Commit Graph

40 Commits

Author SHA1 Message Date
Bobby Bingham abafe5d9b0 sh: push extra copy of r0-r2 for syscall parameters
When invoking syscall handlers on sh32, the saved userspace registers
are at the top of the stack.  This seems to have been intentional, as it
is an easy way to pass r0, r1, ...  to the handler as parameters 5, 6,
...

It causes problems, however, because the compiler is allowed to generate
code for a function which clobbers that function's own parameters.  For
example, gcc generates the following code for clone:

    <SyS_clone>:
        mov.l   8c020714 <SyS_clone+0xc>,r1  ! 8c020540 <do_fork>
        mov.l   r7,@r15
        mov     r6,r7
        jmp     @r1
        mov     #0,r6
        nop
        .word 0x0540
        .word 0x8c02

The `mov.l r7,@r15` clobbers the saved value of r0 passed from
userspace.  For most system calls, this might not be a problem, because
we'll be overwriting r0 with the return value anyway.  But in the case
of clone, copy_thread will need the original value of r0 if the
CLONE_SETTLS flag was specified.

The first patch in this series fixes this issue for system calls by
pushing to the stack and extra copy of r0-r2 before invoking the
handler.  We discard this copy before restoring the userspace registers,
so it is not a problem if they are clobbered.

Exception handlers also receive the userspace register values in a
similar manner, and may hit the same problem.  The second patch removes
the do_fpu_error handler, which looks susceptible to this problem and
which, as far as I can tell, has not been used in some time.  The third
patch addresses other exception handlers.

This patch (of 3):

The userspace registers are stored at the top of the stack when the
syscall handler is invoked, which allows r0-r2 to act as parameters 5-7.
Parameters passed on the stack may be clobbered by the syscall handler.
The solution is to push an extra copy of the registers which might be
used as syscall parameters to the stack, so that the authoritative set
of saved register values does not get clobbered.

A few system call handlers are also updated to get the userspace
registers using current_pt_regs() instead of from the stack.

Signed-off-by: Bobby Bingham <koorogi@koorogi.info>
Cc: Paul Mundt <paul.mundt@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-04-03 16:20:52 -07:00
Al Viro 0679a858c5 sh: switch to generic old sigaction()
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-02-03 18:16:16 -05:00
Al Viro 881e252d6b sh: switch to generic old sigsuspend()
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-02-03 18:16:16 -05:00
Al Viro 7a879a94d9 sh: switch to generic sigaltstack
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-02-03 18:16:15 -05:00
Richard Weinberger 3cffdc8c3a Uninclude linux/freezer.h
This include is no longer needed.
(seems to be a leftover from try_to_freeze())

Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2012-10-01 09:58:18 -04:00
Al Viro efee984c27 new helper: signal_delivered()
Does block_sigmask() + tracehook_signal_handler();  called when
sigframe has been successfully built.  All architectures converted
to it; block_sigmask() itself is gone now (merged into this one).

I'm still not too happy with the signature, but that's a separate
story (IMO we need a structure that would contain signal number +
siginfo + k_sigaction, so that get_signal_to_deliver() would fill one,
signal_delivered(), handle_signal() and probably setup...frame() -
take one).

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2012-06-01 12:58:52 -04:00
Al Viro 77097ae503 most of set_current_blocked() callers want SIGKILL/SIGSTOP removed from set
Only 3 out of 63 do not.  Renamed the current variant to __set_current_blocked(),
added set_current_blocked() that will exclude unblockable signals, switched
open-coded instances to it.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2012-06-01 12:58:51 -04:00
Al Viro a610d6e672 pull clearing RESTORE_SIGMASK into block_sigmask()
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2012-06-01 12:58:49 -04:00
Al Viro b7f9a11a6c new helper: sigmask_to_save()
replace boilerplate "should we use ->saved_sigmask or ->blocked?"
with calls of obvious inlined helper...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2012-06-01 12:58:48 -04:00
Al Viro 51a7b448d4 new helper: restore_saved_sigmask()
first fruits of ..._restore_sigmask() helpers: now we can take
boilerplate "signal didn't have a handler, clear RESTORE_SIGMASK
and restore the blocked mask from ->saved_mask" into a common
helper.  Open-coded instances switched...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2012-06-01 12:58:47 -04:00
Al Viro a42c6ded82 move key_repace_session_keyring() into tracehook_notify_resume()
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2012-05-23 22:09:20 -04:00
Al Viro a46808e1b7 sh: missing checks of __get_user()/__put_user() return values
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2012-05-21 23:59:21 -04:00
Al Viro 9ef461adf9 sh: switch to saved_sigmask-based sigsuspend()/rt_sigsuspend()
Complete the move of sh64 to it, trim the crap from prototypes,
tidy up a bit.  Infrastructure in do_signal() had already been
there, in signal_64 as well as in signal_32 (where it was already
used).

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2012-05-21 23:58:06 -04:00
Al Viro 68f3f16d9a new helper: sigsuspend()
guts of saved_sigmask-based sigsuspend/rt_sigsuspend.  Takes
kernel sigset_t *.

Open-coded instances replaced with calling it.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2012-05-21 23:52:30 -04:00
Linus Torvalds f52b69f86e SuperH updates for 3.4 merge window
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.15 (GNU/Linux)
 
 iEYEABECAAYFAk91TL0ACgkQGkmNcg7/o7hEjwCgmuz6QQKkow7e5q0x7DR5Z2NH
 1YoAn3TpODDmpaBiou26uMRPhcR6e1qC
 =JCA0
 -----END PGP SIGNATURE-----

Merge tag 'sh-for-linus' of git://github.com/pmundt/linux-sh

Pull SuperH updates from Paul Mundt.

* tag 'sh-for-linus' of git://github.com/pmundt/linux-sh: (25 commits)
  sh: Support I/O space swapping where needed.
  sh: use set_current_blocked() and block_sigmask()
  sh: no need to reset handler if SA_ONESHOT
  sh: intc: Fix up section mismatch for intc_ack_data
  sh: select ARCH_DISCARD_MEMBLOCK.
  sh: Consolidate duplicate _32/_64 unistd definitions.
  sh: ecovec: switch SDHI controllers to card polling
  sh: Avoid exporting unimplemented syscalls.
  sh: add platform_device for RSPI in setup-sh7757
  SH: pci-sh7780: enable big-endian operation.
  serial: sh-sci: fix a race of DMA submit_tx on transfer
  sh: dma: Collect up CHCR of SH7763, SH7764, SH7780 and SH7785
  sh: dma: Collect up CHCR of SH7723 and SH7730
  sh/next: Fix build fail by asm/system.h in asm/bitops.h
  arch/sh/drivers/dma/{dma-g2,dmabrg}.c: ensure arguments to request_irq and free_irq are compatible
  sh: cpufreq: Wire up scaling_available_freqs support.
  sh: cpufreq: notify about rate rounding fallback.
  sh: cpufreq: Support CPU clock frequency table.
  sh: cpufreq: struct device lookup from CPU topology.
  sh: cpufreq: percpu struct clk accounting.
  ...
2012-03-30 00:09:17 -07:00
Matt Fleming 5e047fa159 sh: use set_current_blocked() and block_sigmask()
As described in e6fa16ab ("signal: sigprocmask() should do
retarget_shared_pending()") the modification of current->blocked is
incorrect as we need to check whether the signal we're about to block is
pending in the shared queue.

Also, use the new helper function introduced in commit 5e6292c0f2
("signal: add block_sigmask() for adding sigmask to current->blocked")
which centralises the code for updating current->blocked after
successfully delivering a signal and reduces the amount of duplicate code
across architectures.  In the past some architectures got this code wrong,
so using this helper function should stop that from happening again.

Acked-by: Oleg Nesterov <oleg@redhat.com>
Cc: Paul Mundt <lethal@linux-sh.org>
Signed-off-by: Matt Fleming <matt.fleming@intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2012-03-29 09:11:26 +09:00
Matt Fleming 8368b0e0ca sh: no need to reset handler if SA_ONESHOT
get_signal_to_deliver() already resets the signal handler if SA_ONESHOT is
set in ka->sa.sa_flags, there's no need to do it again in handle_signal().
 Furthermore, because we were modifying ka->sa.sa_handler (which is a copy
of sighand->action[]) instead of sighand->action[] the original code had
no effect on signal delivery.

