+++ /dev/null
-From 9f33a8fbc669687b55903f534985b8067da7e724 Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Tue, 11 Feb 2020 00:38:29 -0300
-Subject: powerpc/tm: Fix clearing MSR[TS] in current when reclaiming on signal
- delivery
-
-From: Gustavo Luiz Duarte <gustavold@linux.ibm.com>
-
-[ Upstream commit 2464cc4c345699adea52c7aef75707207cb8a2f6 ]
-
-After a treclaim, we expect to be in non-transactional state. If we
-don't clear the current thread's MSR[TS] before we get preempted, then
-tm_recheckpoint_new_task() will recheckpoint and we get rescheduled in
-suspended transaction state.
-
-When handling a signal caught in transactional state,
-handle_rt_signal64() calls get_tm_stackpointer() that treclaims the
-transaction using tm_reclaim_current() but without clearing the
-thread's MSR[TS]. This can cause the TM Bad Thing exception below if
-later we pagefault and get preempted trying to access the user's
-sigframe, using __put_user(). Afterwards, when we are rescheduled back
-into do_page_fault() (but now in suspended state since the thread's
-MSR[TS] was not cleared), upon executing 'rfid' after completion of
-the page fault handling, the exception is raised because a transition
-from suspended to non-transactional state is invalid.
-
- Unexpected TM Bad Thing exception at c00000000000de44 (msr 0x8000000302a03031) tm_scratch=800000010280b033
- Oops: Unrecoverable exception, sig: 6 [#1]
- LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries
- CPU: 25 PID: 15547 Comm: a.out Not tainted 5.4.0-rc2 #32
- NIP: c00000000000de44 LR: c000000000034728 CTR: 0000000000000000
- REGS: c00000003fe7bd70 TRAP: 0700 Not tainted (5.4.0-rc2)
- MSR: 8000000302a03031 <SF,VEC,VSX,FP,ME,IR,DR,LE,TM[SE]> CR: 44000884 XER: 00000000
- CFAR: c00000000000dda4 IRQMASK: 0
- PACATMSCRATCH: 800000010280b033
- GPR00: c000000000034728 c000000f65a17c80 c000000001662800 00007fffacf3fd78
- GPR04: 0000000000001000 0000000000001000 0000000000000000 c000000f611f8af0
- GPR08: 0000000000000000 0000000078006001 0000000000000000 000c000000000000
- GPR12: c000000f611f84b0 c00000003ffcb200 0000000000000000 0000000000000000
- GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
- GPR20: 0000000000000000 0000000000000000 0000000000000000 c000000f611f8140
- GPR24: 0000000000000000 00007fffacf3fd68 c000000f65a17d90 c000000f611f7800
- GPR28: c000000f65a17e90 c000000f65a17e90 c000000001685e18 00007fffacf3f000
- NIP [c00000000000de44] fast_exception_return+0xf4/0x1b0
- LR [c000000000034728] handle_rt_signal64+0x78/0xc50
- Call Trace:
- [c000000f65a17c80] [c000000000034710] handle_rt_signal64+0x60/0xc50 (unreliable)
- [c000000f65a17d30] [c000000000023640] do_notify_resume+0x330/0x460
- [c000000f65a17e20] [c00000000000dcc4] ret_from_except_lite+0x70/0x74
- Instruction dump:
- 7c4ff120 e8410170 7c5a03a6 38400000 f8410060 e8010070 e8410080 e8610088
- 60000000 60000000 e8810090 e8210078 <4c000024> 48000000 e8610178 88ed0989
- ---[ end trace 93094aa44b442f87 ]---
-
-The simplified sequence of events that triggers the above exception is:
-
- ... # userspace in NON-TRANSACTIONAL state
- tbegin # userspace in TRANSACTIONAL state
- signal delivery # kernelspace in SUSPENDED state
- handle_rt_signal64()
- get_tm_stackpointer()
- treclaim # kernelspace in NON-TRANSACTIONAL state
- __put_user()
- page fault happens. We will never get back here because of the TM Bad Thing exception.
