[PATCH 1/5] m68k: Disable/restore interrupts in hwreg_present()/hwreg_write()

public inbox for linux-m68k@lists.linux-m68k.org
 help / color / mirror / Atom feed

From: Geert Uytterhoeven <geert@linux-m68k.org>
To: Finn Thain <fthain@telegraphics.com.au>, linux-m68k@lists.linux-m68k.org
Cc: linux-kernel@vger.kernel.org,
	Geert Uytterhoeven <geert@linux-m68k.org>,
	stable@vger.kernel.org
Subject: [PATCH 1/5] m68k: Disable/restore interrupts in hwreg_present()/hwreg_write()
Date: Sun, 28 Sep 2014 11:26:21 +0200	[thread overview]
Message-ID: <1411896385-25384-1-git-send-email-geert@linux-m68k.org> (raw)

hwreg_present() and hwreg_write() temporarily change the VBR register to
another vector table. This table contains a valid bus error handler
only, all other entries point to arbitrary addresses.

If an interrupt comes in while the temporary table is active, the
processor will start executing at such an arbitrary address, and the
kernel will crash.

While most callers run early, before interrupt are disabled, or
explicitly disable interrupts, Finn Thain pointed out that macsonic has
one callsite that doesn't, causing intermittent boot crashes.
There's another unsafe callsite in hilkbd.

Fix this for good by disabling and restoring interrupts inside
hwreg_present() and hwreg_write().

Explicitly disabling interrupts can be removed from the callsites later.

Reported-by: Finn Thain <fthain@telegraphics.com.au>
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Cc: stable@vger.kernel.org
---
 arch/m68k/mm/hwtest.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/arch/m68k/mm/hwtest.c b/arch/m68k/mm/hwtest.c
index 2c7dde3c6430fc3b..2a5259fd23ebc532 100644
--- a/arch/m68k/mm/hwtest.c
+++ b/arch/m68k/mm/hwtest.c
@@ -28,9 +28,11 @@
 int hwreg_present( volatile void *regp )
 {
     int	ret = 0;
+    unsigned long flags;
     long	save_sp, save_vbr;
     long	tmp_vectors[3];
 
+    local_irq_save(flags);
     __asm__ __volatile__
 	(	"movec	%/vbr,%2\n\t"
 		"movel	#Lberr1,%4@(8)\n\t"
@@ -46,6 +48,7 @@ int hwreg_present( volatile void *regp )
 		: "=&d" (ret), "=&r" (save_sp), "=&r" (save_vbr)
 		: "a" (regp), "a" (tmp_vectors)
                 );
+    local_irq_restore(flags);
 
     return( ret );
 }
@@ -58,9 +61,11 @@ EXPORT_SYMBOL(hwreg_present);
 int hwreg_write( volatile void *regp, unsigned short val )
 {
 	int		ret;
+	unsigned long flags;
 	long	save_sp, save_vbr;
 	long	tmp_vectors[3];
 
+	local_irq_save(flags);
 	__asm__ __volatile__
 	(	"movec	%/vbr,%2\n\t"
 		"movel	#Lberr2,%4@(8)\n\t"
@@ -78,6 +83,7 @@ int hwreg_write( volatile void *regp, unsigned short val )
 		: "=&d" (ret), "=&r" (save_sp), "=&r" (save_vbr)
 		: "a" (regp), "a" (tmp_vectors), "g" (val)
 	);
+	local_irq_restore(flags);
 
 	return( ret );
 }
-- 
1.9.1

next             reply	other threads:[~2014-09-28  9:26 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-09-28  9:26 Geert Uytterhoeven [this message]
2014-09-28  9:26 ` [PATCH 2/5] m68k: Reformat arch/m68k/mm/hwtest.c Geert Uytterhoeven
2014-09-28  9:26 ` [PATCH 3/5] cirrus/mac89x0: Remove superfluous interrupt disable/restore Geert Uytterhoeven
2014-09-28  9:26 ` [PATCH 4/5] natsemi/macsonic: " Geert Uytterhoeven
2014-09-28  9:26 ` [PATCH 5/5] nubus: " Geert Uytterhoeven
2014-09-28  9:40 ` [PATCH 1/5] m68k: Disable/restore interrupts in hwreg_present()/hwreg_write() Andreas Schwab
2014-09-28  9:44   ` Geert Uytterhoeven
     [not found]   ` <CAMuHMdUXk5HxwXzTMWP6R0W6gTA+vqNuu75z1DHa=8sF8SxL0g@mail.gmail.com>
2014-10-03  8:54     ` Geert Uytterhoeven

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:2c7dde3c6430fc3 dfblob:2a5259fd23ebc53 )
 OR (
bs:"[PATCH 1/5] m68k: Disable/restore interrupts in hwreg_present()/hwreg_write()" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1411896385-25384-1-git-send-email-geert@linux-m68k.org \
    --to=geert@linux-m68k.org \
    --cc=fthain@telegraphics.com.au \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-m68k@lists.linux-m68k.org \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox