linux/arch/powerpc/kernel
Paul Mackerras d31626f70b powerpc: Don't corrupt transactional state when using FP/VMX in kernel
Currently, when we have a process using the transactional memory
facilities on POWER8 (that is, the processor is in transactional
or suspended state), and the process enters the kernel and the
kernel then uses the floating-point or vector (VMX/Altivec) facility,
we end up corrupting the user-visible FP/VMX/VSX state.  This
happens, for example, if a page fault causes a copy-on-write
operation, because the copy_page function will use VMX to do the
copy on POWER8.  The test program below demonstrates the bug.

The bug happens because when FP/VMX state for a transactional process
is stored in the thread_struct, we store the checkpointed state in
.fp_state/.vr_state and the transactional (current) state in
.transact_fp/.transact_vr.  However, when the kernel wants to use
FP/VMX, it calls enable_kernel_fp() or enable_kernel_altivec(),
which saves the current state in .fp_state/.vr_state.  Furthermore,
when we return to the user process we return with FP/VMX/VSX
disabled.  The next time the process uses FP/VMX/VSX, we don't know
which set of state (the current register values, .fp_state/.vr_state,
or .transact_fp/.transact_vr) we should be using, since we have no
way to tell if we are still in the same transaction, and if not,
whether the previous transaction succeeded or failed.

Thus it is necessary to strictly adhere to the rule that if FP has
been enabled at any point in a transaction, we must keep FP enabled
for the user process with the current transactional state in the
FP registers, until we detect that it is no longer in a transaction.
Similarly for VMX; once enabled it must stay enabled until the
process is no longer transactional.

In order to keep this rule, we add a new thread_info flag which we
test when returning from the kernel to userspace, called TIF_RESTORE_TM.
This flag indicates that there is FP/VMX/VSX state to be restored
before entering userspace, and when it is set the .tm_orig_msr field
in the thread_struct indicates what state needs to be restored.
The restoration is done by restore_tm_state().  The TIF_RESTORE_TM
bit is set by new giveup_fpu/altivec_maybe_transactional helpers,
which are called from enable_kernel_fp/altivec, giveup_vsx, and
flush_fp/altivec_to_thread instead of giveup_fpu/altivec.

The other thing to be done is to get the transactional FP/VMX/VSX
state from .fp_state/.vr_state when doing reclaim, if that state
has been saved there by giveup_fpu/altivec_maybe_transactional.
Having done this, we set the FP/VMX bit in the thread's MSR after
reclaim to indicate that that part of the state is now valid
(having been reclaimed from the processor's checkpointed state).

Finally, in the signal handling code, we move the clearing of the
transactional state bits in the thread's MSR a bit earlier, before
calling flush_fp_to_thread(), so that we don't unnecessarily set
the TIF_RESTORE_TM bit.

This is the test program:

/* Michael Neuling 4/12/2013
 *
 * See if the altivec state is leaked out of an aborted transaction due to
 * kernel vmx copy loops.
 *
 *   gcc -m64 htm_vmxcopy.c -o htm_vmxcopy
 *
 */

/* We don't use all of these, but for reference: */

int main(int argc, char *argv[])
{
	long double vecin = 1.3;
	long double vecout;
	unsigned long pgsize = getpagesize();
	int i;
	int fd;
	int size = pgsize*16;
	char tmpfile[] = "/tmp/page_faultXXXXXX";
	char buf[pgsize];
	char *a;
	uint64_t aborted = 0;

	fd = mkstemp(tmpfile);
	assert(fd >= 0);

	memset(buf, 0, pgsize);
	for (i = 0; i < size; i += pgsize)
		assert(write(fd, buf, pgsize) == pgsize);

	unlink(tmpfile);

	a = mmap(NULL, size, PROT_READ|PROT_WRITE, MAP_PRIVATE, fd, 0);
	assert(a != MAP_FAILED);

