powerpc: Remove ksp_limit on ppc64

We've been keeping that field in thread_struct for a while, it contains the "limit" of the current stack pointer and is meant to be used for detecting stack overflows. It has a few problems however: - First, it was never actually *used* on 64-bit. Set and updated but not actually exploited - When switching stack to/from irq and softirq stacks, it's update is racy unless we hard disable interrupts, which is costly. This is fine on 32-bit as we don't soft-disable there but not on 64-bit. Thus rather than fixing 2 in order to implement 1 in some hypothetical future, let's remove the code completely from 64-bit. In order to avoid a clutter of ifdef's, we remove the updates from C code completely during interrupt stack switching, and instead maintain it from the asm helper that is used to do the stack switching in the first place. Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
author: Benjamin Herrenschmidt <benh@kernel.crashing.org> 2013-09-24 01:17:21 -0400
committer: Benjamin Herrenschmidt <benh@kernel.crashing.org> 2013-09-25 00:15:51 -0400
commit: cbc9565ee82694dec31d8137dec975b83175183b (patch)
tree: 7740d7f8f0372e80c067ee2e867bb69ab7b15eec /arch/powerpc/kernel
parent: 0366a1c70b89efed4f9d590216bb004a16effbed (diff)
4 files changed, 20 insertions, 14 deletions
diff --git a/arch/powerpc/kernel/asm-offsets.c b/arch/powerpc/kernel/asm-offsets.c
index d8958be5f31a..502c7a4e73f7 100644
--- a/arch/powerpc/kernel/asm-offsets.c
+++ b/arch/powerpc/kernel/asm-offsets.c
@@ -80,10 +80,11 @@ int main(void)
        DEFINE(TASKTHREADPPR, offsetof(struct task_struct, thread.ppr));
 #else
        DEFINE(THREAD_INFO, offsetof(struct task_struct, stack));
+        DEFINE(THREAD_INFO_GAP, _ALIGN_UP(sizeof(struct thread_info), 16));
+        DEFINE(KSP_LIMIT, offsetof(struct thread_struct, ksp_limit));
 #endif /* CONFIG_PPC64 */
        DEFINE(KSP, offsetof(struct thread_struct, ksp));
-        DEFINE(KSP_LIMIT, offsetof(struct thread_struct, ksp_limit));
        DEFINE(PT_REGS, offsetof(struct thread_struct, regs));
 #ifdef CONFIG_BOOKE
        DEFINE(THREAD_NORMSAVES, offsetof(struct thread_struct, normsave[0]));
diff --git a/arch/powerpc/kernel/irq.c b/arch/powerpc/kernel/irq.c
index 2234a1276a77..57d286a78f86 100644
--- a/arch/powerpc/kernel/irq.c
+++ b/arch/powerpc/kernel/irq.c
@@ -496,7 +496,6 @@ void do_IRQ(struct pt_regs *regs)
 {
        struct pt_regs *old_regs = set_irq_regs(regs);
        struct thread_info *curtp, *irqtp;
-        unsigned long saved_sp_limit;
        /* Switch to the irq stack to handle this */
        curtp = current_thread_info();
@@ -509,12 +508,6 @@ void do_IRQ(struct pt_regs *regs)
                return;
        }
-        /* Adjust the stack limit */
-        saved_sp_limit = current->thread.ksp_limit;
-        current->thread.ksp_limit = (unsigned long)irqtp +
-                _ALIGN_UP(sizeof(struct thread_info), 16);
        /* Prepare the thread_info in the irq stack */
        irqtp->task = curtp->task;
