diff options
| author | Michael Neuling <mikey@neuling.org> | 2013-05-26 14:09:41 -0400 |
|---|---|---|
| committer | Benjamin Herrenschmidt <benh@kernel.crashing.org> | 2013-05-31 18:29:23 -0400 |
| commit | 2b3f8e87cf99a33fb6faf5026d7147748bbd77b6 (patch) | |
| tree | dfeb4cb63821ec34279d26b0ac7a35d96316b648 /Documentation/powerpc | |
| parent | b75c100ef24894bd2c8b52e123bcc5f191c5d9fd (diff) | |
powerpc/tm: Fix userspace stack corruption on signal delivery for active transactions
When in an active transaction that takes a signal, we need to be careful with
the stack. It's possible that the stack has moved back up after the tbegin.
The obvious case here is when the tbegin is called inside a function that
returns before a tend. In this case, the stack is part of the checkpointed
transactional memory state. If we write over this non transactionally or in
suspend, we are in trouble because if we get a tm abort, the program counter
and stack pointer will be back at the tbegin but our in memory stack won't be
valid anymore.
To avoid this, when taking a signal in an active transaction, we need to use
the stack pointer from the checkpointed state, rather than the speculated
state. This ensures that the signal context (written tm suspended) will be
written below the stack required for the rollback. The transaction is aborted
becuase of the treclaim, so any memory written between the tbegin and the
signal will be rolled back anyway.
For signals taken in non-TM or suspended mode, we use the
normal/non-checkpointed stack pointer.
Tested with 64 and 32 bit signals
Signed-off-by: Michael Neuling <mikey@neuling.org>
Cc: <stable@vger.kernel.org> # v3.9
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Diffstat (limited to 'Documentation/powerpc')
| -rw-r--r-- | Documentation/powerpc/transactional_memory.txt | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/Documentation/powerpc/transactional_memory.txt b/Documentation/powerpc/transactional_memory.txt index c54bf3127651..dc23e58ae264 100644 --- a/Documentation/powerpc/transactional_memory.txt +++ b/Documentation/powerpc/transactional_memory.txt | |||
| @@ -147,6 +147,25 @@ Example signal handler: | |||
| 147 | fix_the_problem(ucp->dar); | 147 | fix_the_problem(ucp->dar); |
| 148 | } | 148 | } |
| 149 | 149 | ||
| 150 | When in an active transaction that takes a signal, we need to be careful with | ||
| 151 | the stack. It's possible that the stack has moved back up after the tbegin. | ||
| 152 | The obvious case here is when the tbegin is called inside a function that | ||
| 153 | returns before a tend. In this case, the stack is part of the checkpointed | ||
| 154 | transactional memory state. If we write over this non transactionally or in | ||
| 155 | suspend, we are in trouble because if we get a tm abort, the program counter and | ||
| 156 | stack pointer will be back at the tbegin but our in memory stack won't be valid | ||
| 157 | anymore. | ||
| 158 | |||
| 159 | To avoid this, when taking a signal in an active transaction, we need to use | ||
| 160 | the stack pointer from the checkpointed state, rather than the speculated | ||
| 161 | state. This ensures that the signal context (written tm suspended) will be | ||
| 162 | written below the stack required for the rollback. The transaction is aborted | ||
| 163 | becuase of the treclaim, so any memory written between the tbegin and the | ||
| 164 | signal will be rolled back anyway. | ||
| 165 | |||
| 166 | For signals taken in non-TM or suspended mode, we use the | ||
| 167 | normal/non-checkpointed stack pointer. | ||
| 168 | |||
| 150 | 169 | ||
| 151 | Failure cause codes used by kernel | 170 | Failure cause codes used by kernel |
| 152 | ================================== | 171 | ================================== |