github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-29 01:25:48 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
d9fc3fd3fa
linux/include
History
Ingo Molnar d9fc3fd3fa x86: fix savesegment() bug causing crashes on 64-bit 
i spent a fair amount of time chasing a 64-bit bootup crash that manifested
itself as bootup segfaults:

  S10network[1825]: segfault at 7f3e2b5d16b8 ip 00000031108748c9 sp 00007fffb9c14c70 error 4 in libc-2.7.so[3110800000+14d000]

eventually causing init to die and panic the system:

  Kernel panic - not syncing: Attempted to kill init!
  Pid: 1, comm: init Not tainted 2.6.26-rc9-tip #13878

after a maratonic bisection session, the bad commit turned out to be:

| b7675791859075418199c7af86a116ea34eaf5bd is first bad commit
| commit b7675791859075418199c7af86a116ea34eaf5bd
| Author: Jeremy Fitzhardinge <jeremy@goop.org>
| Date:   Wed Jun 25 00:19:00 2008 -0400
|
|     x86: remove open-coded save/load segment operations
|
|     This removes a pile of buggy open-coded implementations of savesegment
|     and loadsegment.

after some more bisection of this patch itself, it turns out that what
makes the difference are the savesegment() changes to __switch_to().

Taking a look at this portion of arch/x86/kernel/process_64.o revealed
this crutial difference:

| good:    99c:       8c e0                   mov    %fs,%eax
|          99e:       89 45 cc                mov    %eax,-0x34(%rbp)
|
| bad:     99c:       8c 65 cc                mov    %fs,-0x34(%rbp)

which is due to:

|                 unsigned fsindex;
| -               asm volatile("movl %%fs,%0" : "=r" (fsindex));
| +               savesegment(fs, fsindex);

savesegment() is implemented as:

 #define savesegment(seg, value)                                \
          asm("mov %%" #seg ",%0":"=rm" (value) : : "memory")

note the "m" modifier - it allows GCC to generate the segment move
into a memory operand as well.

But regarding segment operands there's a subtle detail in the x86
instruction set: the above 16-bit moves are zero-extend, but only
if it goes to a register.

If it goes to a memory operand, -0x34(%rbp) in the above case, there's
no zero-extend to 32-bit and the instruction will only save 16 bits
instead of the intended 32-bit.

The other 16 bits is random data - which can cause problems when that
value is used later on.

The solution is to only allow segment operands to go to registers.
This fix allows my test-system to boot up without crashing.

Signed-off-by: Ingo Molnar <mingo@elte.hu>
2008-07-11 19:51:47 +02:00
..
acpi proper prototype for acpi_processor_tstate_has_changed() 2008-06-11 19:13:46 -04:00
asm-alpha alpha: fix compile error in arch/alpha/mm/init.c 2008-06-23 18:26:04 -07:00
asm-arm [ARM] 5091/1: Add missing bitfield include to regs-lcd.h 2008-06-12 20:49:38 +01:00
asm-avr32 avr32: types: use <asm-generic/int-*.h> for the avr32 architecture 2008-05-02 16:18:20 -07:00
asm-blackfin Blackfin Serial Driver: Use timer to poll CTS PIN instead of workqueue. 2008-06-19 17:46:39 +08:00
asm-cris cris: types: use <asm-generic/int-*.h> for the cris architecture 2008-05-02 16:18:20 -07:00
asm-frv FRV: ip_fast_csum() requires a memory clobber on its inline asm 2008-06-05 10:31:21 -07:00
asm-generic Merge branches 'x86/numa-fixes', 'x86/apic', 'x86/apm', 'x86/bitops', 'x86/build', 'x86/cleanups', 'x86/cpa', 'x86/cpu', 'x86/defconfig', 'x86/gart', 'x86/i8259', 'x86/intel', 'x86/irqstats', 'x86/kconfig', 'x86/ldt', 'x86/mce', 'x86/memtest', 'x86/pat', 'x86/ptemask', 'x86/resumetrace', 'x86/threadinfo', 'x86/timers', 'x86/vdso' and 'x86/xen' into x86/devel 2008-07-08 09:16:56 +02:00
asm-h8300 h8300: fix typo in header guard 2008-06-06 11:29:12 -07:00
asm-ia64 [IA64] Fix CONFIG_IA64_SGI_UV build error 2008-06-16 09:02:03 -07:00
asm-m32r asm-m32r/uaccess.h must #include <asm/setup.h> 2008-06-06 11:29:13 -07:00
asm-m68k m68k: Add ext2_find_{first,next}_bit() for ext4 2008-06-12 18:05:39 -07:00
asm-m68knommu m68knommu: rework definition of HZ 2008-05-01 08:08:36 -07:00
asm-mips [MIPS] Fix bug in atomic_sub_if_positive. 2008-07-04 08:22:15 +01:00
asm-mn10300 MN10300: Fix typo in header guard 2008-05-28 07:59:06 -07:00
asm-parisc parisc: fix miscompilation of ip_fast_csum with gcc >= 4.3 2008-06-13 10:49:56 -04:00
asm-powerpc Correct hash flushing from huge_ptep_set_wrprotect() 2008-07-08 09:27:58 -07:00
asm-ppc [POWERPC] ppc: More compile fixes 2008-05-12 22:57:51 +10:00
asm-s390 [S390] protect _PAGE_SPECIAL bit against mprotect 2008-07-08 11:31:15 +02:00
asm-sh sh: fix miscompilation of ip_fast_csum with gcc >= 4.3 2008-06-02 12:40:14 +09:00
asm-sparc sparc: remove CVS keywords 2008-05-20 00:33:44 -07:00
asm-sparc64 sparc64: IO accessors fix 2008-05-30 02:01:28 -07:00
asm-um uml: activate_mm: remove the dead PF_BORROWED_MM check 2008-06-06 11:36:22 -07:00
asm-v850 v850: fix typo in header guard 2008-06-06 11:29:12 -07:00
asm-x86 x86: fix savesegment() bug causing crashes on 64-bit 2008-07-11 19:51:47 +02:00
asm-xtensa asm-{alpha,h8300,um,v850,xtensa}/param.h: unbreak HZ for userspace 2008-05-14 19:11:14 -07:00
crypto [CRYPTO] api: Fix scatterwalk_sg_chain 2008-05-01 18:22:28 +08:00
keys
linux Merge branch 'x86/core' into x86/unify-pci 2008-07-09 11:39:02 +02:00
math-emu
media V4L/DVB (8092): videodev: simplify and fix standard enumeration 2008-06-26 15:58:57 -03:00
mtd
net net-sched: change tcf_destroy_chain() to clear start of filter list 2008-07-01 19:52:38 -07:00
pcmcia
rdma IB/core: Remove IB_DEVICE_SEND_W_INV capability flag 2008-06-09 09:58:42 -07:00
rxrpc
scsi Merge git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-misc-2.6 2008-05-02 13:52:35 -07:00
sound [ALSA] ac97 - Fix ASUS A9T laptop output 2008-05-30 16:20:42 +02:00
video
xen xen: implement ptep_modify_prot_start/commit 2008-06-25 15:17:23 +02:00
Kbuild