	asm __volatile__(
		"lxvd2x 40,0,%[vecinptr] ; " // set 40 to initial value
		TBEGIN
		"beq	3f ;"
		TSUSPEND
		"xxlxor 40,40,40 ; " // set 40 to 0
		"std	5, 0(%[map]) ;" // cause kernel vmx copy page
		TABORT
		TRESUME
		TEND
		"li	%[res], 0 ;"
		"b	5f ;"
		"3: ;" // Abort handler
		"li	%[res], 1 ;"
		"5: ;"
		"stxvd2x 40,0,%[vecoutptr] ; "
		: [res]"=r"(aborted)
		: [vecinptr]"r"(&vecin),
		  [vecoutptr]"r"(&vecout),
		  [map]"r"(a)
		: "memory", "r0", "r3", "r4", "r5", "r6", "r7");

	if (aborted && (vecin != vecout)){
		printf("FAILED: vector state leaked on abort %f != %f\n",
		       (double)vecin, (double)vecout);
		exit(1);
	}

	munmap(a, size);

	close(fd);

	printf("PASSED!\n");
	return 0;
}

Signed-off-by: Paul Mackerras <paulus@samba.org>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
2014-01-15 13:59:11 +11:00
..
vdso32 powerpc: Delete non-required instances of include <linux/init.h> 2014-01-15 13:46:44 +11:00
vdso64 powerpc: Delete non-required instances of include <linux/init.h> 2014-01-15 13:46:44 +11:00
.gitignore
align.c powerpc: Enable Little Endian Alignment Handler for Float Pair Instructions 2013-10-30 16:01:23 +11:00
asm-offsets.c powerpc/book3s: handle machine check in Linux host. 2013-12-05 16:02:06 +11:00
audit.c
btext.c powerpc/btext: Fix CONFIG_PPC_EARLY_DEBUG_BOOTX on ppc32 2013-08-27 16:01:23 +10:00
cacheinfo.c powerpc: Delete non-required instances of include <linux/init.h> 2014-01-15 13:46:44 +11:00
cacheinfo.h
clock.c
compat_audit.c
cpu_setup_6xx.S
cpu_setup_44x.S
cpu_setup_a2.S powerpc: Enforce usage of RA 0-R31 where possible 2012-07-10 19:18:35 +10:00
cpu_setup_fsl_booke.S powerpc/85xx: Add machine check handler to fix PCIe erratum on mpc85xx 2013-07-30 15:50:07 -05:00
cpu_setup_pa6t.S
cpu_setup_power.S powerpc/book3s: Add flush_tlb operation in cpu_spec. 2013-12-05 16:04:38 +11:00
cpu_setup_ppc970.S
cputable.c powerpc/book3s: Flush SLB/TLBs if we get SLB/TLB machine check errors on power8. 2013-12-05 16:04:40 +11:00
crash_dump.c powerpc: Fix endian issues in crash dump code 2013-12-13 15:48:39 +11:00
crash.c powerpc: Delete non-required instances of include <linux/init.h> 2014-01-15 13:46:44 +11:00
dbell.c powerpc: Add accounting for Doorbell interrupts 2013-04-18 15:59:55 +10:00
dma-iommu.c powerpc/iommu: Update the generic code to use dynamic iommu page sizes 2013-12-30 14:17:19 +11:00
dma-swiotlb.c powerpc/swiotlb: Enable at early stage and disable if not necessary 2012-09-12 14:57:09 -05:00
dma.c powerpc/kernel: Remove uses of abs_to_virt() and virt_to_abs() 2012-09-05 15:19:30 +10:00
eeh_cache.c powerpc/eeh: Remove reference to PCI device 2013-07-24 14:18:46 +10:00
eeh_dev.c powerpc/eeh: Move common part to kernel directory 2013-06-20 17:05:35 +10:00
eeh_driver.c powerpc/eeh: Hotplug improvement 2014-01-15 13:58:29 +11:00
eeh_event.c powerpc/eeh: More accurate log 2013-11-21 10:33:36 +11:00
eeh_pe.c powerpc/eeh: Add restore_config operation 2014-01-15 13:46:46 +11:00
eeh_sysfs.c powerpc/eeh: Introdce flag to protect sysfs 2013-07-24 14:18:49 +10:00
eeh.c powerpc/eeh: Hotplug improvement 2014-01-15 13:58:29 +11:00
entry_32.S powerpc/32bit:Store temporary result in r0 instead of r8 2013-06-01 08:29:27 +10:00
