On 03/06, Ingo Molnar wrote:
>
> * Oleg Nesterov <o...@redhat.com> wrote:
>
> > [...] The patch above looks "obviously safe", but perhaps I am
> > paranoid too much...
>
> IMHO your hack above isn't really acceptable, even for a backport.
> So lets test the patch below (assuming it's the right thing to do)
> and move forward?
OK, but please note that this patch is not beckportable. If you think
that -stable doesn't need this fix, then I agree.
If the caller is do_device_not_available(), then we can not enable
irqs before __thread_fpu_begin() + restore_fpu_checking().
1. Preemption in between can destroy ->fpu.state initialized by
fpu_finit(), __switch_to() will save the live (wrong) FPU state
again.
2. kernel_fpu_begin() from irq right after __thread_fpu_begin() is
not nice too. It will do __save_init_fpu() and this overwrites
->fpu.state too.
Starting from v4.0 it does kernel_fpu_disable(), but the older kernels
do not.
Ingo, this code is really horrible and fragile. We need to cleanup it
step-by-step, imho.
> ======================>
> From: Ingo Molnar <mi...@kernel.org>
> Date: Fri, 6 Mar 2015 08:37:57 +0100
> Subject: [PATCH] x86/fpu: Don't disable irqs in math_state_restore()
>
> math_state_restore() was historically called with irqs disabled,
> because that's how the hardware generates the trap, and also because
> back in the days it was possible for it to be an asynchronous
> interrupt and interrupt handlers run with irqs off.
>
> These days it's always an instruction trap, and furthermore it does
> inevitably complex things such as memory allocation and signal
> processing, which is not done with irqs disabled.
>
> So keep irqs enabled.
>
> This might surprise in-kernel FPU users that somehow relied on
> interrupts being disabled across FPU usage - but that's
> fundamentally fragile anyway due to the inatomicity of FPU state
> restores. The trap return will restore interrupts to its previous
> state, but if FPU ops trigger math_state_restore() there's no
> guarantee of atomicity anymore.
>
> To warn about in-kernel irqs-off users of FPU state we might want to
> pass 'struct pt_regs' to math_state_restore() and check the trapped
> state for irqs disabled (flags has IF cleared) and kernel context -
> but that's for a later patch.
>
> Cc: Andy Lutomirski <l...@amacapital.net>
> Cc: Borislav Petkov <b...@alien8.de>
> Cc: Fenghua Yu <fenghua...@intel.com>
> Cc: H. Peter Anvin <h...@zytor.com>
> Cc: Linus Torvalds <torva...@linux-foundation.org>
> Cc: Oleg Nesterov <o...@redhat.com>
> Cc: Quentin Casasnovas <quentin.casasno...@oracle.com>
> Cc: Thomas Gleixner <t...@linutronix.de>
> Signed-off-by: Ingo Molnar <mi...@kernel.org>
> ---
> arch/x86/kernel/traps.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c
> index 950815a138e1..52f9e4057cee 100644
> --- a/arch/x86/kernel/traps.c
> +++ b/arch/x86/kernel/traps.c
> @@ -844,8 +844,9 @@ void math_state_restore(void)
> {
> struct task_struct *tsk = current;
>
> + local_irq_enable();
> +
> if (!tsk_used_math(tsk)) {
> - local_irq_enable();
> /*
> * does a slab alloc which can sleep
> */
> @@ -856,7 +857,6 @@ void math_state_restore(void)
> do_group_exit(SIGKILL);
> return;
> }
> - local_irq_disable();
> }
>
> /* Avoid __kernel_fpu_begin() right after __thread_fpu_begin() */
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
