[PATCH][request for stable inclusion] powerpc/tm: Fix crash when forking inside a transactio

2014-06-04 Thread Liu Xue 
Hi Greg,
I'm not sure if you did not include this for a reason in the latest 3.10.y
or if you just missed it. If in the later case, please backport it.

[ Upstream commit 621b5060e823301d0cba4cb52a7ee3491922d291 ]

When we fork/clone we currently don't copy any of the TM state to the new
thread.  This results in a TM bad thing (program check) when the new process is
switched in as the kernel does a tmrechkpt with TEXASR FS not set.  Also, since
R1 is from userspace, we trigger the bad kernel stack pointer detection.  So we
end up with something like this:

   Bad kernel stack pointer 0 at c00404fc
   cpu 0x2: Vector: 700 (Program Check) at [c0003ffefd40]
   pc: c00404fc: restore_gprs+0xc0/0x148
   lr: 
   sp: 0
  msr: 900100201030
 current = 0xc01dd1417c30
 paca= 0xcfe00800   softe: 0irq_happened: 0x01
   pid   = 0, comm = swapper/2
   WARNING: exception is not recoverable, can't continue

The below fixes this by flushing the TM state before we copy the task_struct to
the clone.  To do this we go through the tmreclaim patch, which removes the
checkpointed registers from the CPU and transitions the CPU out of TM suspend
mode.  Hence we need to call tmrechkpt after to restore the checkpointed state
and the TM mode for the current task.

To make this fail from userspace is simply:
tbegin
li  r0, 2
sc
boom

Kudos to Adhemerval Zanella Neto for finding this.

Signed-off-by: Michael Neuling mi...@neuling.org
cc: Adhemerval Zanella Neto azane...@br.ibm.com
cc: stable@vger.kernel.org
Signed-off-by: Benjamin Herrenschmidt b...@kernel.crashing.org
[Backported to 3.10: context adjust]
Signed-off-by: Xue Liu liuxueliu@huawei.com
---
 arch/powerpc/kernel/process.c | 10 ++
 1 file changed, 10 insertions(+)

diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c
index 1e1c995..d55357e 100644
--- a/arch/powerpc/kernel/process.c
+++ b/arch/powerpc/kernel/process.c
@@ -948,6 +948,16 @@ int arch_dup_task_struct(struct task_struct *dst, struct 
task_struct *src)
flush_altivec_to_thread(src);
flush_vsx_to_thread(src);
flush_spe_to_thread(src);
+   /*
+   * Flush TM state out so we can copy it.  __switch_to_tm() does this
+   * flush but it removes the checkpointed state from the current CPU and
+   * transitions the CPU out of TM mode.  Hence we need to call
+   * tm_recheckpoint_new_task() (on the same task) to restore the
+   * checkpointed state back and the TM mode.
+   */
+   __switch_to_tm(src);
+   tm_recheckpoint_new_task(src);
+
*dst = *src;
return 0;
 }
-- 
1.8.3.4

--
To unsubscribe from this list: send the line unsubscribe stable in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH][request for stable inclusion] powerpc/tm: Fix crash when forking inside a transactio

2014-06-04 Thread Greg KH 
On Wed, Jun 04, 2014 at 11:49:30AM +, Liu Xue wrote:
 Hi Greg,
 I'm not sure if you did not include this for a reason in the latest 3.10.y
 or if you just missed it. If in the later case, please backport it.

I didn't add it to 3.10-stable as it did not apply to that tree.

Thanks for doing the backport.

greg k-h
--
To unsubscribe from this list: send the line unsubscribe stable in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html