Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S932602AbdHVKmM (ORCPT <rfc822;w@1wt.eu>);
        Tue, 22 Aug 2017 06:42:12 -0400
Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:41718 "EHLO
        foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S932347AbdHVKmK (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 22 Aug 2017 06:42:10 -0400
Date: Tue, 22 Aug 2017 11:40:56 +0100
From: Mark Rutland <mark.rutland@arm.com>
To: linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org,
        linux-arch@vger.kernel.org, Russell King <linux@armlinux.org.uk>
Cc: catalin.marinas@arm.com, james.morse@arm.com, labbott@redhat.com,
        stable@vger.kernel.org, steve.capper@arm.com, will.deacon@arm.com,
        viro@zeniv.linux.org.uk, peterz@infradead.org, luto@amacapital.net
Subject: Re: [PATCH 2/2] arm: mm: abort uaccess retries upon fatal signal
Message-ID: <20170822104055.GB14671@leverpostej>
References: <1499782763-31418-1-git-send-email-mark.rutland@arm.com>
 <1499782763-31418-3-git-send-email-mark.rutland@arm.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1499782763-31418-3-git-send-email-mark.rutland@arm.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 2032
Lines: 52

On Tue, Jul 11, 2017 at 03:19:23PM +0100, Mark Rutland wrote:
> When there's a fatal signal pending, arm's do_page_fault()
> implementation returns 0. The intent is that we'll return to the
> faulting userspace instruction, delivering the signal on the way.
> 
> However, if we take a fatal signal during fixing up a uaccess, this
> results in a return to the faulting kernel instruction, which will be
> instantly retried, resulting in the same fault being taken forever. As
> the task never reaches userspace, the signal is not delivered, and the
> task is left unkillable. While the task is stuck in this state, it can
> inhibit the forward progress of the system.
> 
> To avoid this, we must ensure that when a fatal signal is pending, we
> apply any necessary fixup for a faulting kernel instruction. Thus we
> will return to an error path, and it is up to that code to make forward
> progress towards delivering the fatal signal.
> 
> Signed-off-by: Mark Rutland <mark.rutland@arm.com>
> Reviewed-by: Steve Capper <steve.capper@arm.com>
> Cc: Russell King <linux@armlinux.org.uk>
> Cc: stable@vger.kernel.org

Russell, on the assumption that you're happy with this as-is, I've
dropped it into the patch system as 8692/1.

Thanks,
Mark.

> ---
>  arch/arm/mm/fault.c | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c
> index ff8b0aa..42f5853 100644
> --- a/arch/arm/mm/fault.c
> +++ b/arch/arm/mm/fault.c
> @@ -315,8 +315,11 @@ static inline bool access_error(unsigned int fsr, struct vm_area_struct *vma)
>  	 * signal first. We do not need to release the mmap_sem because
>  	 * it would already be released in __lock_page_or_retry in
>  	 * mm/filemap.c. */
> -	if ((fault & VM_FAULT_RETRY) && fatal_signal_pending(current))
> +	if ((fault & VM_FAULT_RETRY) && fatal_signal_pending(current)) {
> +		if (!user_mode(regs))
> +			goto no_context;
>  		return 0;
> +	}
>  
>  	/*
>  	 * Major/minor page fault accounting is only done on the
> -- 
> 1.9.1
>