powerpc/tm: Fix userspace r13 corruption

Michael Ellerman patch-notifications at ellerman.id.au
Wed Sep 26 22:13:10 AEST 2018


On Mon, 2018-09-24 at 07:27:04 UTC, Michael Neuling wrote:
> When we treclaim we store the userspace checkpointed r13 to a scratch
> SPR and then later save the scratch SPR to the user thread struct.
> 
> Unfortunately, this doesn't work as accessing the user thread struct
> can take an SLB fault and the SLB fault handler will write the same
> scratch SPRG that now contains the userspace r13.
> 
> To fix this, we store r13 to the kernel stack (which can't fault)
> before we access the user thread struct.
> 
> Found by running P8 guest + powervm + disable_1tb_segments + TM. Seen
> as a random userspace segfault with r13 looking like a kernel address.
> 
> Signed-off-by: Michael Neuling <mikey at neuling.org>
> Reviewed-by: Breno Leitao <leitao at debian.org>

Applied to powerpc fixes, thanks.

https://git.kernel.org/powerpc/c/cf13435b730a502e814c63c84d93db

cheers


More information about the Linuxppc-dev mailing list