powerpc: Fix possible deadlock on page fault
stack_grow_into/14082 is trying to acquire lock:
(&mm->mmap_sem){++++++}, at: [<c000000000206d28>] .might_fault+0x78/0xe0
but task is already holding lock:
(&mm->mmap_sem){++++++}, at: [<c0000000007ffd8c>] .do_page_fault+0x24c/0x910
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&mm->mmap_sem);
lock(&mm->mmap_sem);
*** DEADLOCK ***
May be due to missing lock nesting notation
1 lock held by stack_grow_into/14082:
#0: (&mm->mmap_sem){++++++}, at: [<c0000000007ffd8c>] .do_page_fault+0x24c/0x910
stack backtrace:
CPU: 21 PID: 14082 Comm: stack_grow_into Not tainted 3.10.0-10.el7.ppc64.debug #1
Call Trace:
[c0000003d396b850] [c000000000016e7c] .show_stack+0x7c/0x1f0 (unreliable)
[c0000003d396b920] [c000000000813fc8] .dump_stack+0x28/0x3c
[c0000003d396b990] [c000000000124b90] .__lock_acquire+0x1640/0x1800
[c0000003d396bab0] [c00000000012570c] .lock_acquire+0xac/0x250
[c0000003d396bb80] [c000000000206d54] .might_fault+0xa4/0xe0
[c0000003d396bbf0] [c0000000007ffe2c] .do_page_fault+0x2ec/0x910
[c0000003d396be30] [c0000000000092e8] handle_page_fault+0x10/0x30
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
This commit is contained in:
Aneesh Kumar K.V
Benjamin Herrenschmidt
parent
256588fda1
commit
69e044dd75
|
|
@ -206,7 +206,7 @@ int __kprobes do_page_fault(struct pt_regs *regs, unsigned long address,
|
||||||
int trap = TRAP(regs);
|
int trap = TRAP(regs);
|
||||||
int is_exec = trap == 0x400;
|
int is_exec = trap == 0x400;
|
||||||
int fault;
|
int fault;
|
||||||
int rc = 0;
|
int rc = 0, store_update_sp = 0;
|
||||||
|
|
||||||
#if !(defined(CONFIG_4xx) || defined(CONFIG_BOOKE))
|
#if !(defined(CONFIG_4xx) || defined(CONFIG_BOOKE))
|
||||||
/*
|
/*
|
||||||
|
|
@ -280,6 +280,14 @@ int __kprobes do_page_fault(struct pt_regs *regs, unsigned long address,
|
||||||
|
|
||||||
perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS, 1, regs, address);
|
perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS, 1, regs, address);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* We want to do this outside mmap_sem, because reading code around nip
|
||||||
|
* can result in fault, which will cause a deadlock when called with
|
||||||
|
* mmap_sem held
|
||||||
|
*/
|
||||||
|
if (user_mode(regs))
|
||||||
|
store_update_sp = store_updates_sp(regs);
|
||||||
|
|
||||||
/* When running in the kernel we expect faults to occur only to
|
/* When running in the kernel we expect faults to occur only to
|
||||||
* addresses in user space. All other faults represent errors in the
|
* addresses in user space. All other faults represent errors in the
|
||||||
* kernel and should generate an OOPS. Unfortunately, in the case of an
|
* kernel and should generate an OOPS. Unfortunately, in the case of an
|
||||||
|
|
@ -345,8 +353,7 @@ int __kprobes do_page_fault(struct pt_regs *regs, unsigned long address,
|
||||||
* between the last mapped region and the stack will
|
* between the last mapped region and the stack will
|
||||||
* expand the stack rather than segfaulting.
|
* expand the stack rather than segfaulting.
|
||||||
*/
|
*/
|
||||||
if (address + 2048 < uregs->gpr[1]
|
if (address + 2048 < uregs->gpr[1] && !store_update_sp)
|
||||||
&& (!user_mode(regs) || !store_updates_sp(regs)))
|
|
||||||
goto bad_area;
|
goto bad_area;
|
||||||
}
|
}
|
||||||
if (expand_stack(vma, address))
|
if (expand_stack(vma, address))
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue