> In the MIPS entry.S the symbol resume_userspace to the call to
> do_notify_resume form a loop through which the kernel will iterate as
> long as work is pending. If we iterate through this loop more than once
> with no signal pending for at least one but the last iteration we will
> perform the syscall restarting multiple times resulting in a syscall
> return prior to the the syscall instruction in userspace because the
> return program counter will be adjusted several times by:
>
> regs->regs[7] = regs->regs[26];
> regs->cp0_epc -= 8;
>
> resulting in return to userspace at a too low address. On MIPS this often
> happens to be a stackpointer adjustment but in many cases this may also
> just be a harmless instruction such as reloading the syscall number so
> may go unnoticed.
>
> We were able to trigger this when debugging a multithreaded programs.
> At least i386 uses virtually identical algorithms so I think is likely
> to have the same issue.
s390 has the same problem. Thanks for pointing this out.
btw. is there a reason why mips doesn't have a 'return' within do_signal()
(see patch below)? That would save you some cycles.
Also I think that powerpc's do_signal() could be converted to be a void
function and that their EXPORT_SYMBOL(do_signal) could be removed. Would
also save some cycles/memory.
diff --git a/arch/mips/kernel/signal.c b/arch/mips/kernel/signal.c
index 6b4d9be..43c37d9 100644
--- a/arch/mips/kernel/signal.c
+++ b/arch/mips/kernel/signal.c
@@ -446,6 +446,7 @@ void do_signal(struct pt_regs *regs)
if (test_thread_flag(TIF_RESTORE_SIGMASK))
clear_thread_flag(TIF_RESTORE_SIGMASK);
}
+ return;
}
no_signal:
-
To unsubscribe from this list: send the line "unsubscribe linux-arch" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
