2009-12-05 15:06:40

by Bart Oldeman

[permalink] [raw]
Subject: Re: [PATCH] x86, vm86: fix preemption bug for int3 breakpoint handlers.

Thomas,

On Mon, 25 May 2009, Thomas Gleixner wrote:
> On Sun, 24 May 2009, Bart Oldeman wrote:
>> --- a/arch/x86/kernel/vm86_32.c
>> +++ b/arch/x86/kernel/vm86_32.c
>> @@ -551,8 +551,12 @@ cannot_handle:
>> int handle_vm86_trap(struct kernel_vm86_regs *regs, long error_code, int
>> trapno)
>> {
>> if (VMPI.is_vm86pus) {
>> - if ((trapno == 3) || (trapno == 1))
>> + if ((trapno == 3) || (trapno == 1)) {
>> + /* re-enable preemption: return_to_32bit()
>> + jumps straight to entry_32.S */
>> + dec_preempt_count();
>
> This will break other callers of handle_vm86_trap().

sorry for the late reply, I was just pointed out by someone else about the
existence of this bug again. You are right of course. Below is a new
patch.

Note that on the linux-2.6-x86.git tree, commit
08d68323d1f0c34452e614263b212ca556dae47f ("hw-breakpoints: modifying
generic debug exception to use thread-specific debug registers") broke
vm86 debug exceptions as well again. The trouble is that
handle_vm86_trap() may jump and change the stack to let the kernel return
to 32 bit user space, so the handle_vm86_trap() call itself may not
return.

--
Impact: fix kernel bug such as:
May 22 16:47:47 localhost kernel: note: dosemu.bin[5281] exited with preempt_count 1

Commit be716615fe596ee117292dc615e95f707fb67fd1 ("x86, vm86:
fix preemption bug"), fixed the problem for debug exceptions but not for
breakpoints. This change also fixes breakpoints.

Cc: [email protected]
Signed-off-by: Bart Oldeman <[email protected]>
---
arch/x86/kernel/traps.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)

--- a/arch/x86/kernel/traps.c
+++ b/arch/x86/kernel/traps.c
@@ -181,9 +181,14 @@ kernel_trap:

#ifdef CONFIG_X86_32
vm86_trap:
+ /* reenable preemption: handle_vm86_trap() might sleep */
+ dec_preempt_count();
if (handle_vm86_trap((struct kernel_vm86_regs *) regs,
- error_code, trapnr))
+ error_code, trapnr)) {
+ inc_preempt_count();
goto trap_signal;
+ }
+ inc_preempt_count();
return;
#endif
}