releases/4.0.9/arm64-entry-fix-context-tracking-for-el0_sp_pc.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From 46b0567c851cf85d6ba6f23eef385ec9111d09bc Mon Sep 17 00:00:00 2001
 From: Mark Rutland <mark.rutland@arm.com>
 Date: Mon, 15 Jun 2015 16:40:27 +0100
 Subject: arm64: entry: fix context tracking for el0_sp_pc

 From: Mark Rutland <mark.rutland@arm.com>

 commit 46b0567c851cf85d6ba6f23eef385ec9111d09bc upstream.

 Commit 6c81fe7925cc4c42 ("arm64: enable context tracking") did not
 update el0_sp_pc to use ct_user_exit, but this appears to have been
 unintentional. In commit 6ab6463aeb5fbc75 ("arm64: adjust el0_sync so
 that a function can be called") we made x0 available, and in the return
 to userspace we call ct_user_enter in the kernel_exit macro.

 Due to this, we currently don't correctly inform RCU of the user->kernel
 transition, and may erroneously account for time spent in the kernel as
 if we were in an extended quiescent state when CONFIG_CONTEXT_TRACKING
 is enabled.

 As we do record the kernel->user transition, a userspace application
 making accesses from an unaligned stack pointer can demonstrate the
 imbalance, provoking the following warning:

 ------------[ cut here ]------------
 WARNING: CPU: 2 PID: 3660 at kernel/context_tracking.c:75 context_tracking_enter+0xd8/0xe4()
 Modules linked in:
 CPU: 2 PID: 3660 Comm: a.out Not tainted 4.1.0-rc7+ #8
 Hardware name: ARM Juno development board (r0) (DT)
 Call trace:
 [<ffffffc000089914>] dump_backtrace+0x0/0x124
 [<ffffffc000089a48>] show_stack+0x10/0x1c
 [<ffffffc0005b3cbc>] dump_stack+0x84/0xc8
 [<ffffffc0000b3214>] warn_slowpath_common+0x98/0xd0
 [<ffffffc0000b330c>] warn_slowpath_null+0x14/0x20
 [<ffffffc00013ada4>] context_tracking_enter+0xd4/0xe4
 [<ffffffc0005b534c>] preempt_schedule_irq+0xd4/0x114
 [<ffffffc00008561c>] el1_preempt+0x4/0x28
 [<ffffffc0001b8040>] exit_files+0x38/0x4c
 [<ffffffc0000b5b94>] do_exit+0x430/0x978
 [<ffffffc0000b614c>] do_group_exit+0x40/0xd4
 [<ffffffc0000c0208>] get_signal+0x23c/0x4f4
 [<ffffffc0000890b4>] do_signal+0x1ac/0x518
 [<ffffffc000089650>] do_notify_resume+0x5c/0x68
 ---[ end trace 963c192600337066 ]---

 This patch adds the missing ct_user_exit to the el0_sp_pc entry path,
 correcting the context tracking for this case.

 Signed-off-by: Mark Rutland <mark.rutland@arm.com>
 Acked-by: Will Deacon <will.deacon@arm.com>
 Fixes: 6c81fe7925cc ("arm64: enable context tracking")
 Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 ---
  arch/arm64/kernel/entry.S |    1 +
  1 file changed, 1 insertion(+)

 --- a/arch/arm64/kernel/entry.S
 +++ b/arch/arm64/kernel/entry.S
 @@ -517,6 +517,7 @@ el0_sp_pc:
  	mrs	x26, far_el1
  	// enable interrupts before calling the main handler
  	enable_dbg_and_irq
 +	ct_user_exit
  	mov	x0, x26
  	mov	x1, x25
  	mov	x2, sp
	From 46b0567c851cf85d6ba6f23eef385ec9111d09bc Mon Sep 17 00:00:00 2001
	From: Mark Rutland <mark.rutland@arm.com>
	Date: Mon, 15 Jun 2015 16:40:27 +0100
	Subject: arm64: entry: fix context tracking for el0_sp_pc

	From: Mark Rutland <mark.rutland@arm.com>

	commit 46b0567c851cf85d6ba6f23eef385ec9111d09bc upstream.

	Commit 6c81fe7925cc4c42 ("arm64: enable context tracking") did not
	update el0_sp_pc to use ct_user_exit, but this appears to have been
	unintentional. In commit 6ab6463aeb5fbc75 ("arm64: adjust el0_sync so
	that a function can be called") we made x0 available, and in the return
	to userspace we call ct_user_enter in the kernel_exit macro.

	Due to this, we currently don't correctly inform RCU of the user->kernel
	transition, and may erroneously account for time spent in the kernel as
	if we were in an extended quiescent state when CONFIG_CONTEXT_TRACKING
	is enabled.

	As we do record the kernel->user transition, a userspace application
	making accesses from an unaligned stack pointer can demonstrate the
	imbalance, provoking the following warning:

	------------[ cut here ]------------
	WARNING: CPU: 2 PID: 3660 at kernel/context_tracking.c:75 context_tracking_enter+0xd8/0xe4()
	Modules linked in:
	CPU: 2 PID: 3660 Comm: a.out Not tainted 4.1.0-rc7+ #8
	Hardware name: ARM Juno development board (r0) (DT)
	Call trace:
	[<ffffffc000089914>] dump_backtrace+0x0/0x124
	[<ffffffc000089a48>] show_stack+0x10/0x1c
	[<ffffffc0005b3cbc>] dump_stack+0x84/0xc8
	[<ffffffc0000b3214>] warn_slowpath_common+0x98/0xd0
	[<ffffffc0000b330c>] warn_slowpath_null+0x14/0x20
	[<ffffffc00013ada4>] context_tracking_enter+0xd4/0xe4
	[<ffffffc0005b534c>] preempt_schedule_irq+0xd4/0x114
	[<ffffffc00008561c>] el1_preempt+0x4/0x28
	[<ffffffc0001b8040>] exit_files+0x38/0x4c
	[<ffffffc0000b5b94>] do_exit+0x430/0x978
	[<ffffffc0000b614c>] do_group_exit+0x40/0xd4
	[<ffffffc0000c0208>] get_signal+0x23c/0x4f4
	[<ffffffc0000890b4>] do_signal+0x1ac/0x518
	[<ffffffc000089650>] do_notify_resume+0x5c/0x68
	---[ end trace 963c192600337066 ]---

	This patch adds the missing ct_user_exit to the el0_sp_pc entry path,
	correcting the context tracking for this case.

	Signed-off-by: Mark Rutland <mark.rutland@arm.com>
	Acked-by: Will Deacon <will.deacon@arm.com>
	Fixes: 6c81fe7925cc ("arm64: enable context tracking")
	Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

	---
	arch/arm64/kernel/entry.S \| 1 +
	1 file changed, 1 insertion(+)

	--- a/arch/arm64/kernel/entry.S
	+++ b/arch/arm64/kernel/entry.S
	@@ -517,6 +517,7 @@ el0_sp_pc:
	mrs x26, far_el1
	// enable interrupts before calling the main handler
	enable_dbg_and_irq
	+ ct_user_exit
	mov x0, x26
	mov x1, x25
	mov x2, sp