Acked-by: Oleg Nesterov <oleg@redhat.com>
Cc: Paul Mundt <lethal@linux-sh.org>
Signed-off-by: Matt Fleming <matt.fleming@intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2012-03-29 09:11:24 +09:00
David Howells e839ca5287 Disintegrate asm/system.h for SH
Disintegrate asm/system.h for SH.

Signed-off-by: David Howells <dhowells@redhat.com>
cc: linux-sh@vger.kernel.org
2012-03-28 18:30:03 +01:00
Paul Mundt abef364050 sh: Remove redundant try_to_freeze() invocations.
get_signal_to_deliver() takes care of this, kill off the redundancies, as
per the avr32 change.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2012-01-10 16:37:06 +09:00
Paul Mundt 9d56dd3b08 sh: Mass ctrl_in/outX to __raw_read/writeX conversion.
The old ctrl in/out routines are non-portable and unsuitable for
cross-platform use. While drivers/sh has already been sanitized, there
is still quite a lot of code that is not. This converts the arch/sh/ bits
over, which permits us to flag the routines as deprecated whilst still
building with -Werror for the architecture code, and to ensure that
future users are not added.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2010-01-26 12:58:40 +09:00
Paul Mundt 0ea820cf9b sh: Move over to dynamically allocated FPU context.
This follows the x86 xstate changes and implements a task_xstate slab
cache that is dynamically sized to match one of hard FP/soft FP/FPU-less.

This also tidies up and consolidates some of the SH-2A/SH-4 FPU
fragmentation. Now fpu state restorers are commonly defined, with the
init_fpu()/fpu_init() mess reworked to follow the x86 convention.
The fpu_init() register initialization has been replaced by xstate setup
followed by writing out to hardware via the standard restore path.

As init_fpu() now performs a slab allocation a secondary lighterweight
restorer is also introduced for the context switch.

In the future the DSP state will be rolled in here, too.

More work remains for math emulation and the SH-5 FPU, which presently
uses its own special (UP-only) interfaces.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2010-01-13 12:51:40 +09:00
Paul Mundt 56bfc42f6c sh: TS_RESTORE_SIGMASK conversion.
Replace TIF_RESTORE_SIGMASK with TS_RESTORE_SIGMASK and define our own
set_restore_sigmask() function.  This saves the costly SMP-safe set_bit
operation, which we do not need for the sigmask flag since TIF_SIGPENDING
always has to be set too.

Based on the x86 and powerpc change.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2009-10-14 16:05:42 +09:00
Paul Mundt 4d2947f7c6 sh: Optimize the setup_rt_frame() I-cache flush.
This only needs to flush the return code via the legacy path, and just
invalidates uselessly otherwise. This makes the behaviour consistent for
all of the trampoline setup paths.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2009-10-14 15:49:45 +09:00
Paul Mundt eaa47704d9 sh: Use boot_cpu_data for FPU tests in sigcontext paths.
We do not want to use smp_processor_id() from these paths, as they trip
preempt BUGs. Switch the test over to the boot cpu directly.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2009-10-14 15:43:41 +09:00
Paul Mundt ea88023b34 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6
Conflicts:
	arch/sh/kernel/vmlinux.lds.S
2009-09-16 13:48:32 +09:00
David Howells ee18d64c1f KEYS: Add a keyctl to install a process's session keyring on its parent [try #6]
Add a keyctl to install a process's session keyring onto its parent.  This
replaces the parent's session keyring.  Because the COW credential code does
not permit one process to change another process's credentials directly, the
change is deferred until userspace next starts executing again.  Normally this
will be after a wait*() syscall.

To support this, three new security hooks have been provided:
cred_alloc_blank() to allocate unset security creds, cred_transfer() to fill in
the blank security creds and key_session_to_parent() - which asks the LSM if
the process may replace its parent's session keyring.

The replacement may only happen if the process has the same ownership details
as its parent, and the process has LINK permission on the session keyring, and
the session keyring is owned by the process, and the LSM permits it.

Note that this requires alteration to each architecture's notify_resume path.
This has been done for all arches barring blackfin, m68k* and xtensa, all of
which need assembly alteration to support TIF_NOTIFY_RESUME.  This allows the
replacement to be performed at the point the parent process resumes userspace
execution.