        irqtp->flags = 0;
@@ -526,7 +519,6 @@ void do_IRQ(struct pt_regs *regs)
        call_do_irq(regs, irqtp);
        /* Restore stack limit */
-        current->thread.ksp_limit = saved_sp_limit;
        irqtp->task = NULL;
        /* Copy back updates to the thread_info */
@@ -604,16 +596,12 @@ void irq_ctx_init(void)
 static inline void do_softirq_onstack(void)
 {
        struct thread_info *curtp, *irqtp;
-        unsigned long saved_sp_limit = current->thread.ksp_limit;
        curtp = current_thread_info();
        irqtp = softirq_ctx[smp_processor_id()];
        irqtp->task = curtp->task;
        irqtp->flags = 0;
-        current->thread.ksp_limit = (unsigned long)irqtp +
-                                    _ALIGN_UP(sizeof(struct thread_info), 16);
        call_do_softirq(irqtp);
-        current->thread.ksp_limit = saved_sp_limit;
        irqtp->task = NULL;
        /* Set any flag that may have been set on the
diff --git a/arch/powerpc/kernel/misc_32.S b/arch/powerpc/kernel/misc_32.S
index 7da3882a3622..2b0ad9845363 100644
--- a/arch/powerpc/kernel/misc_32.S
+++ b/arch/powerpc/kernel/misc_32.S
@@ -36,25 +36,41 @@
        .text
+/*
+ * We store the saved ksp_limit in the unused part
+ * of the STACK_FRAME_OVERHEAD
+ */
 _GLOBAL(call_do_softirq)
        mflr    r0
        stw     r0,4(r1)
+        lwz     r10,THREAD+KSP_LIMIT(r2)
+        addi    r11,r3,THREAD_INFO_GAP
        stwu    r1,THREAD_SIZE-STACK_FRAME_OVERHEAD(r3)
        mr      r1,r3
+        stw     r10,8(r1)
+        stw     r11,THREAD+KSP_LIMIT(r2)
        bl      __do_softirq
+        lwz     r10,8(r1)
        lwz     r1,0(r1)
        lwz     r0,4(r1)
+        stw     r10,THREAD+KSP_LIMIT(r2)
        mtlr    r0
        blr
 _GLOBAL(call_do_irq)
        mflr    r0
        stw     r0,4(r1)
+        lwz     r10,THREAD+KSP_LIMIT(r2)
+        addi    r11,r3,THREAD_INFO_GAP
        stwu    r1,THREAD_SIZE-STACK_FRAME_OVERHEAD(r4)
        mr      r1,r4
+        stw     r10,8(r1)
+        stw     r11,THREAD+KSP_LIMIT(r2)
        bl      __do_irq
+        lwz     r10,8(r1)
        lwz     r1,0(r1)
        lwz     r0,4(r1)
+        stw     r10,THREAD+KSP_LIMIT(r2)
        mtlr    r0
        blr
diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c
index 6f428da53e20..96d2fdf3aa9e 100644
--- a/arch/powerpc/kernel/process.c
+++ b/arch/powerpc/kernel/process.c
@@ -1000,9 +1000,10 @@ int copy_thread(unsigned long clone_flags, unsigned long usp,
        kregs = (struct pt_regs *) sp;
        sp -= STACK_FRAME_OVERHEAD;
        p->thread.ksp = sp;
+#ifdef CONFIG_PPC32
        p->thread.ksp_limit = (unsigned long)task_stack_page(p) +
                                _ALIGN_UP(sizeof(struct thread_info), 16);
+#endif
 #ifdef CONFIG_HAVE_HW_BREAKPOINT
        p->thread.ptrace_bps[0] = NULL;
 #endif
author	Benjamin Herrenschmidt <benh@kernel.crashing.org>	2013-09-24 01:17:21 -0400
committer	Benjamin Herrenschmidt <benh@kernel.crashing.org>	2013-09-25 00:15:51 -0400
commit	cbc9565ee82694dec31d8137dec975b83175183b (patch)
