diff options
| author | Catalin Marinas <catalin.marinas@arm.com> | 2013-08-20 18:37:02 +0100 |
|---|---|---|
| committer | Gabby Lee <galee@nvidia.com> | 2013-09-12 19:27:47 -0700 |
| commit | bf253bce3cb420597f2e4b23361f30b519d41d14 (patch) | |
| tree | d2e785efde70fd09b2a7bb67c38ef1420e0903b9 | |
| parent | d557dd08a3dd216afae0b4419f9eb7eaeeed3a63 (diff) | |
arm: Enable IRQs before attempting to read user space in __und_usr
The Undef abort handler in the kernel reads the undefined instruction
from user space. If the page table was modified from another CPU, the
user access could fail and do_page_fault() will be executed with
interrupts disabled. This can potentially deadlock on ARM11MPCore or on
Cortex-A15 with erratum 798181 workaround enabled (both implying IPI for
TLB maintenance with page table lock held).
This patch enables the IRQs in __und_usr before attempting to read the
instruction from user space.
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Bharat Nihalani <bnihalani@nvidia.com>
Signed-off-by: Deepak Nibade <dnibade@nvidia.com>
Change-Id: Ie5164d8ada9646d723b2b6ef65797e9307718292
Reviewed-on: http://git-master/r/264300
(cherry picked from commit 099ae886a528059cdda926ce1701caaaeaa9e0e8)
Reviewed-on: http://git-master/r/267818
(cherry picked from commit 4b351ab2f929717d7e3c665828c6c9cff5fd4d33)
Reviewed-on: http://git-master/r/273633
GVS: Gerrit_Virtual_Submit
Tested-by: Harry Hong <hhong@nvidia.com>
Reviewed-by: Gabby Lee <galee@nvidia.com>
| -rw-r--r-- | arch/arm/kernel/entry-armv.S | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/arch/arm/kernel/entry-armv.S b/arch/arm/kernel/entry-armv.S index 8f29865810f3..0c2490bbb818 100644 --- a/arch/arm/kernel/entry-armv.S +++ b/arch/arm/kernel/entry-armv.S @@ -453,6 +453,11 @@ __und_usr: @ adr r9, BSYM(ret_from_exception) + @ IRQs must be enabled before attempting to read the instruction from + @ user space since that could cause a page/translation fault if the + @ page table was modified by another CPU. + enable_irq + tst r3, #PSR_T_BIT @ Thumb mode? bne __und_usr_thumb sub r4, r2, #4 @ ARM instr at LR - 4 @@ -555,7 +560,7 @@ ENDPROC(__und_usr) * r9 = normal "successful" return address * r10 = this threads thread_info structure * lr = unrecognised instruction return address - * IRQs disabled, FIQs enabled. + * IRQs enabled, FIQs enabled. */ @ @ Fall-through from Thumb-2 __und_usr @@ -667,7 +672,6 @@ call_fpe: #endif do_fpe: - enable_irq ldr r4, .LCfp add r10, r10, #TI_FPSTATE @ r10 = workspace ldr pc, [r4] @ Call FP module USR entry point @@ -695,8 +699,7 @@ __und_usr_fault_32: b 1f __und_usr_fault_16: mov r1, #2 -1: enable_irq - mov r0, sp +1: mov r0, sp adr lr, BSYM(ret_from_exception) b __und_fault ENDPROC(__und_usr_fault_32) |