-
- page fault handling kicks in and we voluntarily preempt ourselves
- do_page_fault()
- __schedule()
- __switch_to(other_task)
-
- our task is rescheduled and we recheckpoint because the thread's MSR[TS] was not cleared
- __switch_to(our_task)
- switch_to_tm()
- tm_recheckpoint_new_task()
- trechkpt # kernelspace in SUSPENDED state
-
- The page fault handling resumes, but now we are in suspended transaction state
- do_page_fault() completes
- rfid <----- trying to get back where the page fault happened (we were non-transactional back then)
- TM Bad Thing # illegal transition from suspended to non-transactional
-
-This patch fixes that issue by clearing the current thread's MSR[TS]
-just after treclaim in get_tm_stackpointer() so that we stay in
-non-transactional state in case we are preempted. In order to make
-treclaim and clearing the thread's MSR[TS] atomic from a preemption
-perspective when CONFIG_PREEMPT is set, preempt_disable/enable() is
-used. It's also necessary to save the previous value of the thread's
-MSR before get_tm_stackpointer() is called so that it can be exposed
-to the signal handler later in setup_tm_sigcontexts() to inform the
-userspace MSR at the moment of the signal delivery.
-
-Found with tm-signal-context-force-tm kernel selftest.
-
-Fixes: 2b0a576d15e0 ("powerpc: Add new transactional memory state to the signal context")
-Cc: stable@vger.kernel.org # v3.9
-Signed-off-by: Gustavo Luiz Duarte <gustavold@linux.ibm.com>
-Acked-by: Michael Neuling <mikey@neuling.org>
-Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
-Link: https://lore.kernel.org/r/20200211033831.11165-1-gustavold@linux.ibm.com
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- arch/powerpc/kernel/signal.c | 17 +++++++++++++++--
- arch/powerpc/kernel/signal_32.c | 28 ++++++++++++++--------------
- arch/powerpc/kernel/signal_64.c | 22 ++++++++++------------
- 3 files changed, 39 insertions(+), 28 deletions(-)
-
-diff --git a/arch/powerpc/kernel/signal.c b/arch/powerpc/kernel/signal.c
-index 3d7539b90010c..4cb92022315a4 100644
---- a/arch/powerpc/kernel/signal.c
-+++ b/arch/powerpc/kernel/signal.c
-@@ -193,14 +193,27 @@ unsigned long get_tm_stackpointer(struct task_struct *tsk)
- * normal/non-checkpointed stack pointer.
- */
-
-+ unsigned long ret = tsk->thread.regs->gpr[1];
-+
- #ifdef CONFIG_PPC_TRANSACTIONAL_MEM
- BUG_ON(tsk != current);
-
- if (MSR_TM_ACTIVE(tsk->thread.regs->msr)) {
-+ preempt_disable();
- tm_reclaim_current(TM_CAUSE_SIGNAL);
- if (MSR_TM_TRANSACTIONAL(tsk->thread.regs->msr))
-- return tsk->thread.ckpt_regs.gpr[1];
-+ ret = tsk->thread.ckpt_regs.gpr[1];
-+
-+ /*
-+ * If we treclaim, we must clear the current thread's TM bits
-+ * before re-enabling preemption. Otherwise we might be
-+ * preempted and have the live MSR[TS] changed behind our back
-+ * (tm_recheckpoint_new_task() would recheckpoint). Besides, we
-+ * enter the signal handler in non-transactional state.