tree	7740d7f8f0372e80c067ee2e867bb69ab7b15eec /arch/powerpc/kernel
parent	0366a1c70b89efed4f9d590216bb004a16effbed (diff)

diff --git a/arch/powerpc/kernel/asm-offsets.c b/arch/powerpc/kernel/asm-offsets.c index d8958be5f31a..502c7a4e73f7 100644 --- a/arch/powerpc/kernel/asm-offsets.c +++ b/arch/powerpc/kernel/asm-offsets.c
@@ -80,10 +80,11 @@ int main(void)
80	DEFINE(TASKTHREADPPR, offsetof(struct task_struct, thread.ppr));	80	DEFINE(TASKTHREADPPR, offsetof(struct task_struct, thread.ppr));
81	#else	81	#else
82	DEFINE(THREAD_INFO, offsetof(struct task_struct, stack));	82	DEFINE(THREAD_INFO, offsetof(struct task_struct, stack));
		83	DEFINE(THREAD_INFO_GAP, _ALIGN_UP(sizeof(struct thread_info), 16));
		84	DEFINE(KSP_LIMIT, offsetof(struct thread_struct, ksp_limit));
83	#endif /* CONFIG_PPC64 */	85	#endif /* CONFIG_PPC64 */
84		86
85	DEFINE(KSP, offsetof(struct thread_struct, ksp));	87	DEFINE(KSP, offsetof(struct thread_struct, ksp));
86	DEFINE(KSP_LIMIT, offsetof(struct thread_struct, ksp_limit));
87	DEFINE(PT_REGS, offsetof(struct thread_struct, regs));	88	DEFINE(PT_REGS, offsetof(struct thread_struct, regs));
88	#ifdef CONFIG_BOOKE	89	#ifdef CONFIG_BOOKE
89	DEFINE(THREAD_NORMSAVES, offsetof(struct thread_struct, normsave[0]));	90	DEFINE(THREAD_NORMSAVES, offsetof(struct thread_struct, normsave[0]));


diff --git a/arch/powerpc/kernel/irq.c b/arch/powerpc/kernel/irq.c index 2234a1276a77..57d286a78f86 100644 --- a/arch/powerpc/kernel/irq.c +++ b/arch/powerpc/kernel/irq.c
@@ -496,7 +496,6 @@ void do_IRQ(struct pt_regs *regs)
496	{	496	{
497	struct pt_regs *old_regs = set_irq_regs(regs);	497	struct pt_regs *old_regs = set_irq_regs(regs);
498	struct thread_info curtp, irqtp;	498	struct thread_info curtp, irqtp;
499	unsigned long saved_sp_limit;
500		499
501	/* Switch to the irq stack to handle this */	500	/* Switch to the irq stack to handle this */
502	curtp = current_thread_info();	501	curtp = current_thread_info();
@@ -509,12 +508,6 @@ void do_IRQ(struct pt_regs *regs)
509	return;	508	return;
510	}	509	}
511		510
512	/* Adjust the stack limit */
513	saved_sp_limit = current->thread.ksp_limit;
514	current->thread.ksp_limit = (unsigned long)irqtp +
515	_ALIGN_UP(sizeof(struct thread_info), 16);
516
517
518	/* Prepare the thread_info in the irq stack */	511	/* Prepare the thread_info in the irq stack */
519	irqtp->task = curtp->task;	512	irqtp->task = curtp->task;
520	irqtp->flags = 0;	513	irqtp->flags = 0;
@@ -526,7 +519,6 @@ void do_IRQ(struct pt_regs *regs)
526	call_do_irq(regs, irqtp);	519	call_do_irq(regs, irqtp);
527		520
528	/* Restore stack limit */	521	/* Restore stack limit */
529	current->thread.ksp_limit = saved_sp_limit;
530	irqtp->task = NULL;	522	irqtp->task = NULL;
531		523
532	/* Copy back updates to the thread_info */	524	/* Copy back updates to the thread_info */
@@ -604,16 +596,12 @@ void irq_ctx_init(void)
604	static inline void do_softirq_onstack(void)	596	static inline void do_softirq_onstack(void)
605	{	597	{
606	struct thread_info curtp, irqtp;	598	struct thread_info curtp, irqtp;
