From patchwork Fri Oct 5 10:51:33 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Russell King - ARM Linux X-Patchwork-Id: 1552491 Return-Path: X-Original-To: patchwork-linux-arm@patchwork.kernel.org Delivered-To: patchwork-process-083081@patchwork1.kernel.org Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) by patchwork1.kernel.org (Postfix) with ESMTP id D3CE73FE80 for ; Fri, 5 Oct 2012 10:57:06 +0000 (UTC) Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.76 #1 (Red Hat Linux)) id 1TK5YZ-000572-D8; Fri, 05 Oct 2012 10:54:59 +0000 Received: from caramon.arm.linux.org.uk ([78.32.30.218]) by merlin.infradead.org with esmtps (Exim 4.76 #1 (Red Hat Linux)) id 1TK5YV-00055K-9i for linux-arm-kernel@lists.infradead.org; Fri, 05 Oct 2012 10:54:56 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=arm.linux.org.uk; s=caramon; h=Sender:In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:Cc:To:From:Date; bh=+I0iRZmxLNO01tziK1KZJOHG+JWgRPsf+XgNq3vMaNI=; b=XWRec28RzYnsCnR13NQiJndoipw5ODiR2IsCiALPIsfgrpeeReyKRmEEYiGTsCudZ4JublfP3J/t15WSova6VaISVS4Nv4TV+cWY0BQUZx8NsxC9RnK7iyGPzxe8aMi+r+X6RaZKTV1LnW3jyjsKZqKTU3jvYs3fg5hZBHNNdCs=; Received: from n2100.arm.linux.org.uk ([2002:4e20:1eda:1:214:fdff:fe10:4f86]:47802) by caramon.arm.linux.org.uk with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.76) (envelope-from ) id 1TK5VG-00079Y-Kg; Fri, 05 Oct 2012 11:51:35 +0100 Received: from linux by n2100.arm.linux.org.uk with local (Exim 4.76) (envelope-from ) id 1TK5VF-0005UX-KP; Fri, 05 Oct 2012 11:51:33 +0100 Date: Fri, 5 Oct 2012 11:51:33 +0100 From: Russell King - ARM Linux To: Rob Herring , Will Deacon Subject: Re: alignment faults in 3.6 Message-ID: <20121005105133.GP4625@n2100.arm.linux.org.uk> References: <506E1762.3010601@gmail.com> <20121005072914.GE4625@n2100.arm.linux.org.uk> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20121005072914.GE4625@n2100.arm.linux.org.uk> User-Agent: Mutt/1.5.19 (2009-01-05) X-Spam-Note: CRM114 invocation failed X-Spam-Score: -6.4 (------) X-Spam-Report: SpamAssassin version 3.3.2 on merlin.infradead.org summary: Content analysis details: (-6.4 points) pts rule name description ---- ---------------------- -------------------------------------------------- -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/, medium trust [78.32.30.218 listed in list.dnswl.org] -2.1 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature Cc: Michael Hope , "linux-arm-kernel@lists.infradead.org" X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-arm-kernel-bounces@lists.infradead.org Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org On Fri, Oct 05, 2012 at 08:29:14AM +0100, Russell King - ARM Linux wrote: > On Thu, Oct 04, 2012 at 06:10:26PM -0500, Rob Herring wrote: > > I would think the scheduling while atomic messages are harmless in this > > case. However, in addition to spewing out BUG messages this commit also > > seems to eventually cause a kernel panic in __napi_complete. That panic > > seems to go away if I put barrier() between the 2 accesses above which > > eliminates the alignment faults. I haven't figured that part out yet. > > > > There's at least a couple of problems here: > > > > This seems like an overly aggressive compiler optimization considering > > unaligned accesses are not supported by ldm/stm. > > > > The alignment fault handler should handle kernel address faults atomically. > > This is bad news. do_alignment() can be called in almost any kernel > context, and it must work. die() and oops dumps - specifically dump_mem() > and dump_instr() will suffer from exactly the same problem. Okay, this should fix the issue... I've only compile tested it so far. Rob, as you have a way to trigger this easily, can you give this patch a go and let me know if it solves