git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Mark Rutland <mark.rutland@arm.com>
	Mon, 30 Nov 2020 11:59:40 +0000 (11:59 +0000)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 30 Dec 2020 10:25:46 +0000 (11:25 +0100)
commit	6abd3ab44001ff55ccff27793b925983cef23198
tree	3c55acaca434deba52943736bfc8072f0e91228b	tree
parent	4069f4247a8bb5d33902232e1ab9fb703a3d2729	commit \| diff

arm64: syscall: exit userspace before unmasking exceptions

[ Upstream commit ca1314d73eed493c49bb1932c60a8605530db2e4 ]

In el0_svc_common() we unmask exceptions before we call user_exit(), and
so there's a window where an IRQ or debug exception can be taken while
RCU is not watching. In do_debug_exception() we account for this in via
debug_exception_{enter,exit}(), but in the el1_irq asm we do not and we
call trace functions which rely on RCU before we have a guarantee that
RCU is watching.

Let's avoid this by having el0_svc_common() exit userspace before
unmasking exceptions, matching what we do for all other EL0 entry paths.
We can use user_exit_irqoff() to avoid the pointless save/restore of IRQ
flags while we're sure exceptions are masked in DAIF.

The workaround for Cortex-A76 erratum 1463225 may trigger a debug
exception before this point, but the debug code invoked in this case is
safe even when RCU is not watching.

Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: James Morse <james.morse@arm.com>
Cc: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20201130115950.22492-2-mark.rutland@arm.com
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>