Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 618febd6 authored by James Bottomley's avatar James Bottomley Committed by Kyle McMartin
Browse files

[PARISC] Fix the alloc_slabmgmt panic 



Fix the alloc_slabmgmt panic

Hopefully this should also fix a lot of other intermittent kernel bugs.

The problem has been around since 2.6.9-rc2-pa6 when we allowed
floating point registers to be used in kernel code.  The essence of
the problem is that gcc prefers to use floating point for integer
divides and multiples.  Further, it can rely on the values in the no
clobber fp regs being correct across a function call.  Unfortunately,
our task switch function only saves the integer no clobber registers,
not the fp ones, so if gcc makes a function call to any function in
the kernel which could sleep, the values it is relying on in any no
clobber floating point register may be lost.  In the case of
alloc_slabmgmt, the value of the page offset is being stored in %fr12
across a call to kmem_getpages(), which sleeps if no pages are
available.  Thus, the offset can be trashed and the slab code can end
up with a completely bogus address leading to corruption.

Kudos to Randolph who came up with the program to trip this problem at
will and thus allowed it to be tracked and fixed.

Signed-off-by: default avatarJames Bottomley <jejb@parisc-linux.org>

Signed-off-by: default avatarKyle McMartin <kyle@parisc-linux.org>
parent b2450cc1

arch/parisc/kernel/entry.S

+2 −0
Original line number Diff line number Diff line
@@ -863,6 +863,7 @@ __execve: 
_switch_to:

	STREG	 %r2, -RP_OFFSET(%r30)



	callee_save_float

	callee_save



	load32	_switch_to_ret, %r2
@@ -879,6 +880,7 @@ _switch_to: 
_switch_to_ret:

	mtctl	%r0, %cr0		/* Needed for single stepping */

	callee_rest

	callee_rest_float



	LDREG	-RP_OFFSET(%r30), %r2

	bv	%r0(%r2)

include/asm-parisc/assembly.h

+34 −6
Original line number Diff line number Diff line
@@ -21,6 +21,7 @@ 
#ifndef _PARISC_ASSEMBLY_H

#define _PARISC_ASSEMBLY_H



#define CALLEE_FLOAT_FRAME_SIZE	80

#ifdef __LP64__

#define LDREG	ldd

#define STREG	std
@@ -30,7 +31,7 @@ 
#define SHRREG  shrd

#define RP_OFFSET	16

#define FRAME_SIZE	128

#define CALLEE_SAVE_FRAME_SIZE	144

#define CALLEE_REG_FRAME_SIZE	144

#else

#define LDREG	ldw

#define STREG	stw
@@ -40,8 +41,9 @@ 
#define SHRREG  shr

#define RP_OFFSET	20

#define FRAME_SIZE	64

#define CALLEE_SAVE_FRAME_SIZE	128

#define CALLEE_REG_FRAME_SIZE	128

#endif

#define CALLEE_SAVE_FRAME_SIZE (CALLEE_REG_FRAME_SIZE + CALLEE_FLOAT_FRAME_SIZE)



#ifdef CONFIG_PA20

#define BL		b,l
@@ -300,9 +302,35 @@ 
	fldd,mb	-8(\regs),       %fr0

	.endm



	.macro	callee_save_float

	fstd,ma	 %fr12,	8(%r30)

	fstd,ma	 %fr13,	8(%r30)

	fstd,ma	 %fr14,	8(%r30)

	fstd,ma	 %fr15,	8(%r30)

	fstd,ma	 %fr16,	8(%r30)

	fstd,ma	 %fr17,	8(%r30)

	fstd,ma	 %fr18,	8(%r30)

	fstd,ma	 %fr19,	8(%r30)

	fstd,ma	 %fr20,	8(%r30)

	fstd,ma	 %fr21,	8(%r30)

	.endm



	.macro	callee_rest_float

	fldd,mb	-8(%r30),   %fr21

	fldd,mb	-8(%r30),   %fr20

	fldd,mb	-8(%r30),   %fr19

	fldd,mb	-8(%r30),   %fr18

	fldd,mb	-8(%r30),   %fr17

	fldd,mb	-8(%r30),   %fr16

	fldd,mb	-8(%r30),   %fr15

	fldd,mb	-8(%r30),   %fr14

	fldd,mb	-8(%r30),   %fr13

	fldd,mb	-8(%r30),   %fr12

	.endm



#ifdef __LP64__

	.macro	callee_save

	std,ma	  %r3,	CALLEE_SAVE_FRAME_SIZE(%r30)

	std,ma	  %r3,	 CALLEE_REG_FRAME_SIZE(%r30)

	mfctl	  %cr27, %r3

	std	  %r4,	-136(%r30)

	std	  %r5,	-128(%r30)
@@ -340,13 +368,13 @@ 
	ldd	-128(%r30),    %r5

	ldd	-136(%r30),    %r4

	mtctl	%r3, %cr27

	ldd,mb	-CALLEE_SAVE_FRAME_SIZE(%r30),    %r3

	ldd,mb	-CALLEE_REG_FRAME_SIZE(%r30),    %r3

	.endm



#else /* ! __LP64__ */



	.macro	callee_save

	stw,ma	 %r3,	CALLEE_SAVE_FRAME_SIZE(%r30)

	stw,ma	 %r3,	CALLEE_REG_FRAME_SIZE(%r30)

	mfctl	 %cr27, %r3

	stw	 %r4,	-124(%r30)

	stw	 %r5,	-120(%r30)
@@ -384,7 +412,7 @@ 
	ldw	-120(%r30),   %r5

	ldw	-124(%r30),   %r4

	mtctl	%r3, %cr27

	ldw,mb	-CALLEE_SAVE_FRAME_SIZE(%r30),   %r3

	ldw,mb	-CALLEE_REG_FRAME_SIZE(%r30),   %r3

	.endm

#endif /* ! __LP64__ */