[PATCH] ARM: vfp: avoid unbalanced stack on 'success' return path

Tue May 9 23:51:28 PDT 2023

On Tue, 9 May 2023 at 18:24, Andre Przywara <andre.przywara at arm.com> wrote:
>
> On Sat,  6 May 2023 18:13:25 +0200
> Ard Biesheuvel <ardb at kernel.org> wrote:
>
> Hi,
>
> > Commit c76c6c4ecbec0deb5 ("ARM: 9294/2: vfp: Fix broken softirq handling
> > with instrumentation enabled") updated the VFP exception entry logic to
>
> > go via a C function, so that we get the compiler's version of
> > local_bh_disable(), which may be instrumented, and isn't generally
> > callable from assembler.
> >
> > However, this assumes that passing an alternative 'success' return
> > address works in C as it does in asm, and this is only the case if the C
> > calls in question are tail calls, as otherwise, the stack will need some
> > unwinding as well.
> >
> > I have already sent patches to the list that replace most of the asm
> > logic with C code, and so it is preferable to have a minimal fix that
> > addresses the issue and can be backported along with the commit that it
> > fixes to v6.3 from v6.4. Hopefully, we can land the C conversion for v6.5.
> >
> > So instead of passing the 'success' return address as a function
> > argument, pass the stack address from where to pop it so that both LR
> > and SP have the expected value.
> >
> > Fixes: c76c6c4ecbec0deb5 ("ARM: 9294/2: vfp: Fix broken softirq handling with ...")
> > Reported-by: syzbot+d4b00edc2d0c910d4bf4 at syzkaller.appspotmail.com
> > Signed-off-by: Ard Biesheuvel <ardb at kernel.org>
>
> So my Calxeda Midway boot broke with v6.4-rc1, when going to userland for
> the first time. I bisected it down to the above commit, and LinusW pointed me
> to this patch.
> I am still slowly mouthing the words of this' and the original patch's
> commit message, but anyway this patch fixes the boot for me, so:
>
> Tested-by: Andre Przywara <andre.przywara at arm.com>
>

Thanks for testing!

The fix is queued up in Russell's patch tracker.