-+ */
-+ tsk->thread.regs->msr &= ~MSR_TS_MASK;
-+ preempt_enable();
- }
- #endif
-- return tsk->thread.regs->gpr[1];
-+ return ret;
- }
-diff --git a/arch/powerpc/kernel/signal_32.c b/arch/powerpc/kernel/signal_32.c
-index 7157cb6951512..123299fbb33e4 100644
---- a/arch/powerpc/kernel/signal_32.c
-+++ b/arch/powerpc/kernel/signal_32.c
-@@ -515,19 +515,11 @@ static int save_user_regs(struct pt_regs *regs, struct mcontext __user *frame,
- */
- static int save_tm_user_regs(struct pt_regs *regs,
- struct mcontext __user *frame,
-- struct mcontext __user *tm_frame, int sigret)
-+ struct mcontext __user *tm_frame, int sigret,
-+ unsigned long msr)
- {
-- unsigned long msr = regs->msr;
--
- WARN_ON(tm_suspend_disabled);
-
-- /* Remove TM bits from thread's MSR. The MSR in the sigcontext
-- * just indicates to userland that we were doing a transaction, but we
-- * don't want to return in transactional state. This also ensures
-- * that flush_fp_to_thread won't set TIF_RESTORE_TM again.
-- */
-- regs->msr &= ~MSR_TS_MASK;
--
- /* Save both sets of general registers */
- if (save_general_regs(¤t->thread.ckpt_regs, frame)
- || save_general_regs(regs, tm_frame))
-@@ -1004,6 +996,10 @@ int handle_rt_signal32(struct ksignal *ksig, sigset_t *oldset,
- int sigret;
- unsigned long tramp;
- struct pt_regs *regs = tsk->thread.regs;
-+#ifdef CONFIG_PPC_TRANSACTIONAL_MEM
-+ /* Save the thread's msr before get_tm_stackpointer() changes it */
-+ unsigned long msr = regs->msr;
-+#endif
-
- BUG_ON(tsk != current);
-
-@@ -1036,13 +1032,13 @@ int handle_rt_signal32(struct ksignal *ksig, sigset_t *oldset,
-
- #ifdef CONFIG_PPC_TRANSACTIONAL_MEM
- tm_frame = &rt_sf->uc_transact.uc_mcontext;
-- if (MSR_TM_ACTIVE(regs->msr)) {
-+ if (MSR_TM_ACTIVE(msr)) {
- if (__put_user((unsigned long)&rt_sf->uc_transact,
- &rt_sf->uc.uc_link) ||
- __put_user((unsigned long)tm_frame,
- &rt_sf->uc_transact.uc_regs))
- goto badframe;
-- if (save_tm_user_regs(regs, frame, tm_frame, sigret))
-+ if (save_tm_user_regs(regs, frame, tm_frame, sigret, msr))
- goto badframe;
- }
- else
-@@ -1449,6 +1445,10 @@ int handle_signal32(struct ksignal *ksig, sigset_t *oldset,
- int sigret;
- unsigned long tramp;
- struct pt_regs *regs = tsk->thread.regs;
-+#ifdef CONFIG_PPC_TRANSACTIONAL_MEM
-+ /* Save the thread's msr before get_tm_stackpointer() changes it */
-+ unsigned long msr = regs->msr;
-+#endif
-
- BUG_ON(tsk != current);
-
-@@ -1482,9 +1482,9 @@ int handle_signal32(struct ksignal *ksig, sigset_t *oldset,
-
- #ifdef CONFIG_PPC_TRANSACTIONAL_MEM
- tm_mctx = &frame->mctx_transact;
-- if (MSR_TM_ACTIVE(regs->msr)) {
-+ if (MSR_TM_ACTIVE(msr)) {
- if (save_tm_user_regs(regs, &frame->mctx, &frame->mctx_transact,
-- sigret))
-+ sigret, msr))
- goto badframe;
- }
- else
-diff --git a/arch/powerpc/kernel/signal_64.c b/arch/powerpc/kernel/signal_64.c
-index b203c16d46d4e..71785574aeafb 100644
---- a/arch/powerpc/kernel/signal_64.c
-+++ b/arch/powerpc/kernel/signal_64.c
