Commit 870568b3 authored by Suresh Siddha's avatar Suresh Siddha Committed by Thomas Gleixner

x86, fpu: fix CONFIG_PREEMPT=y corruption of application's FPU stack

Jürgen Mell reported an FPU state corruption bug under CONFIG_PREEMPT,
and bisected it to commit v2.6.19-1363-gacc20761, "i386: add sleazy FPU
optimization".

Add tsk_used_math() checks to prevent calling math_state_restore()
which can sleep in the case of !tsk_used_math(). This prevents
making a blocking call in __switch_to().

Apparently "fpu_counter > 5" check is not enough, as in some signal handling
and fork/exec scenarios, fpu_counter > 5 and !tsk_used_math() is possible.

It's a side effect though. This is the failing scenario:

process 'A' in save_i387_ia32() just after clear_used_math()

Got an interrupt and pre-empted out.

At the next context switch to process 'A' again, kernel tries to restore
the math state proactively and sees a fpu_counter > 0 and !tsk_used_math()

This results in init_fpu() during the __switch_to()'s math_state_restore()

And resulting in fpu corruption which will be saved/restored
(save_i387_fxsave and restore_i387_fxsave) during the remaining
part of the signal handling after the context switch.
Bisected-by: default avatarJürgen Mell <j.mell@t-online.de>
Signed-off-by: default avatarSuresh Siddha <suresh.b.siddha@intel.com>
Tested-by: default avatarJürgen Mell <j.mell@t-online.de>
Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
Cc: stable@kernel.org
parent cd76374e
...@@ -649,8 +649,11 @@ struct task_struct * __switch_to(struct task_struct *prev_p, struct task_struct ...@@ -649,8 +649,11 @@ struct task_struct * __switch_to(struct task_struct *prev_p, struct task_struct
/* If the task has used fpu the last 5 timeslices, just do a full /* If the task has used fpu the last 5 timeslices, just do a full
* restore of the math state immediately to avoid the trap; the * restore of the math state immediately to avoid the trap; the
* chances of needing FPU soon are obviously high now * chances of needing FPU soon are obviously high now
*
* tsk_used_math() checks prevent calling math_state_restore(),
* which can sleep in the case of !tsk_used_math()
*/ */
if (next_p->fpu_counter > 5) if (tsk_used_math(next_p) && next_p->fpu_counter > 5)
math_state_restore(); math_state_restore();
/* /*
......
...@@ -658,8 +658,11 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) ...@@ -658,8 +658,11 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
/* If the task has used fpu the last 5 timeslices, just do a full /* If the task has used fpu the last 5 timeslices, just do a full
* restore of the math state immediately to avoid the trap; the * restore of the math state immediately to avoid the trap; the
* chances of needing FPU soon are obviously high now * chances of needing FPU soon are obviously high now
*
* tsk_used_math() checks prevent calling math_state_restore(),
* which can sleep in the case of !tsk_used_math()
*/ */
if (next_p->fpu_counter>5) if (tsk_used_math(next_p) && next_p->fpu_counter > 5)
math_state_restore(); math_state_restore();
return prev_p; return prev_p;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment