From: Michael Neuling <mikey@neuling.org>
To: Nicholas Piggin <npiggin@gmail.com>, linuxppc-dev@lists.ozlabs.org
Cc: Sam Bobroff <sam.bobroff@au1.ibm.com>,
Michael Ellerman <mpe@ellerman.id.au>
Subject: Re: [PATCH] powerpc/tm: do not use r13 for tabort_syscall
Date: Mon, 22 Aug 2016 12:09:45 +1000 [thread overview]
Message-ID: <1471831785.14506.36.camel@neuling.org> (raw)
In-Reply-To: <1469172468-12892-1-git-send-email-npiggin@gmail.com>
On Fri, 2016-07-22 at 17:27 +1000, Nicholas Piggin wrote:
> tabort_syscall runs with RI=3D1, so a nested recoverable machine
> check will load the paca into r13 and overwrite what we loaded
> it with, because exceptions returning to privileged mode do not
> restore r13.
>=20
> This has survived testing with sc instruction inside transaction
> (bare sc, not glibc syscall because glibc can tabort before sc).
> Verified the transaction is failing failing with with
> TM_CAUSE_SYSCALL.
>=20
> Signed-off-by: Nick Piggin <npiggin@gmail.com>
> Cc: Michael Neuling <mikey@neuling.org>
FWIW
Acked-by: Michael Neuling <mikey@neuling.org>
> Cc: Sam Bobroff <sam.bobroff@au1.ibm.com>
> Cc: Michael Ellerman <mpe@ellerman.id.au>
>=20
> ---
>=20
> =C2=A0arch/powerpc/kernel/entry_64.S | 20 ++++++++++----------
> =C2=A01 file changed, 10 insertions(+), 10 deletions(-)
>=20
> diff --git a/arch/powerpc/kernel/entry_64.S
> b/arch/powerpc/kernel/entry_64.S
> index 73e461a..387dee3 100644
> --- a/arch/powerpc/kernel/entry_64.S
> +++ b/arch/powerpc/kernel/entry_64.S
> @@ -368,13 +368,13 @@ END_FTR_SECTION_IFSET(CPU_FTR_HAS_PPR)
> =C2=A0tabort_syscall:
> =C2=A0 /* Firstly we need to enable TM in the kernel */
> =C2=A0 mfmsr r10
> - li r13, 1
> - rldimi r10, r13, MSR_TM_LG, 63-MSR_TM_LG
> - mtmsrd r10, 0
> + li r9,1
> + rldimi r10,r9,MSR_TM_LG,63-MSR_TM_LG
> + mtmsrd r10,0
> =C2=A0
> =C2=A0 /* tabort, this dooms the transaction, nothing else */
> - li r13, (TM_CAUSE_SYSCALL|TM_CAUSE_PERSISTENT)
> - TABORT(R13)
> + li r9,(TM_CAUSE_SYSCALL|TM_CAUSE_PERSISTENT)
> + TABORT(R9)
> =C2=A0
> =C2=A0 /*
> =C2=A0 =C2=A0* Return directly to userspace. We have corrupted user regis=
ter
> state,
> @@ -382,11 +382,11 @@ tabort_syscall:
> =C2=A0 =C2=A0* resume after the tbegin of the aborted transaction with th=
e
> =C2=A0 =C2=A0* checkpointed register state.
> =C2=A0 =C2=A0*/
> - li r13, MSR_RI
> - andc r10, r10, r13
> - mtmsrd r10, 1
> - mtspr SPRN_SRR0, r11
> - mtspr SPRN_SRR1, r12
> + li r9,MSR_RI
> + andc r10,r10,r9
> + mtmsrd r10,1
> + mtspr SPRN_SRR0,r11
> + mtspr SPRN_SRR1,r12
> =C2=A0
> =C2=A0 rfid
> =C2=A0 b . /* prevent speculative execution */
next prev parent reply other threads:[~2016-08-22 2:09 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-22 7:27 [PATCH] powerpc/tm: do not use r13 for tabort_syscall Nicholas Piggin
2016-07-25 0:57 ` Michael Neuling
2016-08-22 2:09 ` Michael Neuling [this message]
-- strict thread matches above, loose matches on Subject: below --
2016-07-25 4:26 Nicholas Piggin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1471831785.14506.36.camel@neuling.org \
--to=mikey@neuling.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mpe@ellerman.id.au \
--cc=npiggin@gmail.com \
--cc=sam.bobroff@au1.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).