-@@ -192,7 +192,8 @@ static long setup_sigcontext(struct sigcontext __user *sc,
- static long setup_tm_sigcontexts(struct sigcontext __user *sc,
- struct sigcontext __user *tm_sc,
- struct task_struct *tsk,
-- int signr, sigset_t *set, unsigned long handler)
-+ int signr, sigset_t *set, unsigned long handler,
-+ unsigned long msr)
- {
- /* When CONFIG_ALTIVEC is set, we _always_ setup v_regs even if the
- * process never used altivec yet (MSR_VEC is zero in pt_regs of
-@@ -207,12 +208,11 @@ static long setup_tm_sigcontexts(struct sigcontext __user *sc,
- elf_vrreg_t __user *tm_v_regs = sigcontext_vmx_regs(tm_sc);
- #endif
- struct pt_regs *regs = tsk->thread.regs;
-- unsigned long msr = tsk->thread.regs->msr;
- long err = 0;
-
- BUG_ON(tsk != current);
-
-- BUG_ON(!MSR_TM_ACTIVE(regs->msr));
-+ BUG_ON(!MSR_TM_ACTIVE(msr));
-
- WARN_ON(tm_suspend_disabled);
-
-@@ -222,13 +222,6 @@ static long setup_tm_sigcontexts(struct sigcontext __user *sc,
- */
- msr |= tsk->thread.ckpt_regs.msr & (MSR_FP | MSR_VEC | MSR_VSX);
-
-- /* Remove TM bits from thread's MSR. The MSR in the sigcontext
-- * just indicates to userland that we were doing a transaction, but we
-- * don't want to return in transactional state. This also ensures
-- * that flush_fp_to_thread won't set TIF_RESTORE_TM again.
-- */
-- regs->msr &= ~MSR_TS_MASK;
--
- #ifdef CONFIG_ALTIVEC
- err |= __put_user(v_regs, &sc->v_regs);
- err |= __put_user(tm_v_regs, &tm_sc->v_regs);
-@@ -805,6 +798,10 @@ int handle_rt_signal64(struct ksignal *ksig, sigset_t *set,
- unsigned long newsp = 0;
- long err = 0;
- struct pt_regs *regs = tsk->thread.regs;
-+#ifdef CONFIG_PPC_TRANSACTIONAL_MEM
-+ /* Save the thread's msr before get_tm_stackpointer() changes it */
-+ unsigned long msr = regs->msr;
-+#endif
-
- BUG_ON(tsk != current);
-
-@@ -822,7 +819,7 @@ int handle_rt_signal64(struct ksignal *ksig, sigset_t *set,
- err |= __put_user(0, &frame->uc.uc_flags);
- err |= __save_altstack(&frame->uc.uc_stack, regs->gpr[1]);
- #ifdef CONFIG_PPC_TRANSACTIONAL_MEM
-- if (MSR_TM_ACTIVE(regs->msr)) {
-+ if (MSR_TM_ACTIVE(msr)) {
- /* The ucontext_t passed to userland points to the second
- * ucontext_t (for transactional state) with its uc_link ptr.
- */
-@@ -830,7 +827,8 @@ int handle_rt_signal64(struct ksignal *ksig, sigset_t *set,
- err |= setup_tm_sigcontexts(&frame->uc.uc_mcontext,
- &frame->uc_transact.uc_mcontext,
- tsk, ksig->sig, NULL,
-- (unsigned long)ksig->ka.sa.sa_handler);
-+ (unsigned long)ksig->ka.sa.sa_handler,
-+ msr);
- } else
- #endif
- {
---
-2.20.1
-
+++ /dev/null
-From a2de7ca4bc5e14efcb3b03f9cb0b02c3da0b8714 Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Sun, 31 Dec 2017 18:20:45 -0500
-Subject: powerpc/tm: Fix endianness flip on trap
-
-From: Gustavo Romero <gromero@linux.vnet.ibm.com>
-
-[ Upstream commit 1c200e63d055ec0125e44a5e386b9b78aada7eb3 ]
-
-Currently it's possible that a thread on PPC64 LE has its endianness
-flipped inadvertently to Big-Endian resulting in a crash once the process
-is back from the signal handler.
