From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753393AbbCETx4 (ORCPT <rfc822;w@1wt.eu>);
	Thu, 5 Mar 2015 14:53:56 -0500
Received: from mx1.redhat.com ([209.132.183.28]:55306 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1751994AbbCETxv (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Thu, 5 Mar 2015 14:53:51 -0500
Date: Thu, 5 Mar 2015 20:51:49 +0100
From: Oleg Nesterov <oleg@redhat.com>
To: Dave Hansen <dave.hansen@intel.com>, Borislav Petkov <bp@suse.de>,
        Ingo Molnar <mingo@kernel.org>
Cc: Andy Lutomirski <luto@amacapital.net>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Pekka Riikonen <priikone@iki.fi>, Rik van Riel <riel@redhat.com>,
        Suresh Siddha <sbsiddha@gmail.com>,
        LKML <linux-kernel@vger.kernel.org>,
        "Yu, Fenghua" <fenghua.yu@intel.com>,
        Quentin Casasnovas <quentin.casasnovas@oracle.com>
Subject: [PATCH 1/1] x86/fpu: math_state_restore() should not blindly
	disable irqs
Message-ID: <20150305195149.GB12657@redhat.com>
References: <54F74F59.5070107@intel.com> <20150305195127.GA12657@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20150305195127.GA12657@redhat.com>
User-Agent: Mutt/1.5.18 (2008-05-17)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

math_state_restore() assumes it is called with irqs disabled, but
this is not true if the caller is __restore_xstate_sig().

This means that if ia32_fxstate == T and __copy_from_user() fails
__restore_xstate_sig() returns with irqs disabled too. This trgiggers

	BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:41
	[<ffffffff81381499>] dump_stack+0x59/0xa0
	[<ffffffff8106bd05>] ___might_sleep+0x105/0x110
	[<ffffffff8138786d>] ? _raw_spin_unlock_irqrestore+0x3d/0x70
	[<ffffffff8106bd8d>] __might_sleep+0x7d/0xb0
	[<ffffffff81385426>] down_read+0x26/0xa0
	[<ffffffff8138788a>] ? _raw_spin_unlock_irqrestore+0x5a/0x70
	[<ffffffff81136038>] print_vma_addr+0x58/0x130
	[<ffffffff8100239e>] signal_fault+0xbe/0xf0
	[<ffffffff810419aa>] sys32_rt_sigreturn+0xba/0xd0

Change math_state_restore() to check irqs_disabled().

Note: this is the minimal fix for -stable, it is horrible but simple.
We need to rewrite math_state_restore(), init_fpu(), and cleanup their
users.

Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Cc: <stable@vger.kernel.org>
---
 arch/x86/kernel/traps.c |    9 +++++++--
 1 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c
index 51c4658..7310e0e 100644
--- a/arch/x86/kernel/traps.c
+++ b/arch/x86/kernel/traps.c
@@ -774,7 +774,10 @@ void math_state_restore(void)
 	struct task_struct *tsk = current;
 
 	if (!tsk_used_math(tsk)) {
-		local_irq_enable();
+		bool disabled = irqs_disabled();
+
+		if (disabled)
+			local_irq_enable();
 		/*
 		 * does a slab alloc which can sleep
 		 */
@@ -785,7 +788,9 @@ void math_state_restore(void)
 			do_group_exit(SIGKILL);
 			return;
 		}
-		local_irq_disable();
+
+		if (disabled)
+			local_irq_disable();
 	}
 
 	/* Avoid __kernel_fpu_begin() right after __thread_fpu_begin() */
-- 
1.5.5.1