From: Ben Hutchings <ben@decadent.org.uk>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: akpm@linux-foundation.org,
"Russell King" <rmk+kernel@arm.linux.org.uk>,
"Will Deacon" <will.deacon@arm.com>
Subject: [PATCH 3.2 25/94] ARM: 7954/1: mm: remove remaining domain support from ARMv6
Date: Mon, 28 Apr 2014 02:11:21 +0100 [thread overview]
Message-ID: <lsq.1398647481.763292975@decadent.org.uk> (raw)
In-Reply-To: <lsq.1398647481.453080089@decadent.org.uk>
3.2.58-rc1 review patch. If anyone has any objections, please let me know.
------------------
From: Will Deacon <will.deacon@arm.com>
commit b6ccb9803e90c16b212cf4ed62913a7591e79a39 upstream.
CPU_32v6 currently selects CPU_USE_DOMAINS if CPU_V6 and MMU. This is
because ARM 1136 r0pX CPUs lack the v6k extensions, and therefore do
not have hardware thread registers. The lack of these registers requires
the kernel to update the vectors page at each context switch in order to
write a new TLS pointer. This write must be done via the userspace
mapping, since aliasing caches can lead to expensive flushing when using
kmap. Finally, this requires the vectors page to be mapped r/w for
kernel and r/o for user, which has implications for things like put_user
which must trigger CoW appropriately when targetting user pages.
The upshot of all this is that a v6/v7 kernel makes use of domains to
segregate kernel and user memory accesses. This has the nasty
side-effect of making device mappings executable, which has been
observed to cause subtle bugs on recent cores (e.g. Cortex-A15
performing a speculative instruction fetch from the GIC and acking an
interrupt in the process).
This patch solves this problem by removing the remaining domain support
from ARMv6. A new memory type is added specifically for the vectors page
which allows that page (and only that page) to be mapped as user r/o,
kernel r/w. All other user r/o pages are mapped also as kernel r/o.
Patch co-developed with Russell King.
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
[bwh: Backported to 3.2:
- Adjust filename, context
- Drop condition on CONFIG_ARM_LPAE]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
--- a/arch/arm/include/asm/futex.h
+++ b/arch/arm/include/asm/futex.h
@@ -3,11 +3,6 @@
#ifdef __KERNEL__
-#if defined(CONFIG_CPU_USE_DOMAINS) && defined(CONFIG_SMP)
-/* ARM doesn't provide unprivileged exclusive memory accessors */
-#include <asm-generic/futex.h>
-#else
-
#include <linux/futex.h>
#include <linux/uaccess.h>
#include <asm/errno.h>
@@ -163,6 +158,5 @@ futex_atomic_op_inuser (int encoded_op,
return ret;
}
-#endif /* !(CPU_USE_DOMAINS && SMP) */
#endif /* __KERNEL__ */
#endif /* _ASM_ARM_FUTEX_H */
--- a/arch/arm/include/asm/pgtable-2level.h
+++ b/arch/arm/include/asm/pgtable-2level.h
@@ -139,6 +139,7 @@
#define L_PTE_MT_DEV_NONSHARED (_AT(pteval_t, 0x0c) << 2) /* 1100 */
#define L_PTE_MT_DEV_WC (_AT(pteval_t, 0x09) << 2) /* 1001 */
#define L_PTE_MT_DEV_CACHED (_AT(pteval_t, 0x0b) << 2) /* 1011 */
+#define L_PTE_MT_VECTORS (_AT(pteval_t, 0x0f) << 2) /* 1111 */
#define L_PTE_MT_MASK (_AT(pteval_t, 0x0f) << 2)
#endif /* _ASM_PGTABLE_2LEVEL_H */
--- a/arch/arm/mm/Kconfig
+++ b/arch/arm/mm/Kconfig
@@ -458,7 +458,6 @@ config CPU_32v5
config CPU_32v6
bool
select TLS_REG_EMUL if !CPU_32v6K && !MMU
- select CPU_USE_DOMAINS if CPU_V6 && MMU
config CPU_32v6K
bool
@@ -652,7 +651,7 @@ config ARM_THUMBEE
config SWP_EMULATE
bool "Emulate SWP/SWPB instructions"
- depends on !CPU_USE_DOMAINS && CPU_V7
+ depends on CPU_V7
select HAVE_PROC_CPU if PROC_FS
default y if SMP
help
--- a/arch/arm/mm/mmu.c
+++ b/arch/arm/mm/mmu.c
@@ -426,6 +426,14 @@ static void __init build_mem_type_table(
mem_types[MT_MEMORY_NONCACHED].prot_pte |= L_PTE_SHARED;
}
/*
+ * We don't use domains on ARMv6 (since this causes problems with
+ * v6/v7 kernels), so we must use a separate memory type for user
+ * r/o, kernel r/w to map the vectors page.