your problem? Thanks. arch/arm/kernel/traps.c | 34 +++++++--------------------------- arch/arm/mm/alignment.c | 11 ++++------- 2 files changed, 11 insertions(+), 34 deletions(-) Tested-by: Rob Herring diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c index b0179b8..62f429e 100644 --- a/arch/arm/kernel/traps.c +++ b/arch/arm/kernel/traps.c @@ -89,17 +89,8 @@ static void dump_mem(const char *lvl, const char *str, unsigned long bottom, unsigned long top) { unsigned long first; - mm_segment_t fs; int i; - /* - * We need to switch to kernel mode so that we can use __get_user - * to safely read from kernel space. Note that we now dump the - * code first, just in case the backtrace kills us. - */ - fs = get_fs(); - set_fs(KERNEL_DS); - printk("%s%s(0x%08lx to 0x%08lx)\n", lvl, str, bottom, top); for (first = bottom & ~31; first < top; first += 32) { @@ -112,7 +103,7 @@ static void dump_mem(const char *lvl, const char *str, unsigned long bottom, for (p = first, i = 0; i < 8 && p < top; i++, p += 4) { if (p >= bottom && p < top) { unsigned long val; - if (__get_user(val, (unsigned long *)p) == 0) + if (probe_kernel_address(p, val) == 0) sprintf(str + i * 9, " %08lx", val); else sprintf(str + i * 9, " ????????"); @@ -120,8 +111,6 @@ static void dump_mem(const char *lvl, const char *str, unsigned long bottom, } printk("%s%04lx:%s\n", lvl, first & 0xffff, str); } - - set_fs(fs); } static void dump_instr(const char *lvl, struct pt_regs *regs) @@ -129,25 +118,18 @@ static void dump_instr(const char *lvl, struct pt_regs *regs) unsigned long addr = instruction_pointer(regs); const int thumb = thumb_mode(regs); const int width = thumb ? 4 : 8; - mm_segment_t fs; char str[sizeof("00000000 ") * 5 + 2 + 1], *p = str; int i; - /* - * We need to switch to kernel mode so that we can use __get_user - * to safely read from kernel space. Note that we now dump the - * code first, just in case the backtrace kills us. - */ - fs = get_fs(); - set_fs(KERNEL_DS); - for (i = -4; i < 1 + !!thumb; i++) { unsigned int val, bad; - if (thumb) - bad = __get_user(val, &((u16 *)addr)[i]); - else - bad = __get_user(val, &((u32 *)addr)[i]); + if (thumb) { + u16 instr; + bad = probe_kernel_address(addr, instr); + val = instr; + } else + bad = probe_kernel_address(addr, val); if (!bad) p += sprintf(p, i == 0 ? "(%0*x) " : "%0*x ", @@ -158,8 +140,6 @@ static void dump_instr(const char *lvl, struct pt_regs *regs) } } printk("%sCode: %s\n", lvl, str); - - set_fs(fs); } #ifdef CONFIG_ARM_UNWIND diff --git a/arch/arm/mm/alignment.c b/arch/arm/mm/alignment.c index b9f60eb..f8f14fc 100644 --- a/arch/arm/mm/alignment.c +++ b/arch/arm/mm/alignment.c @@ -749,7 +749,6 @@ do_alignment(unsigned long addr, unsigned int fsr, struct pt_regs *regs) unsigned long instr = 0, instrptr; int (*handler)(unsigned long addr, unsigned long instr, struct pt_regs *regs); unsigned int type; - mm_segment_t fs; unsigned int fault; u16 tinstr = 0; int isize = 4; @@ -760,16 +759,15 @@ do_alignment(unsigned long addr, unsigned int fsr, struct pt_regs *regs) instrptr = instruction_pointer(regs); - fs = get_fs(); - set_fs(KERNEL_DS); if (thumb_mode(regs)) { - fault = __get_user(tinstr, (u16 *)(instrptr & ~1)); + unsigned long ptr = instrptr; + fault = probe_kernel_address(ptr, tinstr); if (!fault) { if (cpu_architecture() >= CPU_ARCH_ARMv7 && IS_T32(tinstr)) { /* Thumb-2 32-bit */ u16 tinst2 = 0; - fault = __get_user(tinst2, (u16 *)(instrptr+2)); + fault = probe_kernel_address(ptr + 2, tinst2); instr = (tinstr << 16) | tinst2; thumb2_32b = 1; } else { @@ -778,8 +776,7 @@ do_alignment(unsigned long addr, unsigned int fsr, struct pt_regs *regs) } } } else - fault = __get_user(instr, (u32 *)instrptr); - set_fs(fs); + fault = probe_kernel_address(instrptr, instr); if (fault) { type = TYPE_FAULT;