This allows the userspace AFS pioctl emulation to fully emulate newpag() and
the VIOCSETTOK and VIOCSETTOK2 pioctls, all of which require the ability to
alter the parent process's PAG membership.  However, since kAFS doesn't use
PAGs per se, but rather dumps the keys into the session keyring, the session
keyring of the parent must be replaced if, for example, VIOCSETTOK is passed
the newpag flag.

This can be tested with the following program:

	#include <stdio.h>
	#include <stdlib.h>
	#include <keyutils.h>

	#define KEYCTL_SESSION_TO_PARENT	18

	#define OSERROR(X, S) do { if ((long)(X) == -1) { perror(S); exit(1); } } while(0)

	int main(int argc, char **argv)
	{
		key_serial_t keyring, key;
		long ret;

		keyring = keyctl_join_session_keyring(argv[1]);
		OSERROR(keyring, "keyctl_join_session_keyring");

		key = add_key("user", "a", "b", 1, keyring);
		OSERROR(key, "add_key");

		ret = keyctl(KEYCTL_SESSION_TO_PARENT);
		OSERROR(ret, "KEYCTL_SESSION_TO_PARENT");

		return 0;
	}

Compiled and linked with -lkeyutils, you should see something like:

	[dhowells@andromeda ~]$ keyctl show
	Session Keyring
	       -3 --alswrv   4043  4043  keyring: _ses
	355907932 --alswrv   4043    -1   \_ keyring: _uid.4043
	[dhowells@andromeda ~]$ /tmp/newpag
	[dhowells@andromeda ~]$ keyctl show
	Session Keyring
	       -3 --alswrv   4043  4043  keyring: _ses
	1055658746 --alswrv   4043  4043   \_ user: a
	[dhowells@andromeda ~]$ /tmp/newpag hello
	[dhowells@andromeda ~]$ keyctl show
	Session Keyring
	       -3 --alswrv   4043  4043  keyring: hello
	340417692 --alswrv   4043  4043   \_ user: a

Where the test program creates a new session keyring, sticks a user key named
'a' into it and then installs it on its parent.

Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
2009-09-02 21:29:22 +10:00
Carl Shaw 2fc742f8d6 sh: Improve unwind info for signals
GCC does not issue unwind information for function epilogues.
Unfortunately we can catch a signal during an epilogue.  The signal
handler writes the current context and signal return code onto the stack
overwriting previous contents.  During unwinding, libgcc can try to
restore registers from the stack and restores corrupted ones. This can
lead to segmentation, misaligned access and sigbus faults.

For example, consider the following code:

    mov.l   r12,@-r15
    mov.l   r14,@-r15
    sts.l   pr,@-r15
    mov     r15,r14

    <do stuff>

    mov r14, r15
    lds.l @r15+, pr
	<<< SIGNAL HERE
    mov.l @r15+, r14
    mov.l @r15+, r12
    rts

Unwind is aware that pr was pushed to stack in prolog, so tries to
restore it.  Unfortunately it restores the last word of the signal
handler code placed on the stack by the kernel.

This patch tries to avoid the problem by adding a guard region on the
stack between where the function pushes data and where the signal handler
pushes its return code.  We probably don't see this problem often because
exception handling unwinding in an epilogue only occurs due to a pthread
cancel signal.  Also the kernel signal stack handler alignment of 8 bytes
could hide the occurance of this problem sometimes as the stack may not
be trampled at a particular required word.

This is not guaranteed to always work.  It relies on a frame pointer
existing for the function (so it can get the correct sp value) which is
not always the case for the SH4.

Modifications will also be made to libgcc for the case where there is no
fp.