607	unsigned long saved_sp_limit = current->thread.ksp_limit;
608		599
609	curtp = current_thread_info();	600	curtp = current_thread_info();
610	irqtp = softirq_ctx[smp_processor_id()];	601	irqtp = softirq_ctx[smp_processor_id()];
611	irqtp->task = curtp->task;	602	irqtp->task = curtp->task;
612	irqtp->flags = 0;	603	irqtp->flags = 0;
613	current->thread.ksp_limit = (unsigned long)irqtp +
614	_ALIGN_UP(sizeof(struct thread_info), 16);
615	call_do_softirq(irqtp);	604	call_do_softirq(irqtp);
616	current->thread.ksp_limit = saved_sp_limit;
617	irqtp->task = NULL;	605	irqtp->task = NULL;
618		606
619	/* Set any flag that may have been set on the	607	/* Set any flag that may have been set on the


diff --git a/arch/powerpc/kernel/misc_32.S b/arch/powerpc/kernel/misc_32.S index 7da3882a3622..2b0ad9845363 100644 --- a/arch/powerpc/kernel/misc_32.S +++ b/arch/powerpc/kernel/misc_32.S
@@ -36,25 +36,41 @@
36		36
37	.text	37	.text
38		38
		39	/*
		40	* We store the saved ksp_limit in the unused part
		41	* of the STACK_FRAME_OVERHEAD
		42	*/
39	_GLOBAL(call_do_softirq)	43	_GLOBAL(call_do_softirq)
40	mflr r0	44	mflr r0
41	stw r0,4(r1)	45	stw r0,4(r1)
		46	lwz r10,THREAD+KSP_LIMIT(r2)
		47	addi r11,r3,THREAD_INFO_GAP
42	stwu r1,THREAD_SIZE-STACK_FRAME_OVERHEAD(r3)	48	stwu r1,THREAD_SIZE-STACK_FRAME_OVERHEAD(r3)
43	mr r1,r3	49	mr r1,r3
		50	stw r10,8(r1)
		51	stw r11,THREAD+KSP_LIMIT(r2)
44	bl __do_softirq	52	bl __do_softirq
		53	lwz r10,8(r1)
45	lwz r1,0(r1)	54	lwz r1,0(r1)
46	lwz r0,4(r1)	55	lwz r0,4(r1)
		56	stw r10,THREAD+KSP_LIMIT(r2)
47	mtlr r0	57	mtlr r0
48	blr	58	blr
49		59
50	_GLOBAL(call_do_irq)	60	_GLOBAL(call_do_irq)
51	mflr r0	61	mflr r0
52	stw r0,4(r1)	62	stw r0,4(r1)
		63	lwz r10,THREAD+KSP_LIMIT(r2)
		64	addi r11,r3,THREAD_INFO_GAP
53	stwu r1,THREAD_SIZE-STACK_FRAME_OVERHEAD(r4)	65	stwu r1,THREAD_SIZE-STACK_FRAME_OVERHEAD(r4)
54	mr r1,r4	66	mr r1,r4
		67	stw r10,8(r1)
		68	stw r11,THREAD+KSP_LIMIT(r2)
55	bl __do_irq	69	bl __do_irq
		70	lwz r10,8(r1)
56	lwz r1,0(r1)	71	lwz r1,0(r1)
57	lwz r0,4(r1)	72	lwz r0,4(r1)
		73	stw r10,THREAD+KSP_LIMIT(r2)
58	mtlr r0	74	mtlr r0
59	blr	75	blr
60		76


diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c index 6f428da53e20..96d2fdf3aa9e 100644 --- a/arch/powerpc/kernel/process.c +++ b/arch/powerpc/kernel/process.c
@@ -1000,9 +1000,10 @@ int copy_thread(unsigned long clone_flags, unsigned long usp,
1000	kregs = (struct pt_regs *) sp;	1000	kregs = (struct pt_regs *) sp;
1001	sp -= STACK_FRAME_OVERHEAD;	1001	sp -= STACK_FRAME_OVERHEAD;
1002	p->thread.ksp = sp;	1002	p->thread.ksp = sp;
		1003	#ifdef CONFIG_PPC32
1003	p->thread.ksp_limit = (unsigned long)task_stack_page(p) +	1004	p->thread.ksp_limit = (unsigned long)task_stack_page(p) +
1004	_ALIGN_UP(sizeof(struct thread_info), 16);	1005	_ALIGN_UP(sizeof(struct thread_info), 16);
1005		1006	#endif
1006	#ifdef CONFIG_HAVE_HW_BREAKPOINT	1007	#ifdef CONFIG_HAVE_HW_BREAKPOINT
1007	p->thread.ptrace_bps[0] = NULL;	1008	p->thread.ptrace_bps[0] = NULL;
1008	#endif	1009	#endif