entry_64.S powerpc: Don't corrupt transactional state when using FP/VMX in kernel 2014-01-15 13:59:11 +11:00
epapr_hcalls.S powerpc: Add paravirt idle loop for 64-bit Book-E 2013-03-13 14:19:36 -05:00
epapr_paravirt.c powerpc: add explicit OF includes 2013-10-09 20:04:11 -05:00
exceptions-64e.S powerpc/booke64: Use common defines for AltiVec interrupts numbers 2013-10-16 18:46:40 -05:00
exceptions-64s.S powerpc: Fix "attempt to move .org backwards" error 2013-12-30 14:16:30 +11:00
fadump.c mm/ppc: use common help functions to free reserved pages 2013-04-29 15:54:30 -07:00
firmware.c
fpu.S powerpc: Don't corrupt transactional state when using FP/VMX in kernel 2014-01-15 13:59:11 +11:00
fsl_booke_entry_mapping.S
ftrace.c powerpc: Make ftrace endian-safe. 2013-10-11 16:53:26 +11:00
head_8xx.S powerpc/8xx: Fixing issue with CONFIG_PIN_TLB 2013-10-28 21:11:21 -05:00
head_32.S powerpc: Call do_page_fault() with interrupts off 2012-03-09 10:55:08 +11:00
head_40x.S powerpc: Remove the empty giveup_fpu() function on 32bit kernel 2013-08-14 14:59:50 +10:00
head_44x.S powerpc: Remove the empty giveup_fpu() function on 32bit kernel 2013-08-14 14:59:50 +10:00
head_64.S powerpc: Delete non-required instances of include <linux/init.h> 2014-01-15 13:46:44 +11:00
head_booke.h powerpc: Fix interrupt range check on debug exception 2013-05-02 10:31:01 +10:00
head_fsl_booke.S powerpc/fsl-booke: Use common defines for SPE/FP interrupts numbers 2013-10-16 18:49:44 -05:00
hw_breakpoint.c powerpc: Delete non-required instances of include <linux/init.h> 2014-01-15 13:46:44 +11:00
ibmebus.c PPC: ibmebus: convert bus code to use bus_groups 2013-09-26 15:49:42 -07:00
idle_6xx.S powerpc: Use CURRENT_THREAD_INFO instead of open coded assembly 2012-07-11 14:18:22 +10:00
idle_book3e.S powerpc: Add paravirt idle loop for 64-bit Book-E 2013-03-13 14:19:36 -05:00
idle_e500.S powerpc: Use CURRENT_THREAD_INFO instead of open coded assembly 2012-07-11 14:18:22 +10:00
idle_power4.S powerpc: Use CURRENT_THREAD_INFO instead of open coded assembly 2012-07-11 14:18:22 +10:00
idle_power7.S powerpc/book3s: Return from interrupt if coming from evil context. 2013-12-05 16:04:36 +11:00
idle.c powerpc/idle: Convert use of typedef ctl_table to struct ctl_table 2013-07-01 11:10:35 +10:00
io-workarounds.c powerpc: Better split CONFIG_PPC_INDIRECT_PIO and CONFIG_PPC_INDIRECT_MMIO 2013-08-14 14:57:50 +10:00
io.c powerpc/powernv: Add PIO accessors for Power8 LPC bus 2013-08-14 14:58:08 +10:00
iomap.c powerpc: Delete non-required instances of include <linux/init.h> 2014-01-15 13:46:44 +11:00
iommu.c powerpc/iommu: Don't detach device without IOMMU group 2014-01-15 13:58:33 +11:00
irq.c powerpc: Make irq_stat.timers_irqs counting more specific 2013-12-02 14:14:50 +11:00
isa-bridge.c POWERPC: drivers: remove __dev* attributes. 2013-01-03 15:57:04 -08:00
jump_label.c
kgdb.c powerpc: Delete non-required instances of include <linux/init.h> 2014-01-15 13:46:44 +11:00
kprobes.c doc: typo on word accounting in kprobes.c in mutliple architectures 2013-10-14 15:46:39 +02:00
kvm_emul.S KVM: PPC: Not optimizing MSR_CE and MSR_ME with paravirt. 2012-05-30 11:43:11 +02:00
