From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.5 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2A721C2B9F4 for ; Wed, 23 Jun 2021 02:41:27 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id E5B6F6115A for ; Wed, 23 Jun 2021 02:41:26 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org E5B6F6115A Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=huawei.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Date:Message-ID:CC:To: Subject:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=KXodfUdqHhBoWCtFNLxgruLZHRtI3Ng7J7NBTtjwvpg=; b=Jf7v8oo2KwF6ls EkxddUgis14ueu/SDQImmk6mpSRErF9Z0j/0J3nSkE9NMbw+ruamMh/LkwKXYnMeYm6monctSqIaz q8wrrp3nqJG/BNnSASVr+EVYE2yP2upGZqkvAm5AZjZK9rA7xTjjfa0YtrKfi3uZEVGDzph9ziDNl hxibhkbpIPpiSSUMKcXYWMyePwxLgv/GLFPILBJxR/3mLG1Ysa0bpMNNOVWDCdK3M5eNstFweZFn8 uFRFo2cpKzPLcMSKVZg04Y3A/sn5ipIHXSZ8LycMF4fMPSGcIKg/uNtAmYhvF+ufE8ECNBYlKyz2d c3urEtFdUBwN+a+Wl+Aw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1lvsnt-0093F6-N8; Wed, 23 Jun 2021 02:39:49 +0000 Received: from szxga08-in.huawei.com ([45.249.212.255]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1lvsnp-0093DQ-86 for linux-arm-kernel@lists.infradead.org; Wed, 23 Jun 2021 02:39:46 +0000 Received: from dggemv704-chm.china.huawei.com (unknown [172.30.72.54]) by szxga08-in.huawei.com (SkyGuard) with ESMTP id 4G8nQl3nYbz1BQlm; Wed, 23 Jun 2021 10:34:23 +0800 (CST) Received: from dggema756-chm.china.huawei.com (10.1.198.198) by dggemv704-chm.china.huawei.com (10.3.19.47) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.2176.2; Wed, 23 Jun 2021 10:39:33 +0800 Received: from [10.174.177.134] (10.174.177.134) by dggema756-chm.china.huawei.com (10.1.198.198) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2176.2; Wed, 23 Jun 2021 10:39:32 +0800 From: Chen Huang Subject: [BUG] arm64: an infinite loop in generic_perform_write() To: Andrew Morton , Stephen Rothwell , "Matthew Wilcox (Oracle)" , "Al Viro" , Randy Dunlap , "Catalin Marinas" , Will Deacon CC: Linux ARM , linux-mm , open list Message-ID: Date: Wed, 23 Jun 2021 10:39:31 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.7.0 MIME-Version: 1.0 X-Originating-IP: [10.174.177.134] X-ClientProxiedBy: dggems703-chm.china.huawei.com (10.3.19.180) To dggema756-chm.china.huawei.com (10.1.198.198) X-CFilter-Loop: Reflected X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210622_193945_502982_3A639AAF X-CRM114-Status: UNSURE ( 8.72 ) X-CRM114-Notice: Please train this message. X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org When we access a device memory in userspace, then perform an unaligned write to a file. For example, we register a uio device and mmap the device, then perform an write to a file, like that: device_addr = mmap(device_fd); write(file_fd, device_addr + unaligned_num, size); We found that the infinite loop happened in generic_perform_write function: again: copied = copy_page_from_iter_atomic(); //copied = 0 status = ops->write_end(); //status = 0 if (status == 0) goto again; In copy_page_from_iter_atomic, the copyin() function finally call __arch_copy_from_user which create an exception table entry for 'insn'. Then when kernel handles the alignment_fault, it will not panic. As the arm64 memory model spec said, when the address is not a multiple of the element size, the access is unaligned. Unaligned accesses are allowed to addresses marked as Normal, but not to Device regions. An unaligned access to a Device region will trigger an exception (alignment fault). do_alignment_fault do_bad_area __do_kernel_fault fixup_exception But that fixup cann't handle the unaligned copy, so the copy_page_from_iter_atomic returns 0 and traps in loop. Reported-by: Chen Huang _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel