iQrEEOZzISYfYHUktHIEXK5h8fD2jtj vZ8U+T3pHtcLxY4VSWRd0QrdIX2EppAYv2BBh24M4e9fO/XULEgdPnW3RbAiMjISdh7V 9QUCjkDvGhbQbHH4J6GWGfbtP9nicYGmhb206XhxopD/nJFZsBYG3WB7j3aU1LIC5Gvk PDQOJyGXUgh/xADx/sheXLPk9kBJOtKnCffY4+Ek9sYHnF4Dk2iPqRmtP6Rlyrn4oRqf IqZYp6E/GYXW/fpCyM/MTewmNh+nc6vUNUbVAt3pH/OA5L6/wHhHhPD2nwW2Ow79rS4W 9omg== X-Gm-Message-State: ALoCoQnd5nzTk66wNwnyvqd65pwLqzH3EvPWUEXDZV/LtFjJuDSHzMWhl8UscY4VIMJ2Bw2bYtVP X-Received: by 10.180.19.42 with SMTP id b10mr1985592wie.0.1420470821275; Mon, 05 Jan 2015 07:13:41 -0800 (PST) MIME-Version: 1.0 X-BeenThere: patchwork-forward@linaro.org Received: by 10.152.170.227 with SMTP id ap3ls683955lac.109.gmail; Mon, 05 Jan 2015 07:13:41 -0800 (PST) X-Received: by 10.152.88.4 with SMTP id bc4mr93717629lab.5.1420470821123; Mon, 05 Jan 2015 07:13:41 -0800 (PST) Received: from mail-la0-f46.google.com (mail-la0-f46.google.com. [209.85.215.46]) by mx.google.com with ESMTPS id vh9si62174824lac.134.2015.01.05.07.13.41 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 05 Jan 2015 07:13:41 -0800 (PST) Received-SPF: pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.215.46 as permitted sender) client-ip=209.85.215.46; Received: by mail-la0-f46.google.com with SMTP id q1so18789839lam.33 for ; Mon, 05 Jan 2015 07:13:41 -0800 (PST) X-Received: by 10.152.87.12 with SMTP id t12mr93289129laz.31.1420470821026; Mon, 05 Jan 2015 07:13:41 -0800 (PST) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patches@linaro.org Received: by 10.112.9.200 with SMTP id c8csp908737lbb; Mon, 5 Jan 2015 07:13:40 -0800 (PST) X-Received: by 10.194.77.38 with SMTP id p6mr167035584wjw.62.1420470820194; Mon, 05 Jan 2015 07:13:40 -0800 (PST) Received: from mail-we0-f181.google.com (mail-we0-f181.google.com. [74.125.82.181]) by mx.google.com with ESMTPS id cd10si17272871wib.15.2015.01.05.07.13.39 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 05 Jan 2015 07:13:40 -0800 (PST) Received-SPF: pass (google.com: domain of daniel.thompson@linaro.org designates 74.125.82.181 as permitted sender) client-ip=74.125.82.181; Received: by mail-we0-f181.google.com with SMTP id q58so8055225wes.40 for ; Mon, 05 Jan 2015 07:13:39 -0800 (PST) X-Received: by 10.180.73.235 with SMTP id o11mr26461431wiv.51.1420470819727; Mon, 05 Jan 2015 07:13:39 -0800 (PST) Received: from sundance.lan (cpc4-aztw19-0-0-cust157.18-1.cable.virginm.net. [82.33.25.158]) by mx.google.com with ESMTPSA id a1sm26937430wjx.28.2015.01.05.07.13.37 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 05 Jan 2015 07:13:38 -0800 (PST) From: Daniel Thompson To: Russell King Cc: Daniel Thompson , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, patches@linaro.org, linaro-kernel@lists.linaro.org, John Stultz , Sumit Semwal Subject: [PATCH] arm: Remove early stack deallocation from restore_user_regs Date: Mon, 5 Jan 2015 15:12:38 +0000 Message-Id: <1420470758-5874-1-git-send-email-daniel.thompson@linaro.org> X-Mailer: git-send-email 1.9.3 In-Reply-To: <1418382718-16323-1-git-send-email-daniel.thompson@linaro.org> References: <1418382718-16323-1-git-send-email-daniel.thompson@linaro.org> X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: daniel.thompson@linaro.org X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.215.46 as permitted sender) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Precedence: list Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org List-ID: X-Google-Group-Id: 836684582541 List-Post: , List-Help: , List-Archive: List-Unsubscribe: , Currently restore_user_regs deallocates the SVC stack early in its execution and relies on no exception being taken between the deallocation and the registers being restored. The introduction of a default FIQ handler that also uses the SVC stack breaks this assumption and can result in corrupted register state. This patch works around the problem by removing the early stack deallocation and using r2 as a temporary instead. I have not found a way to do this without introducing an extra mov instruction to the macro. Signed-off-by: Daniel Thompson --- Notes: [This patch has not been modified since its original posting as an RFC]. I have recently started to hook up the PMU via FIQ (although it's slightly hacky at present) and was seeing random userspace SEGVs when perf was running (after ~100,000 or so FIQs). Instrumenting the code eventually revealed that in almost all cases the last FIQ handler to run prior the SEGV had interrupted ret_to_user_from_irq or ret_fast_syscall. Very occasionally it was in the fault handling code (because that code runs as part of SEGV handling and the PMU is instrumenting that too). No SEGV problems have been observed since fixing the issue. This version of the patch has seen >7M FIQs and an older version (based on cpsid f) ran overnight. arch/arm/kernel/entry-header.S | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) -- 1.9.3 diff --git a/arch/arm/kernel/entry-header.S b/arch/arm/kernel/entry-header.S index 4176df721bf0..1a0045abead7 100644 --- a/arch/arm/kernel/entry-header.S +++ b/arch/arm/kernel/entry-header.S @@ -253,21 +253,22 @@ .endm .macro restore_user_regs, fast = 0, offset = 0 - ldr r1, [sp, #\offset + S_PSR] @ get calling cpsr - ldr lr, [sp, #\offset + S_PC]! @ get pc + mov r2, sp + ldr r1, [r2, #\offset + S_PSR] @ get calling cpsr + ldr lr, [r2, #\offset + S_PC]! @ get pc msr spsr_cxsf, r1 @ save in spsr_svc #if defined(CONFIG_CPU_V6) || defined(CONFIG_CPU_32v6K) @ We must avoid clrex due to Cortex-A15 erratum #830321 - strex r1, r2, [sp] @ clear the exclusive monitor + strex r1, r2, [r2] @ clear the exclusive monitor #endif .if \fast - ldmdb sp, {r1 - lr}^ @ get calling r1 - lr + ldmdb r2, {r1 - lr}^ @ get calling r1 - lr .else - ldmdb sp, {r0 - lr}^ @ get calling r0 - lr + ldmdb r2, {r0 - lr}^ @ get calling r0 - lr .endif mov r0, r0 @ ARMv5T and earlier require a nop @ after ldm {}^ - add sp, sp, #S_FRAME_SIZE - S_PC + add sp, sp, #\offset + S_FRAME_SIZE movs pc, lr @ return & move spsr_svc into cpsr .endm