From patchwork Fri Oct 28 20:04:14 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Helge Deller X-Patchwork-Id: 9402623 X-Patchwork-Delegate: deller@gmx.de Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id E3D04601C0 for ; Fri, 28 Oct 2016 20:04:33 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D39722A8A2 for ; Fri, 28 Oct 2016 20:04:33 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id C87212A8B4; Fri, 28 Oct 2016 20:04:33 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3B3282A8A2 for ; Fri, 28 Oct 2016 20:04:33 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1761275AbcJ1UEb (ORCPT ); Fri, 28 Oct 2016 16:04:31 -0400 Received: from mout.gmx.net ([212.227.15.19]:61191 "EHLO mout.gmx.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756160AbcJ1UEZ (ORCPT ); Fri, 28 Oct 2016 16:04:25 -0400 Received: from ls3530.box ([92.203.32.229]) by mail.gmx.com (mrgmx003) with ESMTPSA (Nemesis) id 0M7pku-1cmYoj2NIe-00vN0y; Fri, 28 Oct 2016 22:04:17 +0200 Date: Fri, 28 Oct 2016 22:04:14 +0200 From: Helge Deller To: linux-parisc@vger.kernel.org, James Bottomley , John David Anglin Subject: [PATCH] parisc: Ensure consistent state when switching to kernel stack at syscall entry Message-ID: <20161028200414.GA20703@ls3530.box> MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.5.23 (2014-03-12) X-Provags-ID: V03:K0:DWJczpIJVDxobRdeb54EuZXb9NzdWewd82oyiOmhJonMp4mdq86 nr3cl/WzCMn2BZlwbsfgr2tFDgXndX64vg8TxfcLeUNHysqu2RBuC6Vrypg5ap1QOnHp+36 iNY3W3RNnY4PcNFUGwV+dMfKmBd9T6leg9OlGUFslIf+G0gcdoZZinc/+/EZ+f7peN/dvH0 nInCUOrSeVlDcY6gAK3Vw== X-UI-Out-Filterresults: notjunk:1; V01:K0:FClFW/zVlXE=:1QLc8pHSjeZnGmQbqt8XM1 Qqo2WRuV1DNDj+cluROZbALS09w3pNpmugyhwc7he+UPV1zhGimERKZLxwc5336M6yQg/pWPw 0ZtfU3tc+jg5auS+bdrU1vMZ60B5NZIGfp44DUkFoOrH9tBjpYMBf8goYmmY7ghkZFiD+VdDZ m0/XIQhW1VHDynovX/EVAEr0mNR1w8+8gQ2lkCepcAJ3VmAvSHw6qIEMps2t0l3W4ABS8FzSP R9zl5FoK/Fpv+gx/deqQjLHK82Sk+PuP2BbNdDIVBeod/v9hfv0+QnbrUQHQvTDm4VlWzrZuz NYbsvTvu8zSriMlo5G3h+kooJeo4iWERw9PvC8rFavpAQv6r+SxsYeooN4CTXHAGEQQHJFUj6 lI0kTXoIdEjXBYP8rJYMQDuJUYv1Jtcft6PUxyWkLpkZCMT3APfWGBQG/bzfoXXEBahxeHl+f jzoJiQEdtV75FxIyNAC0cvqM1khskgPwv/HHpEVjf1TLTlsp4HtPQW2Vm1zgG+W3H1CYh6nGW GAuPkj6Mx+e3mryRFTpheNlr1QLJwT9tJCrXuxOMEP8h2X+UamdcR5zg1YJPJd13kxirOPHai LBznDs3S2OEMt4MLBviyllqhyi6t7+TFUmW/fwnj/J+ieLCspjGYUdhRXXdfKx4VLcAhtBaWu N+vXkRzK282gCzy5wh5nzqYfGMduy86xTYFV0iJTVtS3g7ggCRmZi2RuKOyhIasr6qWlHDYjc MVtU+4juYfCqAfGJNWzR0ioKcsJUbnF78YFy/0kIm9k/+4vXDzSntLtXxHc= Sender: linux-parisc-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-parisc@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP We have one critical section in the syscall entry path in which we switch from the userspace stack to kernel stack. In the event of an external interrupt, the interrupt code distinguishes between those two states by analyzing the value of sr7. If sr7 is zero, it uses the kernel stack. Therefore it's important, that the value of sr7 is in sync with the currently enabled stack. This patch now disables interrupts while executing the critical section. This prevents the interrupt handler to possibly see an inconsitent state which in the worst case can lead to crashes. Interestingly, in the syscall exit path interrupts were already disabled in the critical section which switches back to the userspace stack. Cc: Signed-off-by: Helge Deller --- To unsubscribe from this list: send the line "unsubscribe linux-parisc" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/arch/parisc/kernel/syscall.S b/arch/parisc/kernel/syscall.S index d03422e..f13836b 100644 --- a/arch/parisc/kernel/syscall.S +++ b/arch/parisc/kernel/syscall.S @@ -106,8 +106,6 @@ linux_gateway_entry: mtsp %r0,%sr4 /* get kernel space into sr4 */ mtsp %r0,%sr5 /* get kernel space into sr5 */ mtsp %r0,%sr6 /* get kernel space into sr6 */ - mfsp %sr7,%r1 /* save user sr7 */ - mtsp %r1,%sr3 /* and store it in sr3 */ #ifdef CONFIG_64BIT /* for now we can *always* set the W bit on entry to the syscall @@ -134,20 +132,26 @@ linux_gateway_entry: 1: #endif mfctl %cr30,%r1 - xor %r1,%r30,%r30 /* ye olde xor trick */ - xor %r1,%r30,%r1 - xor %r1,%r30,%r30 - - ldo THREAD_SZ_ALGN+FRAME_SIZE(%r30),%r30 /* set up kernel stack */ + ldo THREAD_SZ_ALGN+FRAME_SIZE(%r1),%r1 /* set up kernel stack */ /* N.B.: It is critical that we don't set sr7 to 0 until r30 * contains a valid kernel stack pointer. It is also * critical that we don't start using the kernel stack - * until after sr7 has been set to 0. + * until after sr7 has been set to 0. To ensure this we + * use a rsm/ssm pair to make this operation atomic. + * At syscall entry %sr2 points to kernel space, otherwise + * syscalls wouldn't work. */ + rsm PSW_SM_I, %r0 /* turn interrupts off */ + STREGM %r30,FRAME_SIZE(%sr2, %r1) /* save usp on kernel stack */ + copy %r1, %r30 /* switch to kernel stack */ + + mfsp %sr7,%r1 /* get user sr7 */ + mtsp %r1,%sr3 /* store user sr7 in sr3 */ mtsp %r0,%sr7 /* get kernel space into sr7 */ - STREGM %r1,FRAME_SIZE(%r30) /* save r1 (usp) here for now */ + ssm PSW_SM_I, %r0 /* turn interrupts on */ + mfctl %cr30,%r1 /* get task ptr in %r1 */ LDREG TI_TASK(%r1),%r1