kvm.c mm: enhance free_reserved_area() to support poisoning memory with zero 2013-07-03 16:07:32 -07:00
l2cr_6xx.S
legacy_serial.c powerpc/legacy_serial: Fix incorrect placement of __initdata tag 2013-10-11 16:48:59 +11:00
machine_kexec_32.c
machine_kexec_64.c powerpc/kexec: kexec_sequence() is in misc_64.S 2013-10-30 16:02:18 +11:00
machine_kexec.c powerpc: Fix up the kdump base cap to 128M 2013-12-10 11:28:39 +11:00
Makefile powerpc/book3s: Decode and save machine check event. 2013-12-05 16:05:20 +11:00
mce_power.c powerpc: Fix endian issues in power7/8 machine check handler 2013-12-30 14:51:09 +11:00
mce.c Move precessing of MCE queued event out from syscall exit path. 2014-01-15 13:58:59 +11:00
misc_32.S powerpc: purge all the prefetched instructions for the coherent icache flush 2013-12-02 14:13:47 +11:00
misc_64.S Merge branch 'merge' into next 2013-12-30 15:19:31 +11:00
misc.S powerpc: switch to generic sys_execve()/kernel_execve() 2012-09-30 23:35:51 -04:00
module_32.c powerpc: Move local setup.h declarations to arch includes 2013-10-30 16:00:31 +11:00
module_64.c powerpc: Move local setup.h declarations to arch includes 2013-10-30 16:00:31 +11:00
module.c powerpc: Move local setup.h declarations to arch includes 2013-10-30 16:00:31 +11:00
msi.c
nvram_64.c arch/powerpc/kernel: Use %12.12s instead of %12s to avoid memory overflow 2013-11-25 11:50:57 +11:00
of_platform.c powerpc/eeh: Fix crash when adding a device in a slot with DDW 2013-01-10 17:01:58 +11:00
paca.c powerpc: Dynamically allocate slb_shadow from memblock 2013-12-09 11:40:26 +11:00
pci_32.c powerpc/pci: Support per-aperture memory offset 2013-05-06 13:40:40 +10:00
pci_64.c powerpc/pci: Don't use bitfield for force_32bit_msi 2013-08-14 11:50:25 +10:00
pci_dn.c powerpc: Make PCI device node device tree accesses endian safe 2013-08-14 15:33:31 +10:00
pci_of_scan.c powerpc: Fix little endian issue in OF PCI scan 2013-10-30 16:01:04 +11:00
pci-common.c of/irq: simplify args to irq_create_of_mapping 2013-10-24 11:42:57 +01:00
pci-hotplug.c powerpc/pci: Partial tree hotplug support 2013-07-24 14:18:48 +10:00
pmc.c bug.h: add include of it to various implicit C users 2012-02-29 17:15:08 -05:00
ppc32.h powerpc: switch to generic old sigaction() 2013-02-03 18:16:10 -05:00
ppc_ksyms.c Merge branch 'for-kvm' into next 2013-10-11 18:23:53 +11:00
ppc_save_regs.S
proc_powerpc.c proc_powerpc: switch to fixed_size_llseek() 2013-06-29 12:57:50 +04:00
process.c powerpc: Don't corrupt transactional state when using FP/VMX in kernel 2014-01-15 13:59:11 +11:00
prom_init_check.sh powerpc/pmac: Early debug output on screen on 64-bit macs 2013-08-14 14:57:40 +10:00
prom_init.c powerpc: prom_init exception when updating core value 2013-10-11 16:53:16 +11:00
prom_parse.c powerpc: of_parse_dma_window should take a __be32 *dma_window 2013-08-14 15:33:26 +10:00
prom.c powerpc: Make cpu_to_chip_id() available when SMP=n 2013-11-21 10:33:44 +11:00
ptrace32.c powerpc: move debug registers in a structure 2013-10-18 18:44:49 -05:00
ptrace.c powerpc: PTRACE_PEEKUSR always returns FPR0 2013-12-13 15:48:33 +11:00