-
-If giveup_all() is called when regs->msr has the bits MSR.FP and MSR.VEC
-disabled (and hence MSR.VSX disabled too) it returns without calling
-check_if_tm_restore_required() which copies regs->msr to ckpt_regs->msr if
-the process caught a signal whilst in transactional mode. Then once in
-setup_tm_sigcontexts() MSR from ckpt_regs.msr is used, but since
-check_if_tm_restore_required() was not called previuosly, gp_regs[PT_MSR]
-gets a copy of invalid MSR bits as MSR in ckpt_regs was not updated from
-regs->msr and so is zeroed. Later when leaving the signal handler once in
-sys_rt_sigreturn() the TS bits of gp_regs[PT_MSR] are checked to determine
-if restore_tm_sigcontexts() must be called to pull in the correct MSR state
-into the user context. Because TS bits are zeroed
-restore_tm_sigcontexts() is never called and MSR restored from the user
-context on returning from the signal handler has the MSR.LE (the endianness
-bit) forced to zero (Big-Endian). That leads, for instance, to 'nop' being
-treated as an illegal instruction in the following sequence:
-
- tbegin.
- beq 1f
- trap
- tend.
-1: nop
-
-on PPC64 LE machines and the process dies just after returning from the
-signal handler.
-
-PPC64 BE is also affected but in a subtle way since forcing Big-Endian on
-a BE machine does not change the endianness.
-
-This commit fixes the issue described above by ensuring that once in
-setup_tm_sigcontexts() the MSR used is from regs->msr instead of from
-ckpt_regs->msr and by ensuring that we pull in only the MSR.FP, MSR.VEC,
-and MSR.VSX bits from ckpt_regs->msr.
-
-The fix was tested both on LE and BE machines and no regression regarding
-the powerpc/tm selftests was observed.
-
-Signed-off-by: Gustavo Romero <gromero@linux.vnet.ibm.com>
-Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- arch/powerpc/kernel/signal_64.c | 8 +++++++-
- 1 file changed, 7 insertions(+), 1 deletion(-)
-
-diff --git a/arch/powerpc/kernel/signal_64.c b/arch/powerpc/kernel/signal_64.c
-index 2d52fed72e216..b203c16d46d4e 100644
---- a/arch/powerpc/kernel/signal_64.c
-+++ b/arch/powerpc/kernel/signal_64.c
-@@ -207,7 +207,7 @@ static long setup_tm_sigcontexts(struct sigcontext __user *sc,
- elf_vrreg_t __user *tm_v_regs = sigcontext_vmx_regs(tm_sc);
- #endif
- struct pt_regs *regs = tsk->thread.regs;
-- unsigned long msr = tsk->thread.ckpt_regs.msr;
-+ unsigned long msr = tsk->thread.regs->msr;
- long err = 0;
-
- BUG_ON(tsk != current);
-@@ -216,6 +216,12 @@ static long setup_tm_sigcontexts(struct sigcontext __user *sc,
-
- WARN_ON(tm_suspend_disabled);
-
-+ /* Restore checkpointed FP, VEC, and VSX bits from ckpt_regs as
-+ * it contains the correct FP, VEC, VSX state after we treclaimed
-+ * the transaction and giveup_all() was called on reclaiming.
-+ */
-+ msr |= tsk->thread.ckpt_regs.msr & (MSR_FP | MSR_VEC | MSR_VSX);
-+
- /* Remove TM bits from thread's MSR. The MSR in the sigcontext
- * just indicates to userland that we were doing a transaction, but we
- * don't want to return in transactional state. This also ensures
---
-2.20.1
-
+++ /dev/null
-From c6ba40eb93f22ca21b7099c46f5620cb717f4b5a Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Thu, 12 Oct 2017 21:17:19 +1100
-Subject: powerpc/tm: P9 disable transactionally suspended sigcontexts
-
-From: Michael Neuling <mikey@neuling.org>
-
-[ Upstream commit 92fb8690bd04cb421d987d246deac60eef85d272 ]
-
-Unfortunately userspace can construct a sigcontext which enables
-suspend. Thus userspace can force Linux into a path where trechkpt is
-executed.
