git.baikalelectronics.ru Git - kernel.git/commit

author	Nicolas Pitre <nico@fluxnic.net>
	Mon, 20 Sep 2010 03:10:43 +0000 (04:10 +0100)
committer	Russell King <rmk+kernel@arm.linux.org.uk>
	Thu, 23 Sep 2010 14:17:04 +0000 (15:17 +0100)
commit	77690cff4ab7beead28d3f183f37472b45c58da6
tree	6d0ed3804614f146a8001245d52579c4ee0cb311	tree \| snapshot
parent	32159e08954b3c823f849b94280060d515a52223	commit \| diff

ARM: 6401/1: plug a race in the alignment trap handler

When the policy for user space is to ignore misaligned accesses from user
space, the processor then performs a documented rotation on the accessed
data.  This is the result of the access being trapped, and the kernel
disabling the alignment trap before returning to user space again.

In kernel space we always want misaligned accesses to be fixed up.  This
is enforced by always re-enabling the alignment trap on every entry into
kernel space from user space.  No such re-enabling is performed when an
exception occurs while already in kernel space as the alignment trap is
always supposed to be enabled in that case.

There is however a small race window when a misaligned access in user
space is trapped and the alignment trap disabled, but the CPU didn't
return to user space just yet.  Any exception would be entered from kernel
space at that point and the kernel would then execute with the alignment
trap disabled.

Thanks to Maxime Bizon <mbizon@freebox.fr> for providing a test module
that made this issue reproducible.

Signed-off-by: Nicolas Pitre <nicolas.pitre@linaro.org>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>