Signed-off-by: Carl Shaw <carl.shaw@st.com>
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2009-08-24 15:07:08 +09:00
Matt Fleming 9445571169 sh: Fix declaration of __kernel_sigreturn and __kernel_rt_sigreturn
GCC 4.5.0 complains about the declaration of variables
__kernel_sigreturn and __kernel_rt_sigreturn because they have type
void.  Correctly declare these symbols as functions to fix the
following error,

arch/sh/kernel/signal_32.c: In function 'setup_frame':
arch/sh/kernel/signal_32.c:368:14: error: taking address of expression of type 'void'
arch/sh/kernel/signal_32.c: In function 'setup_rt_frame':
arch/sh/kernel/signal_32.c:452:14: error: taking address of expression of type 'void'
make[1]: *** [arch/sh/kernel/signal_32.o] Error 1
make: *** [arch/sh/kernel] Error 2

Signed-off-by: Matt Fleming <matt@console-pimps.org>
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2009-06-18 18:25:21 +09:00
Paul Mundt 03f07876df sh: Fix up spurious syscall restarting.
The T-bit manipulation for syscall error checking had the side effect of
spuriously returning ERESTART* errno values over EINTR. So, we simplify
the error checking a bit and leave the T-bit alone.

Reported-by: Kaz Kojima <kkojima@rr.iij4u.or.jp>
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2009-01-29 11:56:03 +09:00
Paul Mundt 94e2fb3d3e sh: Provide asm/syscall.h for SH-5.
This provides the asm/syscall.h implementation for sh64 parts.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2008-12-22 18:44:04 +09:00
Paul Mundt 1bec157a1f sh: Force pending restarted system calls to return -EINTR.
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2008-09-24 14:37:35 +09:00
Paul Mundt f8b890ab4c sh: Flag T-bit for syscall restart.
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2008-09-12 22:08:20 +09:00
Paul Mundt fa43972fab sh: fixup many sparse errors.
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2008-09-08 10:35:04 +09:00
Paul Mundt ab99c733ae sh: Make syscall tracer use tracehook notifiers, add TIF_NOTIFY_RESUME.
This follows the changes in commits:

7d6d637dac
4f72c4279e

on powerpc. Adding in TIF_NOTIFY_RESUME, and cleaning up the syscall
tracing to be more generic. This is an incremental step to turning
on tracehook, as well as unifying more of the ptrace and signal code
across the 32/64 split.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2008-08-02 04:39:33 +09:00
Stuart Menefy f2fb4e4f64 sh: Conditionally re-enable IRQs in fault path.
The current kernel behaviour is to reenable interrupts unconditionally
when taking a page fault. This patch changes this to only enable them
if interrupts were previously enabled.

It also fixes a problem seen with this fix in place: the kernel previously
flushed the vsyscall page when handling a signal, which is not only
unncessary, but caused a possible sleep with interrupts disabled.

Signed-off-by: Stuart Menefy <stuart.menefy@st.com>
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2008-07-28 18:10:33 +09:00
Chris Smith 09b5a10c19 sh: Optimized flush_icache_range() implementation.
Add implementation of flush_icache_range() suitable for signal handler
and kprobes. Remove flush_cache_sigtramp() and change signal.c to use
flush_icache_range().

Signed-off-by: Chris Smith <chris.smith@st.com>
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2008-07-28 18:10:32 +09:00
Paul Mundt 3bc24a1a54 sh: Initial ELF FDPIC support.
This adds initial support for ELF FDPIC on MMU-less SH, as per version
0.2 of the ABI definition at:

	http://www.codesourcery.com/public/docs/sh-fdpic/sh-fdpic-abi.txt

Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2008-07-28 18:10:28 +09:00
Paul Mundt 9bbafce2ee sh: Fix occasional FPU register corruption under preempt.
Presently with preempt enabled there's the possibility to be preempted
after the TIF_USEDFPU test and the register save, leading to bogus
state post-__switch_to(). Use an explicit preempt_disable()/enable()
pair around unlazy_fpu()/clear_fpu() to avoid this. Follows the x86
change.

Reported-by: Takuo Koguchi <takuo.koguchi.sw@hitachi.com>
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2008-03-26 19:02:47 +09:00
Stuart Menefy 1efe4ce3ca sh: GUSA atomic rollback support.
This implements kernel-level atomic rollback built on top of gUSA,
as an alternative non-IRQ based atomicity method. This is generally
a faster method for platforms that are lacking the LL/SC pairs that
SH-4A and later use, and is only supportable on legacy cores.

Signed-off-by: Stuart Menefy <stuart.menefy@st.com>
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2008-01-28 13:18:58 +09:00
Paul Mundt f7a7b15344 sh: Move in the SH-5 signal trampoline impl.
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2008-01-28 13:18:43 +09:00