-
-This patch blocks this from happening on POWER9 by sanity checking
-sigcontexts passed in.
-
-ptrace doesn't have this problem as only MSR SE and BE can be changed
-via ptrace.
-
-This patch also adds a number of WARN_ON()s in case we ever enter
-suspend when we shouldn't. This should not happen, but if it does the
-symptoms are soft lockup warnings which are not obviously TM related,
-so the WARN_ON()s should make it obvious what's happening.
-
-Signed-off-by: Michael Neuling <mikey@neuling.org>
-Signed-off-by: Cyril Bur <cyrilbur@gmail.com>
-Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- arch/powerpc/kernel/process.c | 2 ++
- arch/powerpc/kernel/signal_32.c | 4 ++++
- arch/powerpc/kernel/signal_64.c | 5 +++++
- 3 files changed, 11 insertions(+)
-
-diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c
-index ba0d4f9a99bac..1615d60cd55cb 100644
---- a/arch/powerpc/kernel/process.c
-+++ b/arch/powerpc/kernel/process.c
-@@ -903,6 +903,8 @@ static inline void tm_reclaim_task(struct task_struct *tsk)
- if (!MSR_TM_ACTIVE(thr->regs->msr))
- goto out_and_saveregs;
-
-+ WARN_ON(tm_suspend_disabled);
-+
- TM_DEBUG("--- tm_reclaim on pid %d (NIP=%lx, "
- "ccr=%lx, msr=%lx, trap=%lx)\n",
- tsk->pid, thr->regs->nip,
-diff --git a/arch/powerpc/kernel/signal_32.c b/arch/powerpc/kernel/signal_32.c
-index a03fc3109fa55..7157cb6951512 100644
---- a/arch/powerpc/kernel/signal_32.c
-+++ b/arch/powerpc/kernel/signal_32.c
-@@ -519,6 +519,8 @@ static int save_tm_user_regs(struct pt_regs *regs,
- {
- unsigned long msr = regs->msr;
-
-+ WARN_ON(tm_suspend_disabled);
-+
- /* Remove TM bits from thread's MSR. The MSR in the sigcontext
- * just indicates to userland that we were doing a transaction, but we
- * don't want to return in transactional state. This also ensures
-@@ -769,6 +771,8 @@ static long restore_tm_user_regs(struct pt_regs *regs,
- int i;
- #endif
-
-+ if (tm_suspend_disabled)
-+ return 1;
- /*
- * restore general registers but not including MSR or SOFTE. Also
- * take care of keeping r2 (TLS) intact if not a signal.
-diff --git a/arch/powerpc/kernel/signal_64.c b/arch/powerpc/kernel/signal_64.c
-index b75bf6e74209e..2d52fed72e216 100644
---- a/arch/powerpc/kernel/signal_64.c
-+++ b/arch/powerpc/kernel/signal_64.c
-@@ -214,6 +214,8 @@ static long setup_tm_sigcontexts(struct sigcontext __user *sc,
-
- BUG_ON(!MSR_TM_ACTIVE(regs->msr));
-
-+ WARN_ON(tm_suspend_disabled);
-+
- /* Remove TM bits from thread's MSR. The MSR in the sigcontext
- * just indicates to userland that we were doing a transaction, but we
- * don't want to return in transactional state. This also ensures
-@@ -430,6 +432,9 @@ static long restore_tm_sigcontexts(struct task_struct *tsk,
-
- BUG_ON(tsk != current);
-
-+ if (tm_suspend_disabled)
-+ return -EINVAL;
-+
- /* copy the GPRs */
- err |= __copy_from_user(regs->gpr, tm_sc->gp_regs, sizeof(regs->gpr));
- err |= __copy_from_user(&tsk->thread.ckpt_regs, sc->gp_regs,
---
-2.20.1
-
projects / thirdparty / kernel / stable-queue.git / commitdiff
