On Fri, Mar 17, 2017 at 10:56:10AM +0100, Lars Persson wrote: > We call a sleeping function in MIPS' get_syscall_arguments to read > from the userspace stack. Disable page faults around these calls to > prevent sleep in atomic contexts. > > The problem was observed as the following splat with ftrace system > call tracing enabled: > > BUG: sleeping function called from invalid context at arch/mips/include/asm/syscall.h:48 > in_atomic(): 1, irqs_disabled(): 0, pid: 1389, name: sh > Preemption disabled at: > [<801d31d4>] __fd_install+0x50/0x194 > CPU: 2 PID: 1389 Comm: sh Not tainted 4.9.14-axis4-devel #6 > Stack : 809d7bfa 0000003b 00000000 00000000 00000000 00000000 800a5438 808c3507 > 8e77599c 0000056d 00000002 809c4f44 8fc060e0 8dc07f68 00000005 800a5468 > 00000005 80403b30 00000000 00000000 807f5b64 8dc07e0c 8dc07df4 8014a36c > 00000000 8004927c 809d7bf8 00000024 8dc07e0c 00000000 00000002 807eaf58 > 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 > ... > Call Trace: > [<80021a68>] show_stack+0x94/0xb0 > [<803f4e38>] dump_stack+0x98/0xd0 > [<80074838>] ___might_sleep+0x160/0x1e4 > [<801205f8>] ftrace_syscall_enter+0x1c8/0x3ac > [<8001f77c>] syscall_trace_enter+0x18c/0x1f8 > [<8002b3f8>] syscall_trace_entry+0x44/0x94 Hmm, tricky. If for some reason the stack page was swapped out before syscall_get_arguments() was called, then by disabling page faults the args would be left uninitialised, even when not called from IRQ disabled context... We already copy the args to the kernel stack in handle_sys (with IRQs enabled), but thats as arguments to the syscall handler function and I suppose there's nothing to stop it overwriting those arguments. Cheers James > > Signed-off-by: Lars Persson <larper@xxxxxxxx> > --- > arch/mips/include/asm/syscall.h | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/arch/mips/include/asm/syscall.h b/arch/mips/include/asm/syscall.h > index d878825..270a6d5 100644 > --- a/arch/mips/include/asm/syscall.h > +++ b/arch/mips/include/asm/syscall.h > @@ -104,8 +104,10 @@ static inline void syscall_get_arguments(struct task_struct *task, > (regs->regs[2] == __NR_syscall)) > i++; > > + pagefault_disable(); > while (n--) > ret |= mips_get_syscall_arg(args++, task, regs, i++); > + pagefault_enable(); > > /* > * No way to communicate an error because this is a void function. > -- > 2.1.4 > >
Attachment:
signature.asc
Description: Digital signature
