From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ozlabs.org (bilbo.ozlabs.org [203.11.71.1]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 42KxfZ3VRMzF3Jl for ; Wed, 26 Sep 2018 22:13:10 +1000 (AEST) In-Reply-To: <20180924072704.6200-1-mikey@neuling.org> To: Michael Neuling From: Michael Ellerman Cc: Michael Neuling , Nicholas Piggin , aneesh.kumar@linux.vnet.ibm.com, Breno Leitao , linuxppc-dev@lists.ozlabs.org Subject: Re: powerpc/tm: Fix userspace r13 corruption Message-Id: <42KxfZ2RhHz9s4s@ozlabs.org> Date: Wed, 26 Sep 2018 22:13:10 +1000 (AEST) List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , On Mon, 2018-09-24 at 07:27:04 UTC, Michael Neuling wrote: > When we treclaim we store the userspace checkpointed r13 to a scratch > SPR and then later save the scratch SPR to the user thread struct. > > Unfortunately, this doesn't work as accessing the user thread struct > can take an SLB fault and the SLB fault handler will write the same > scratch SPRG that now contains the userspace r13. > > To fix this, we store r13 to the kernel stack (which can't fault) > before we access the user thread struct. > > Found by running P8 guest + powervm + disable_1tb_segments + TM. Seen > as a random userspace segfault with r13 looking like a kernel address. > > Signed-off-by: Michael Neuling > Reviewed-by: Breno Leitao Applied to powerpc fixes, thanks. https://git.kernel.org/powerpc/c/cf13435b730a502e814c63c84d93db cheers