Commit 60657263 authored Nov 11, 2008 by Jeremy Kerr

powerpc/spufs: Fix spinning in spufs_ps_fault on signal



Currently, we can end up in an infinite loop if we get a signal
while the kernel has faulted in spufs_ps_fault. Eg:

 alarm(1);

 write(fd, some_spu_psmap_register_address, 4);

- the write's copy_from_user will fault on the ps mapping, and
signal_pending will be non-zero. Because returning from the fault
handler will never clear TIF_SIGPENDING, so we'll just keep faulting,
resulting in an unkillable process using 100% of CPU.

This change returns VM_FAULT_SIGBUS if there's a fatal signal pending,
letting us escape the loop.

Signed-off-by: Jeremy Kerr <jk@ozlabs.org>

parent 34318c25

arch/powerpc/platforms/cell/spufs/file.c

+3 −0

Original line number	Original line	Diff line number	Diff line
	@@ -390,6 +390,9 @@ static int spufs_ps_fault(struct vm_area_struct *vma,
	if (offset >= ps_size)		if (offset >= ps_size)
	return VM_FAULT_SIGBUS;		return VM_FAULT_SIGBUS;

			if (fatal_signal_pending(current))
			return VM_FAULT_SIGBUS;

	/*		/*
	* Because we release the mmap_sem, the context may be destroyed while		* Because we release the mmap_sem, the context may be destroyed while
	* we're in spu_wait. Grab an extra reference so it isn't destroyed		* we're in spu_wait. Grab an extra reference so it isn't destroyed