diff options
| author | Paul Gortmaker <paul.gortmaker@windriver.com> | 2018-07-03 22:48:17 -0400 |
|---|---|---|
| committer | Paul Gortmaker <paul.gortmaker@windriver.com> | 2018-07-03 22:48:17 -0400 |
| commit | d04f2d0641bf6b96dda95e48a1beaf338a3386db (patch) | |
| tree | 98837f1db92e6279f378018f3726f7b6a5c585f8 | |
| parent | a6cbc605fb894c284b89faa167ff66aedbd6d016 (diff) | |
| download | longterm-queue-4.12-d04f2d0641bf6b96dda95e48a1beaf338a3386db.tar.gz | |
arm64: drop already applied reg leak patch
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
| -rw-r--r-- | queue/arm64-fpsimd-Prevent-registers-leaking-from-dead-tas.patch | 94 | ||||
| -rw-r--r-- | queue/series | 1 |
2 files changed, 0 insertions, 95 deletions
diff --git a/queue/arm64-fpsimd-Prevent-registers-leaking-from-dead-tas.patch b/queue/arm64-fpsimd-Prevent-registers-leaking-from-dead-tas.patch deleted file mode 100644 index cfaebd8..0000000 --- a/queue/arm64-fpsimd-Prevent-registers-leaking-from-dead-tas.patch +++ /dev/null @@ -1,94 +0,0 @@ -From 071b6d4a5d343046f253a5a8835d477d93992002 Mon Sep 17 00:00:00 2001 -From: Dave Martin <Dave.Martin@arm.com> -Date: Tue, 5 Dec 2017 14:56:42 +0000 -Subject: [PATCH] arm64: fpsimd: Prevent registers leaking from dead tasks - -commit 071b6d4a5d343046f253a5a8835d477d93992002 upstream. - -Currently, loading of a task's fpsimd state into the CPU registers -is skipped if that task's state is already present in the registers -of that CPU. - -However, the code relies on the struct fpsimd_state * (and by -extension struct task_struct *) to unambiguously identify a task. - -There is a particular case in which this doesn't work reliably: -when a task exits, its task_struct may be recycled to describe a -new task. - -Consider the following scenario: - - 1) Task P loads its fpsimd state onto cpu C. - per_cpu(fpsimd_last_state, C) := P; - P->thread.fpsimd_state.cpu := C; - - 2) Task X is scheduled onto C and loads its fpsimd state on C. - per_cpu(fpsimd_last_state, C) := X; - X->thread.fpsimd_state.cpu := C; - - 3) X exits, causing X's task_struct to be freed. - - 4) P forks a new child T, which obtains X's recycled task_struct. - T == X. - T->thread.fpsimd_state.cpu == C (inherited from P). - - 5) T is scheduled on C. - T's fpsimd state is not loaded, because - per_cpu(fpsimd_last_state, C) == T (== X) && - T->thread.fpsimd_state.cpu == C. - - (This is the check performed by fpsimd_thread_switch().) - -So, T gets X's registers because the last registers loaded onto C -were those of X, in (2). - -This patch fixes the problem by ensuring that the sched-in check -fails in (5): fpsimd_flush_task_state(T) is called when T is -forked, so that T->thread.fpsimd_state.cpu == C cannot be true. -This relies on the fact that T is not schedulable until after -copy_thread() completes. - -Once T's fpsimd state has been loaded on some CPU C there may still -be other cpus D for which per_cpu(fpsimd_last_state, D) == -&X->thread.fpsimd_state. But D is necessarily != C in this case, -and the check in (5) must fail. - -An alternative fix would be to do refcounting on task_struct. This -would result in each CPU holding a reference to the last task whose -fpsimd state was loaded there. It's not clear whether this is -preferable, and it involves higher overhead than the fix proposed -in this patch. It would also move all the task_struct freeing -work into the context switch critical section, or otherwise some -deferred cleanup mechanism would need to be introduced, neither of -which seems obviously justified. - -Cc: <stable@vger.kernel.org> -Fixes: 005f78cd8849 ("arm64: defer reloading a task's FPSIMD state to userland resume") -Signed-off-by: Dave Martin <Dave.Martin@arm.com> -Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> -[will: word-smithed the comment so it makes more sense] -Signed-off-by: Will Deacon <will.deacon@arm.com> - -diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c -index b2adcce7bc18..6b7dcf4310ac 100644 ---- a/arch/arm64/kernel/process.c -+++ b/arch/arm64/kernel/process.c -@@ -314,6 +314,15 @@ int copy_thread(unsigned long clone_flags, unsigned long stack_start, - clear_tsk_thread_flag(p, TIF_SVE); - p->thread.sve_state = NULL; - -+ /* -+ * In case p was allocated the same task_struct pointer as some -+ * other recently-exited task, make sure p is disassociated from -+ * any cpu that may have run that now-exited task recently. -+ * Otherwise we could erroneously skip reloading the FPSIMD -+ * registers for p. -+ */ -+ fpsimd_flush_task_state(p); -+ - if (likely(!(p->flags & PF_KTHREAD))) { - *childregs = *current_pt_regs(); - childregs->regs[0] = 0; --- -2.15.0 - diff --git a/queue/series b/queue/series index 2ea0c86..90436ba 100644 --- a/queue/series +++ b/queue/series @@ -51,7 +51,6 @@ kdb-Fix-handling-of-kallsyms_symbol_next-return-valu.patch drm-bridge-analogix-dp-Fix-runtime-PM-state-in-get_m.patch drm-exynos-gem-Drop-NONCONTIG-flag-for-buffers-alloc.patch media-dvb-i2c-transfers-over-usb-cannot-be-done-from.patch -arm64-fpsimd-Prevent-registers-leaking-from-dead-tas.patch arm64-SW-PAN-Point-saved-ttbr0-at-the-zero-page-when.patch arm64-SW-PAN-Update-saved-ttbr0-value-on-enter_lazy_.patch Revert-ARM-dts-imx53-add-srtc-node.patch |