From patchwork Tue Nov 18 23:09:47 2008
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jeremy Kerr <jk@ozlabs.org>
X-Patchwork-Id: 9510
Return-Path: <cbe-oss-dev-bounces+patchwork-incoming=ozlabs.org@ozlabs.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Received: from ozlabs.org (localhost [127.0.0.1])
	by ozlabs.org (Postfix) with ESMTP id 16C8847689
	for <patchwork-incoming@ozlabs.org>;
	Wed, 19 Nov 2008 10:10:10 +1100 (EST)
X-Original-To: cbe-oss-dev@ozlabs.org
Delivered-To: cbe-oss-dev@ozlabs.org
Received: by ozlabs.org (Postfix, from userid 1023)
	id 7EEE3DDE0A; Wed, 19 Nov 2008 10:09:56 +1100 (EST)
MIME-Version: 1.0
Message-Id: <1227049787.482219.695250894439.1.gpush@pingu>
To: <cbe-oss-dev@ozlabs.org>
From: Jeremy Kerr <jk@ozlabs.org>
Date: Wed, 19 Nov 2008 10:09:47 +1100
Subject: [Cbe-oss-dev] [PATCH] powerpc/spufs: Fix spinning in spufs_ps_fault
	on signal
X-BeenThere: cbe-oss-dev@ozlabs.org
X-Mailman-Version: 2.1.11
Precedence: list
List-Id: Discussion about Open Source Software for the Cell Broadband Engine
	<cbe-oss-dev.ozlabs.org>
List-Unsubscribe: <https://ozlabs.org/mailman/options/cbe-oss-dev>,
	<mailto:cbe-oss-dev-request@ozlabs.org?subject=unsubscribe>
List-Archive: <http://ozlabs.org/pipermail/cbe-oss-dev>
List-Post: <mailto:cbe-oss-dev@ozlabs.org>
List-Help: <mailto:cbe-oss-dev-request@ozlabs.org?subject=help>
List-Subscribe: <https://ozlabs.org/mailman/listinfo/cbe-oss-dev>,
	<mailto:cbe-oss-dev-request@ozlabs.org?subject=subscribe>
Sender: cbe-oss-dev-bounces+patchwork-incoming=ozlabs.org@ozlabs.org
Errors-To: cbe-oss-dev-bounces+patchwork-incoming=ozlabs.org@ozlabs.org

Currently, we can end up in an infinite loop if we get a signal
while the kernel has faulted in spufs_ps_fault. Eg:

 alarm(1);

 write(fd, some_spu_psmap_register_address, 4);

- the write's copy_from_user will fault on the ps mapping, and
signal_pending will be non-zero. Because returning from the fault
handler will never clear TIF_SIGPENDING, so we'll just keep faulting,
resulting in an unkillable process using 100% of CPU.

This change returns VM_FAULT_SIGBUS if there's a fatal signal pending,
letting us escape the loop.

Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
---
 arch/powerpc/platforms/cell/spufs/file.c |    3 +++
 1 file changed, 3 insertions(+)

diff --git a/arch/powerpc/platforms/cell/spufs/file.c b/arch/powerpc/platforms/cell/spufs/file.c
index b73c369..1b26071 100644
--- a/arch/powerpc/platforms/cell/spufs/file.c
+++ b/arch/powerpc/platforms/cell/spufs/file.c
@@ -390,6 +390,9 @@ static int spufs_ps_fault(struct vm_area_struct *vma,
 	if (offset >= ps_size)
 		return VM_FAULT_SIGBUS;
 
+	if (fatal_signal_pending(current))
+		return VM_FAULT_SIGBUS;
+
 	/*
 	 * Because we release the mmap_sem, the context may be destroyed while
 	 * we're in spu_wait. Grab an extra reference so it isn't destroyed