From patchwork Fri Sep 29 11:27:41 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Will Deacon X-Patchwork-Id: 114509 Delivered-To: patch@linaro.org Received: by 10.140.104.133 with SMTP id a5csp679239qgf; Fri, 29 Sep 2017 04:27:30 -0700 (PDT) X-Google-Smtp-Source: AOwi7QAXyGlGT5xIS9xU7f6deo2HOrHex33myF+GzDTR1Crn9slJADbT4gHxRqsEIP811+jOZob1 X-Received: by 10.98.202.220 with SMTP id y89mr7060116pfk.57.1506684450422; Fri, 29 Sep 2017 04:27:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1506684450; cv=none; d=google.com; s=arc-20160816; b=SoM3IwmltUXwziYlZ+8OvAKYJALiDqify6mzxxV0D6a6obwxkZg1Ew8lkg09GPsRfP SGK+JdfY9pSqfEKv6GqNEFfhqY6gLULRKdVa6bnwk3zMRmEaguciQvLBh0UbQadq3und PvwNir4dvsqlEDV4Ba3a/bsXI3VRYBSQbmNPsI7zne0bLI9gtK8frVa46H8Vvhl/SKcL Bh3GK0yOl3/yMHr/V29RywTkC3V0hK/L+Rg/S9hb57NyN+I+QsE0M6S8unc9ZwkLe2QH 8r99IYjuHHkQhyzJQC+JnRX61g8by4ALqYr5LoIGsKi341vJ7q5lNzsSgfPsxFhNK4J6 8hPA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :arc-authentication-results; bh=VdebFe3/DINmqmw9P4uf4jUb1DXCvWfQ5oI2MH9hxos=; b=mS19PERy+RDurlmyMoRGFy4QAy5I+5M/PaIrlLH3OPwvW790cfBUiVJ5Uj0AexoxPy /5Svp36ksaLaKqbHwF/vYO1dqfCyCK2l2YkaM+IMrDxzkj0Yh/DW9pCMPSO/2xDwBPDy zIq9O57r47cvUJ7k6gUgebukpFSxQNNsMN3TlVJxQW2X1jSM6msBQBtrre6M73mI3GpU Ba4jLCRXoyXbTtVyCm7BO700UvwEFCwxRGShjzQSBO3cmo8kyRacAkr3Ew/hpwU4P/C+ WbsD2/r0CZpCyDKIjsQYY645FIBjUgIePNl0HVg75gZ/b+1vJk50I/TWmbsV0AI/BT2f Ax3Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k1si3187376pld.607.2017.09.29.04.27.29; Fri, 29 Sep 2017 04:27:30 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751980AbdI2L12 (ORCPT + 8 others); Fri, 29 Sep 2017 07:27:28 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:41304 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751590AbdI2L12 (ORCPT ); Fri, 29 Sep 2017 07:27:28 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id E57E61435; Fri, 29 Sep 2017 04:27:27 -0700 (PDT) Received: from edgewater-inn.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id B57943F53D; Fri, 29 Sep 2017 04:27:27 -0700 (PDT) Received: by edgewater-inn.cambridge.arm.com (Postfix, from userid 1000) id 963601AE17BD; Fri, 29 Sep 2017 12:27:42 +0100 (BST) From: Will Deacon To: catalin.marinas@arm.com Cc: linux-arm-kernel@lists.infradead.org, Will Deacon , Subject: [PATCH] arm64: fault: Route pte translation faults via do_translation_fault Date: Fri, 29 Sep 2017 12:27:41 +0100 Message-Id: <1506684461-24162-1-git-send-email-will.deacon@arm.com> X-Mailer: git-send-email 2.1.4 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org We currently route pte translation faults via do_page_fault, which elides the address check against TASK_SIZE before invoking the mm fault handling code. However, this can cause issues with the path walking code in conjunction with our word-at-a-time implementation because load_unaligned_zeropad can end up faulting in kernel space if it reads across a page boundary and runs into a page fault (e.g. by attempting to read from a guard region). In the case of such a fault, load_unaligned_zeropad has registered a fixup to shift the valid data and pad with zeroes, however the abort is reported as a level 3 translation fault and we dispatch it straight to do_page_fault, despite it being a kernel address. This results in calling a sleeping function from atomic context: BUG: sleeping function called from invalid context at arch/arm64/mm/fault.c:313 in_atomic(): 0, irqs_disabled(): 0, pid: 10290 Internal error: Oops - BUG: 0 [#1] PREEMPT SMP [...] [] ___might_sleep+0x134/0x144 [] __might_sleep+0x7c/0x8c [] do_page_fault+0x140/0x330 [] do_mem_abort+0x54/0xb0 Exception stack(0xfffffffb20247a70 to 0xfffffffb20247ba0) [...] [] el1_da+0x18/0x78 [] path_parentat+0x44/0x88 [] filename_parentat+0x5c/0xd8 [] filename_create+0x4c/0x128 [] SyS_mkdirat+0x50/0xc8 [] el0_svc_naked+0x24/0x28 Code: 36380080 d5384100 f9400800 9402566d (d4210000) ---[ end trace 2d01889f2bca9b9f ]--- Fix this by dispatching all translation faults to do_translation_faults, which avoids invoking the page fault logic for faults on kernel addresses. Cc: Reported-by: Ankit Jain Signed-off-by: Will Deacon --- arch/arm64/mm/fault.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.1.4 diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c index 89993c4be1be..2069e9bc0fca 100644 --- a/arch/arm64/mm/fault.c +++ b/arch/arm64/mm/fault.c @@ -651,7 +651,7 @@ static const struct fault_info fault_info[] = { { do_translation_fault, SIGSEGV, SEGV_MAPERR, "level 0 translation fault" }, { do_translation_fault, SIGSEGV, SEGV_MAPERR, "level 1 translation fault" }, { do_translation_fault, SIGSEGV, SEGV_MAPERR, "level 2 translation fault" }, - { do_page_fault, SIGSEGV, SEGV_MAPERR, "level 3 translation fault" }, + { do_translation_fault, SIGSEGV, SEGV_MAPERR, "level 3 translation fault" }, { do_bad, SIGBUS, 0, "unknown 8" }, { do_page_fault, SIGSEGV, SEGV_ACCERR, "level 1 access flag fault" }, { do_page_fault, SIGSEGV, SEGV_ACCERR, "level 2 access flag fault" },