ARM: 8036/1: Enable IRQs before attempting to read user space in __und_usr

The Undef abort handler in the kernel reads the undefined instruction from user space. If the page table was modified from another CPU, the user access could fail and do_page_fault() will be executed with interrupts disabled. This can potentially deadlock on ARM11MPCore or on Cortex-A15 with erratum 798181 workaround enabled (both implying IPI for TLB maintenance with page table lock held). This patch enables the IRQs in __und_usr before attempting to read the instruction from user space. CRs-Fixed: 685372 Change-Id: Id6dc049b923b577373d38bb66a8404711c1a60f5 Signed-off-by: Catalin Marinas <catalin.marinas@arm.com> Tested-by: Arun KS <getarunks@gmail.com> Cc: Hartley Sweeten <hsweeten@visionengravers.com> Cc: Ryan Mallon <rmallon@gmail.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk> Git-commit: 1417a6b8dc4db73055be9a3aa288b050e9dc06ab Git-repo: git://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git Signed-off-by: Kishan Kumar <kishank@codeaurora.org>
2024-11-01 02:21:16 +00:00 · 2014-04-22 16:14:29 +01:00 · 2014-04-22 16:14:29 +01:00 · bbd24eba8a
commit bbd24eba8a
parent eddaea8d52
4 changed files with 10 additions and 8 deletions
--- a/arch/arm/kernel/entry-armv.S
+++ b/arch/arm/kernel/entry-armv.S
@ -412,6 +412,11 @@ __und_usr:
 	@
 	adr	r9, BSYM(ret_from_exception)

+	@ IRQs must be enabled before attempting to read the instruction from
+	@ user space since that could cause a page/translation fault if the
+	@ page table was modified by another CPU.
+	enable_irq
+
 	tst	r3, #PSR_T_BIT			@ Thumb mode?
 	bne	__und_usr_thumb
 	sub	r4, r2, #4			@ ARM instr at LR - 4
@ -515,7 +520,7 @@ ENDPROC(__und_usr)
 *  r9  = normal "successful" return address
 *  r10 = this threads thread_info structure
 *  lr  = unrecognised instruction return address
- * IRQs disabled, FIQs enabled.
+ * IRQs enabled, FIQs enabled.
 */
 	@
 	@ Fall-through from Thumb-2 __und_usr
@ -622,7 +627,6 @@ call_fpe:
 #endif

 do_fpe:
-	enable_irq
 	ldr	r4, .LCfp
 	add	r10, r10, #TI_FPSTATE		@ r10 = workspace
 	ldr	pc, [r4]			@ Call FP module USR entry point
@ -650,8 +654,7 @@ __und_usr_fault_32:
 	b	1f
 __und_usr_fault_16:
 	mov	r1, #2
-1:	enable_irq
-	mov	r0, sp
+1:	mov	r0, sp
 	adr	lr, BSYM(ret_from_exception)
 	b	__und_fault
 ENDPROC(__und_usr_fault_32)
--- a/arch/arm/kernel/iwmmxt.S
+++ b/arch/arm/kernel/iwmmxt.S
@ -61,7 +61,7 @@
 * r9  = ret_from_exception
 * lr  = undefined instr exit
 *
- * called from prefetch exception handler with interrupts disabled
+ * called from prefetch exception handler with interrupts enabled
 */

 ENTRY(iwmmxt_task_enable)
--- a/arch/arm/mach-ep93xx/crunch-bits.S
+++ b/arch/arm/mach-ep93xx/crunch-bits.S
@ -62,7 +62,7 @@
 * r9  = ret_from_exception
 * lr  = undefined instr exit
 *
- * called from prefetch exception handler with interrupts disabled
+ * called from prefetch exception handler with interrupts enabled
 */
 ENTRY(crunch_task_enable)
 	ldr	r8, =(EP93XX_APB_VIRT_BASE + 0x00130000)	@ syscon addr
--- a/arch/arm/vfp/entry.S
+++ b/arch/arm/vfp/entry.S
@ -19,7 +19,7 @@
@  r9  = normal "successful" return address
@  r10 = this threads thread_info structure
@  lr  = unrecognised instruction return address
-@  IRQs disabled.
+@  IRQs enabled.
@
 ENTRY(do_vfp)
 #ifdef CONFIG_PREEMPT_COUNT
@ -27,7 +27,6 @@ ENTRY(do_vfp)
 	add	r11, r4, #1		@ increment it
 	str	r11, [r10, #TI_PREEMPT]
 #endif
-	enable_irq
 	ldr	r4, .LCvfp
 	ldr	r11, [r10, #TI_CPU]	@ CPU number
 	add	r10, r10, #TI_VFPSTATE	@ r10 = workspace