reloc_32.S powerpc: Don't flush/invalidate the d/icache for an unknown relocation type 2013-07-01 11:10:34 +10:00
reloc_64.S
rtas_flash.c powerpc/rtas_flash: Fix validate_flash buffer overflow issue 2013-05-14 14:36:26 +10:00
rtas_pci.c powerpc/kernel: Fix endian issue in rtas_pci 2013-10-11 16:50:22 +11:00
rtas-proc.c
rtas-rtc.c
rtas.c powerpc: Make RTAS calls endian safe 2013-08-14 15:33:22 +10:00
rtasd.c powerpc/pseries: Add /proc interface to control topology updates 2013-04-26 16:08:26 +10:00
setup_32.c powerpc: Move local setup.h declarations to arch includes 2013-10-30 16:00:31 +11:00
setup_64.c powerpc/book3s: Introduce exclusive emergency stack for machine check exception. 2013-12-05 16:02:05 +11:00
setup-common.c powerpc: Fix endian issue in setup-common.c 2013-12-13 15:48:34 +11:00
signal_32.c powerpc: Don't corrupt transactional state when using FP/VMX in kernel 2014-01-15 13:59:11 +11:00
signal_64.c powerpc: Don't corrupt transactional state when using FP/VMX in kernel 2014-01-15 13:59:11 +11:00
signal.c powerpc: Don't corrupt transactional state when using FP/VMX in kernel 2014-01-15 13:59:11 +11:00
signal.h powerpc/tm: Fix userspace stack corruption on signal delivery for active transactions 2013-06-01 08:29:23 +10:00
smp-tbsync.c powerpc: Delete non-required instances of include <linux/init.h> 2014-01-15 13:46:44 +11:00
smp.c Merge branch 'merge' into next 2013-12-30 15:19:31 +11:00
stacktrace.c
suspend.c
swsusp_32.S
swsusp_64.c Disintegrate asm/system.h for PowerPC 2012-03-28 18:30:02 +01:00
swsusp_asm64.S powerpc: Only save/restore SDR1 if in hypervisor mode 2013-10-31 12:37:29 +11:00
swsusp_booke.S powerpc/mpc85xx: invalidate TLB after hibernation resume 2013-07-30 15:50:08 -05:00
swsusp.c Disintegrate asm/system.h for PowerPC 2012-03-28 18:30:02 +01:00
sys_ppc32.c unify compat fanotify_mark(2), switch to COMPAT_SYSCALL_DEFINE 2013-05-09 13:46:38 -04:00
syscalls.c powerpc: Delete non-required instances of include <linux/init.h> 2014-01-15 13:46:44 +11:00
sysfs.c powerpc/kernel/sysfs: Cleanup set up macros for PMC/non-PMC SPRs 2013-12-02 14:16:04 +11:00
systbl_chk.c
systbl_chk.sh
systbl.S
tau_6xx.c
time.c powerpc: Fix races with irq_work 2014-01-15 13:59:03 +11:00
tm.S powerpc: Use 32 bit loads and stores when operating on condition register values 2013-10-30 16:02:14 +11:00
traps.c powerpc: Don't corrupt transactional state when using FP/VMX in kernel 2014-01-15 13:59:11 +11:00
udbg_16550.c powerpc/wsp: Fix early debug build 2013-08-16 10:59:27 +10:00
udbg.c powerpc: Add a configuration option for early BootX/OpenFirmware debug 2013-06-20 16:55:12 +10:00
uprobes.c uretprobes/powerpc: Hijack return address 2013-04-13 15:31:56 +02:00
vdso.c powerpc: Move local setup.h declarations to arch includes 2013-10-30 16:00:31 +11:00
vecemu.c powerpc: Put FP/VSX and VR state into structures 2013-10-11 17:26:49 +11:00
vector.S powerpc: Don't corrupt transactional state when using FP/VMX in kernel 2014-01-15 13:59:11 +11:00
vio.c powerpc/iommu: Update the generic code to use dynamic iommu page sizes 2013-12-30 14:17:19 +11:00
vmlinux.lds.S powerpc/modules: Module CRC relocation fix causes perf issues 2013-07-24 14:18:43 +10:00