+ */
+ if (cpu_arch == CPU_ARCH_ARMv6)
+ vecs_pgprot |= L_PTE_MT_VECTORS;
+
+ /*
* ARMv6 and above have extended page tables.
*/
if (cpu_arch >= CPU_ARCH_ARMv6 && (cr & CR_XP)) {
--- a/arch/arm/mm/proc-macros.S
+++ b/arch/arm/mm/proc-macros.S
@@ -106,13 +106,9 @@
* 100x 1 0 1 r/o no acc
* 10x0 1 0 1 r/o no acc
* 1011 0 0 1 r/w no acc
- * 110x 0 1 0 r/w r/o
- * 11x0 0 1 0 r/w r/o
- * 1111 0 1 1 r/w r/w
- *
- * If !CONFIG_CPU_USE_DOMAINS, the following permissions are changed:
* 110x 1 1 1 r/o r/o
* 11x0 1 1 1 r/o r/o
+ * 1111 0 1 1 r/w r/w
*/
.macro armv6_mt_table pfx
\pfx\()_mt_table:
@@ -131,7 +127,7 @@
.long PTE_EXT_TEX(2) @ L_PTE_MT_DEV_NONSHARED
.long 0x00 @ unused
.long 0x00 @ unused
- .long 0x00 @ unused
+ .long PTE_CACHEABLE | PTE_BUFFERABLE | PTE_EXT_APX @ L_PTE_MT_VECTORS
.endm
.macro armv6_set_pte_ext pfx
@@ -152,24 +148,21 @@
tst r1, #L_PTE_USER
orrne r3, r3, #PTE_EXT_AP1
-#ifdef CONFIG_CPU_USE_DOMAINS
- @ allow kernel read/write access to read-only user pages
tstne r3, #PTE_EXT_APX
- bicne r3, r3, #PTE_EXT_APX | PTE_EXT_AP0
-#endif
+
+ @ user read-only -> kernel read-only
+ bicne r3, r3, #PTE_EXT_AP0
tst r1, #L_PTE_XN
orrne r3, r3, #PTE_EXT_XN
- orr r3, r3, r2
+ eor r3, r3, r2
tst r1, #L_PTE_YOUNG
tstne r1, #L_PTE_PRESENT
moveq r3, #0
-#ifndef CONFIG_CPU_USE_DOMAINS
tstne r1, #L_PTE_NONE
movne r3, #0
-#endif
str r3, [r0]
mcr p15, 0, r0, c7, c10, 1 @ flush_pte
--- a/arch/arm/mm/proc-v7.S
+++ b/arch/arm/mm/proc-v7.S
@@ -160,21 +160,14 @@ ENTRY(cpu_v7_set_pte_ext)
tst r1, #L_PTE_USER
orrne r3, r3, #PTE_EXT_AP1
-#ifdef CONFIG_CPU_USE_DOMAINS
- @ allow kernel read/write access to read-only user pages
- tstne r3, #PTE_EXT_APX
- bicne r3, r3, #PTE_EXT_APX | PTE_EXT_AP0
-#endif
tst r1, #L_PTE_XN
orrne r3, r3, #PTE_EXT_XN
tst r1, #L_PTE_YOUNG
tstne r1, #L_PTE_PRESENT
-#ifndef CONFIG_CPU_USE_DOMAINS
eorne r1, r1, #L_PTE_NONE
tstne r1, #L_PTE_NONE
-#endif
moveq r3, #0
ARM( str r3, [r0, #2048]! )
next prev parent reply other threads:[~2014-04-28 1:11 UTC|newest]
Thread overview: 98+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-28 1:11 [PATCH 3.2 00/94] 3.2.58-rc1 review Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 22/94] drm/i915: quirk invert brightness for Acer Aspire 5336 Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 08/94] vhost: fix total length when packets are too short Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 02/94] bridge: multicast: add sanity check for query source addresses Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 18/94] sparc32: fix build failure for arch_jump_label_transform Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 15/94] rds: prevent dereference of a NULL device in rds_iw_laddr_check Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 07/94] ipv6: ip6_append_data_mtu do not handle the mtu of the second fragment properly Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 19/94] sparc64: don't treat 64-bit syscall return codes as 32-bit Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 26/94] matroxfb: restore the registers M_ACCESS and M_PITCH Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 13/94] isdnloop: Validate NUL-terminated strings from user Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 03/94] net: unix: non blocking recvmsg() should not return -EINTR Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 27/94] framebuffer: fix cfb_copyarea Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 11/94] ipv6: some ipv6 statistic counters failed to disable bh Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 20/94] ipv6: don't set DST_NOCOUNT for remotely added routes Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 23/94] w1: fix w1_send_slave dropping a slave id Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 05/94] net: socket: error on a negative msg_namelen Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 12/94] netlink: don't compare the nul-termination in nla_strcmp Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 01/94] net: sctp: fix skb leakage in COOKIE ECHO path of chunk->auth_chunk Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 06/94] ipv6: Avoid unnecessary temporary addresses being generated Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 04/94] vlan: Set correct source MAC address with TX VLAN offload enabled Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 10/94] xen-netback: remove pointless clause from if statement Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 16/94] sparc: PCI: Fix incorrect address calculation of PCI Bridge windows on Simba-bridges Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 17/94] Revert "sparc64: Fix __copy_{to,from}_user_inatomic defines." Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 24/94] ARM: mm: introduce present, faulting entries for PAGE_NONE Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 21/94] drm/i915: inverted brightness quirk for Acer Aspire 4736Z Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 14/94] isdnloop: several buffer overflows Ben Hutchings
