aboutsummaryrefslogtreecommitdiffstats
path: root/arch/powerpc/mm
diff options
context:
space:
mode:
authorAneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>2013-09-10 09:14:42 -0400
committerBenjamin Herrenschmidt <benh@kernel.crashing.org>2013-09-10 21:39:37 -0400
commit69e044dd759e26667c110ab771d2c908fbd5d3dd (patch)
treebdd11f7c23fc8472e025f133b283c7cc322ada32 /arch/powerpc/mm
parent256588fda10f2a712631f8a4e72641a66adebdb8 (diff)
powerpc: Fix possible deadlock on page fault
stack_grow_into/14082 is trying to acquire lock: (&mm->mmap_sem){++++++}, at: [<c000000000206d28>] .might_fault+0x78/0xe0 but task is already holding lock: (&mm->mmap_sem){++++++}, at: [<c0000000007ffd8c>] .do_page_fault+0x24c/0x910 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&mm->mmap_sem); lock(&mm->mmap_sem); *** DEADLOCK *** May be due to missing lock nesting notation 1 lock held by stack_grow_into/14082: #0: (&mm->mmap_sem){++++++}, at: [<c0000000007ffd8c>] .do_page_fault+0x24c/0x910 stack backtrace: CPU: 21 PID: 14082 Comm: stack_grow_into Not tainted 3.10.0-10.el7.ppc64.debug #1 Call Trace: [c0000003d396b850] [c000000000016e7c] .show_stack+0x7c/0x1f0 (unreliable) [c0000003d396b920] [c000000000813fc8] .dump_stack+0x28/0x3c [c0000003d396b990] [c000000000124b90] .__lock_acquire+0x1640/0x1800 [c0000003d396bab0] [c00000000012570c] .lock_acquire+0xac/0x250 [c0000003d396bb80] [c000000000206d54] .might_fault+0xa4/0xe0 [c0000003d396bbf0] [c0000000007ffe2c] .do_page_fault+0x2ec/0x910 [c0000003d396be30] [c0000000000092e8] handle_page_fault+0x10/0x30 Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Diffstat (limited to 'arch/powerpc/mm')
-rw-r--r--arch/powerpc/mm/fault.c13
1 files changed, 10 insertions, 3 deletions
diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c
index 76d8e7cc7805..2dd69bf4af46 100644
--- a/arch/powerpc/mm/fault.c
+++ b/arch/powerpc/mm/fault.c
@@ -206,7 +206,7 @@ int __kprobes do_page_fault(struct pt_regs *regs, unsigned long address,
206 int trap = TRAP(regs); 206 int trap = TRAP(regs);
207 int is_exec = trap == 0x400; 207 int is_exec = trap == 0x400;
208 int fault; 208 int fault;
209 int rc = 0; 209 int rc = 0, store_update_sp = 0;
210 210
211#if !(defined(CONFIG_4xx) || defined(CONFIG_BOOKE)) 211#if !(defined(CONFIG_4xx) || defined(CONFIG_BOOKE))
212 /* 212 /*
@@ -280,6 +280,14 @@ int __kprobes do_page_fault(struct pt_regs *regs, unsigned long address,
280 280
281 perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS, 1, regs, address); 281 perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS, 1, regs, address);
282 282
283 /*
284 * We want to do this outside mmap_sem, because reading code around nip
285 * can result in fault, which will cause a deadlock when called with
286 * mmap_sem held
287 */
288 if (user_mode(regs))
289 store_update_sp = store_updates_sp(regs);
290
283 /* When running in the kernel we expect faults to occur only to 291 /* When running in the kernel we expect faults to occur only to
284 * addresses in user space. All other faults represent errors in the 292 * addresses in user space. All other faults represent errors in the
285 * kernel and should generate an OOPS. Unfortunately, in the case of an 293 * kernel and should generate an OOPS. Unfortunately, in the case of an
@@ -345,8 +353,7 @@ retry:
345 * between the last mapped region and the stack will 353 * between the last mapped region and the stack will
346 * expand the stack rather than segfaulting. 354 * expand the stack rather than segfaulting.
347 */ 355 */
348 if (address + 2048 < uregs->gpr[1] 356 if (address + 2048 < uregs->gpr[1] && !store_update_sp)
349 && (!user_mode(regs) || !store_updates_sp(regs)))
350 goto bad_area; 357 goto bad_area;
351 } 358 }
352 if (expand_stack(vma, address)) 359 if (expand_stack(vma, address))
generated by cgit v1.2.2 (git 2.25.0) at 2025-02-03 03:41:54 -0500