linux-opendreambox-2.6.18: backported needed futex fix .. this fixes deadlocks during...
[openembedded.git] / recipes / linux / files / opendreambox / 0001-MIPS-Fix-possible-hang-in-LL-SC-futex-loops.patch
1 From 1532c32748658850d7d8b570187165c8bcb9858e Mon Sep 17 00:00:00 2001
2 From: Ralf Baechle <ralf@linux-mips.org>
3 Date: Tue, 20 Nov 2007 10:44:18 +0000
4 Subject: [PATCH] [MIPS] Fix possible hang in LL/SC futex loops.
5
6 The LL / SC loops in __futex_atomic_op() have the usual fixups necessary
7 for memory acccesses to userspace from kernel space installed:
8
9         __asm__ __volatile__(
10         "       .set    push                            \n"
11         "       .set    noat                            \n"
12         "       .set    mips3                           \n"
13         "1:     ll      %1, %4  # __futex_atomic_op     \n"
14         "       .set    mips0                           \n"
15         "       " insn  "                               \n"
16         "       .set    mips3                           \n"
17         "2:     sc      $1, %2                          \n"
18         "       beqz    $1, 1b                          \n"
19         __WEAK_LLSC_MB
20         "3:                                             \n"
21         "       .set    pop                             \n"
22         "       .set    mips0                           \n"
23         "       .section .fixup,\"ax\"                  \n"
24         "4:     li      %0, %6                          \n"
25         "       j       2b                              \n"     <-----
26         "       .previous                               \n"
27         "       .section __ex_table,\"a\"               \n"
28         "       "__UA_ADDR "\t1b, 4b                    \n"
29         "       "__UA_ADDR "\t2b, 4b                    \n"
30         "       .previous                               \n"
31         : "=r" (ret), "=&r" (oldval), "=R" (*uaddr)
32         : "0" (0), "R" (*uaddr), "Jr" (oparg), "i" (-EFAULT)
33         : "memory");
34
35 Notice the branch at the end of the fixup code, it goes back to the
36 SC instruction.  The SC instruction took an exception so it will not have
37 changed $1 so the loop will continue endless unless by coincidence the
38 value to be stored from $1 happened to be zero.
39
40 In case of a mappng that is valid things will obviously work and by mere
41 coincidence we'll get away with it for a nonsense address too.  But as
42 Kaz Kylheku <kaz@zeugmasystems.com> found if the mapping happens to
43 disappear while a futex operation is running things will go wrong and the
44 kernel will get stuck.
45
46 Thanks to Kaz for helping me understand why futexes where going wrong and
47 providing a test case.
48
49 Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
50 (cherry picked from commit 3ae822ecf819860a30dabe3e0062feedfa7d416c)
51 ---
52  include/asm-mips/futex.h |    6 +++---
53  1 files changed, 3 insertions(+), 3 deletions(-)
54
55 diff --git a/include/asm-mips/futex.h b/include/asm-mips/futex.h
56 index ed023ea..07d8e61 100644
57 --- a/include/asm-mips/futex.h
58 +++ b/include/asm-mips/futex.h
59 @@ -33,7 +33,7 @@
60                 "       .set    mips0                           \n"     \
61                 "       .section .fixup,\"ax\"                  \n"     \
62                 "4:     li      %0, %6                          \n"     \
63 -               "       j       2b                              \n"     \
64 +               "       j       3b                              \n"     \
65                 "       .previous                               \n"     \
66                 "       .section __ex_table,\"a\"               \n"     \
67                 "       "__UA_ADDR "\t1b, 4b                    \n"     \
68 @@ -59,7 +59,7 @@
69                 "       .set    mips0                           \n"     \
70                 "       .section .fixup,\"ax\"                  \n"     \
71                 "4:     li      %0, %6                          \n"     \
72 -               "       j       2b                              \n"     \
73 +               "       j       3b                              \n"     \
74                 "       .previous                               \n"     \
75                 "       .section __ex_table,\"a\"               \n"     \
76                 "       "__UA_ADDR "\t1b, 4b                    \n"     \
77 @@ -198,4 +198,4 @@ futex_atomic_cmpxchg_inatomic(int __user *uaddr, int oldval, int newval)
78  }
79  
80  #endif
81 -#endif
82 +#endif /* _ASM_FUTEX_H */
83 -- 
84 1.7.9
85