2014-04-28 1:11 ` Ben Hutchings [this message]
2014-04-28 1:11 ` [PATCH 3.2 09/94] vhost: validate vhost_get_vq_desc return value Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 84/94] lib/percpu_counter.c: fix bad percpu counter state during suspend Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 38/94] rtlwifi: rtl8192se: Fix too long disable of IRQs Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 37/94] blktrace: fix accounting of partially completed requests Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 73/94] drm/vmwgfx: correct fb_fix_screeninfo.line_length Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 70/94] IB/mthca: Return an error on ib_copy_to_udata() failure Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 74/94] drm/radeon: call drm_edid_to_eld when we update the edid Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 86/94] x86-64, modify_ldt: Ban 16-bit segments on 64-bit kernels Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 61/94] nfsd4: buffer-length check for SUPPATTR_EXCLCREAT Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 75/94] sh: fix format string bug in stack tracer Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 93/94] powernow-k6: reorder frequencies Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 29/94] mach64: fix cursor when character width is not a multiple of 8 pixels Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 47/94] ext4: fix partial cluster handling for bigalloc file systems Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 50/94] IB/nes: Return an error on ib_copy_from_udata() failure instead of NULL Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 85/94] b43: Fix machine check error due to improper access of B43_MMIO_PSM_PHY_HDR Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 44/94] jffs2: Fix crash due to truncation of csize Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 43/94] jffs2: Fix segmentation fault found in stress test Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 83/94] ALSA: ice1712: Fix boundary checks in PCM pointer ops Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 64/94] nfsd: notify_change needs elevated write count Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 52/94] mfd: max8997: Fix possible NULL pointer dereference on i2c_new_dummy error Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 28/94] mach64: use unaligned access Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 34/94] tty: Set correct tty name in 'active' sysfs attribute Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 65/94] drm/i915/tv: fix gen4 composite s-video tv-out Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 32/94] usb: dwc3: fix wrong bit mask in dwc3_event_devt Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 59/94] gpio: mxs: Allow for recursive enable_irq_wake() call Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 82/94] wait: fix reparent_leader() vs EXIT_DEAD->EXIT_ZOMBIE race Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 76/94] ocfs2: dlm: fix lock migration crash Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 42/94] jffs2: avoid soft-lockup in jffs2_reserve_space_gc() Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 89/94] Char: ipmi_bt_sm, fix infinite loop Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 80/94] mm: try_to_unmap_cluster() should lock_page() before mlocking Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 36/94] usb: gadget: atmel_usba: fix crashed during stopping when DEBUG is enabled Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 81/94] mm: hugetlb: fix softlockup when a large number of hugepages are freed Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 33/94] [media] media: gspca: sn9c20x: add ID for Genius Look 1320 V2 Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 90/94] selinux: correctly label /proc inodes in use before the policy is loaded Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 46/94] virtio_balloon: don't softlockup on huge balloon changes Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 62/94] nfsd4: session needs room for following op to error out Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 79/94] iscsi-target: Fix ERL=2 ASYNC_EVENT connection pointer bug Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 91/94] powernow-k6: disable cache when changing frequency Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 71/94] IB/ehca: Returns an error on ib_copy_to_udata() failure Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 94/94] Revert "alpha: fix broken network checksum" Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 49/94] IB/ipath: Fix potential buffer overrun in sending diag packet routine Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 54/94] mfd: max8925: Fix possible NULL pointer dereference on i2c_new_dummy error Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 45/94] iwlwifi: dvm: take mutex when sending SYNC BT config command Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 53/94] mfd: max8998: Fix possible NULL pointer dereference on i2c_new_dummy error Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 78/94] ocfs2: do not put bh when buffer_uptodate failed Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 88/94] drivers: hv: additional switch to use mb() instead of smp_mb() Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 60/94] x86, hyperv: Bypass the timer_irq_works() check Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 57/94] audit: convert PPIDs to the inital PID namespace Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 39/94] staging:serqt_usb2: Fix sparse warning restricted __le16 degrades to integer Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 67/94] nfsd4: fix setclientid encode size Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 56/94] pid: get pid_t ppid of task in init_pid_ns Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 58/94] Btrfs: fix deadlock with nested trans handles Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 72/94] reiserfs: fix race in readdir Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 68/94] MIPS: Hibernate: Flush TLB entries in swsusp_arch_resume() Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 87/94] target/tcm_fc: Fix use-after-free of ft_tpg Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 92/94] powernow-k6: correctly initialize default parameters Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 30/94] tgafb: fix data copying Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 40/94] Btrfs: skip submitting barrier for missing device Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 66/94] dm thin: fix dangling bio in process_deferred_bios error path Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 63/94] nfsd: Add fh_{want,drop}_write() Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 69/94] ALSA: hda - Enable beep for ASUS 1015E Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 51/94] mfd: Include all drivers in subsystem menu Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 48/94] ath9k: fix ready time of the multicast buffer queue Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 35/94] [media] uvcvideo: Do not use usb_set_interface on bulk EP Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 41/94] jffs2: remove from wait queue after schedule() Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 31/94] hvc: ensure hvc_init is only ever called once in hvc_console.c Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 77/94] ocfs2: dlm: fix recovery hung Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 55/94] mfd: 88pm860x: Fix possible NULL pointer dereference on i2c_new_dummy error Ben Hutchings
2014-04-28 15:05 ` [PATCH 3.2 00/94] 3.2.58-rc1 review Ben Hutchings
2014-04-29 4:01 ` Guenter Roeck
2014-04-30 12:21 ` Ben Hutchings
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=lsq.1398647481.763292975@decadent.org.uk \
--to=ben@decadent.org.uk \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=rmk+kernel@arm.linux.org.uk \
--cc=stable@vger.kernel.org \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox