Re: [PATCH v2 25/43] powerpc/32: Replace ASM exception exit by C exception exit from ppc64
Le 12/03/2021 à 00:26, Michael Ellerman a écrit : Christophe Leroy writes: Le 11/03/2021 à 14:46, Michael Ellerman a écrit : Christophe Leroy writes: This patch replaces the PPC32 ASM exception exit by C exception exit. Signed-off-by: Christophe Leroy --- arch/powerpc/kernel/entry_32.S | 481 +--- arch/powerpc/kernel/interrupt.c | 4 + 2 files changed, 132 insertions(+), 353 deletions(-) Bisect points to this breaking qemu mac99 for me, with pmac32_defconfig. I haven't had time to dig any deeper sorry. Embarrasing ... Nah, these things happen. I don't get this problem on the 8xx (nohash/32) or the 83xx (book3s/32). I don't get this problem with qemu mac99 when using my klibc-based initramfs. I managed to reproduce it with the rootfs.cpio that I got some time ago from linuxppc github Wiki. OK. I'm using the ppc-rootfs.cpio.gz from here: https://github.com/linuxppc/ci-scripts/blob/master/root-disks/Makefile And the boot script is: https://github.com/linuxppc/ci-scripts/blob/master/scripts/boot/qemu-mac99 I've been meaning to write docs on how to use those scripts, but haven't got around to it. There's nothing really special though it's just a wrapper around qemu -M mac99. I'll investigate it tomorrow. Problem is the fast_interrupt_return, registers are not all saved yet on ppc32 (msr, nip, xer, ctr), can't restore them all as ppc64 do. The problem happens only when userspace uses floating point or altivec. For the time being, I'll keep the original fast_interrupt_return. I will likely send a new version of the series later today, taking into account Nick's comments. Christophe
Re: [PATCH v2 25/43] powerpc/32: Replace ASM exception exit by C exception exit from ppc64
Christophe Leroy writes: > Le 11/03/2021 à 14:46, Michael Ellerman a écrit : >> Christophe Leroy writes: >>> This patch replaces the PPC32 ASM exception exit by C exception exit. >>> >>> Signed-off-by: Christophe Leroy >>> --- >>> arch/powerpc/kernel/entry_32.S | 481 +--- >>> arch/powerpc/kernel/interrupt.c | 4 + >>> 2 files changed, 132 insertions(+), 353 deletions(-) >> >> Bisect points to this breaking qemu mac99 for me, with pmac32_defconfig. >> >> I haven't had time to dig any deeper sorry. > > Embarrasing ... Nah, these things happen. > I don't get this problem on the 8xx (nohash/32) or the 83xx (book3s/32). > I don't get this problem with qemu mac99 when using my klibc-based initramfs. > > I managed to reproduce it with the rootfs.cpio that I got some time ago from > linuxppc github Wiki. OK. I'm using the ppc-rootfs.cpio.gz from here: https://github.com/linuxppc/ci-scripts/blob/master/root-disks/Makefile And the boot script is: https://github.com/linuxppc/ci-scripts/blob/master/scripts/boot/qemu-mac99 I've been meaning to write docs on how to use those scripts, but haven't got around to it. There's nothing really special though it's just a wrapper around qemu -M mac99. > I'll investigate it tomorrow. Thanks. cheers
Re: [PATCH v2 25/43] powerpc/32: Replace ASM exception exit by C exception exit from ppc64
Le 11/03/2021 à 14:46, Michael Ellerman a écrit : Christophe Leroy writes: This patch replaces the PPC32 ASM exception exit by C exception exit. Signed-off-by: Christophe Leroy --- arch/powerpc/kernel/entry_32.S | 481 +--- arch/powerpc/kernel/interrupt.c | 4 + 2 files changed, 132 insertions(+), 353 deletions(-) Bisect points to this breaking qemu mac99 for me, with pmac32_defconfig. I haven't had time to dig any deeper sorry. Embarrasing ... I don't get this problem on the 8xx (nohash/32) or the 83xx (book3s/32). I don't get this problem with qemu mac99 when using my klibc-based initramfs. I managed to reproduce it with the rootfs.cpio that I got some time ago from linuxppc github Wiki. I'll investigate it tomorrow. Thanks Christophe cheers Freeing unused kernel memory: 1132K This architecture does not have kernel memory protection. Run /init as init process init[1]: User access of kernel address (fd20) - exploit attempt? (uid: 0) init[1]: segfault (11) at fd20 nip b7e78638 lr b7e845e4 code 1 in ld-2.27.so[b7e6b000+22000] init[1]: code: 92010080 92210084 92410088 92810090 92a10094 92c10098 930100a0 932100a4 init[1]: code: 934100a8 936100ac 93a100b4 91810074 <7d41496e> 3940 3b810017 579c0036 Kernel panic - not syncing: Attempted to kill init! exitcode=0x00ERROR: Error: saw oops/warning etc. while expecting 0b CPU: 0 PID: 1 Comm: init Not tainted 5.12.0-rc2+ #1 Call Trace: [f1019d80] [c004f1ec] panic+0x138/0x328 (unreliable) [f1019de0] [c0051c8c] do_exit+0x880/0x8f4 [f1019e30] [c0052bdc] do_group_exit+0x40/0xa4 [f1019e50] [c0060d04] get_signal+0x1e8/0x834 [f1019eb0] [c000b624] do_notify_resume+0xc8/0x314 [f1019f10] [c0010da8] interrupt_exit_user_prepare+0xa4/0xdc [f1019f30] [c0018228] interrupt_return+0x14/0x14c --- interrupt: 300 at 0xb7e78638 NIP: b7e78638 LR: b7e845e4 CTR: c01ea2d8 REGS: f1019f40 TRAP: 0300 Not tainted (5.12.0-rc2+) MSR: d032 CR: 28004422 XER: 2000 DAR: fd20 DSISR: 4200 GPR00: b7e845e4 bf951440 bf951460 bf951718 fefefeff 7f7f7f7f GPR08: bf9516b0 406ae8e0 b7eac1d4 0a12247b b7e8a0d0 b7e78554 GPR16: bf951730 bf9516f0 b7eaaf40 bf9516f0 0001 b7eaa688 10002178 bf951460 GPR24: b7eac200 100cff38 bf9516f0 10002179 b7e845e4 bf951440 NIP [b7e78638] 0xb7e78638 LR [b7e845e4] 0xb7e845e4 --- interrupt: 300 Rebooting in 180 seconds..
Re: [PATCH v2 25/43] powerpc/32: Replace ASM exception exit by C exception exit from ppc64
Christophe Leroy writes: > This patch replaces the PPC32 ASM exception exit by C exception exit. > > Signed-off-by: Christophe Leroy > --- > arch/powerpc/kernel/entry_32.S | 481 +--- > arch/powerpc/kernel/interrupt.c | 4 + > 2 files changed, 132 insertions(+), 353 deletions(-) Bisect points to this breaking qemu mac99 for me, with pmac32_defconfig. I haven't had time to dig any deeper sorry. cheers Freeing unused kernel memory: 1132K This architecture does not have kernel memory protection. Run /init as init process init[1]: User access of kernel address (fd20) - exploit attempt? (uid: 0) init[1]: segfault (11) at fd20 nip b7e78638 lr b7e845e4 code 1 in ld-2.27.so[b7e6b000+22000] init[1]: code: 92010080 92210084 92410088 92810090 92a10094 92c10098 930100a0 932100a4 init[1]: code: 934100a8 936100ac 93a100b4 91810074 <7d41496e> 3940 3b810017 579c0036 Kernel panic - not syncing: Attempted to kill init! exitcode=0x00ERROR: Error: saw oops/warning etc. while expecting 0b CPU: 0 PID: 1 Comm: init Not tainted 5.12.0-rc2+ #1 Call Trace: [f1019d80] [c004f1ec] panic+0x138/0x328 (unreliable) [f1019de0] [c0051c8c] do_exit+0x880/0x8f4 [f1019e30] [c0052bdc] do_group_exit+0x40/0xa4 [f1019e50] [c0060d04] get_signal+0x1e8/0x834 [f1019eb0] [c000b624] do_notify_resume+0xc8/0x314 [f1019f10] [c0010da8] interrupt_exit_user_prepare+0xa4/0xdc [f1019f30] [c0018228] interrupt_return+0x14/0x14c --- interrupt: 300 at 0xb7e78638 NIP: b7e78638 LR: b7e845e4 CTR: c01ea2d8 REGS: f1019f40 TRAP: 0300 Not tainted (5.12.0-rc2+) MSR: d032 CR: 28004422 XER: 2000 DAR: fd20 DSISR: 4200 GPR00: b7e845e4 bf951440 bf951460 bf951718 fefefeff 7f7f7f7f GPR08: bf9516b0 406ae8e0 b7eac1d4 0a12247b b7e8a0d0 b7e78554 GPR16: bf951730 bf9516f0 b7eaaf40 bf9516f0 0001 b7eaa688 10002178 bf951460 GPR24: b7eac200 100cff38 bf9516f0 10002179 b7e845e4 bf951440 NIP [b7e78638] 0xb7e78638 LR [b7e845e4] 0xb7e845e4 --- interrupt: 300 Rebooting in 180 seconds..
[PATCH v2 25/43] powerpc/32: Replace ASM exception exit by C exception exit from ppc64
This patch replaces the PPC32 ASM exception exit by C exception exit. Signed-off-by: Christophe Leroy --- arch/powerpc/kernel/entry_32.S | 481 +--- arch/powerpc/kernel/interrupt.c | 4 + 2 files changed, 132 insertions(+), 353 deletions(-) diff --git a/arch/powerpc/kernel/entry_32.S b/arch/powerpc/kernel/entry_32.S index 7084289994b3..d8fd2fd2c777 100644 --- a/arch/powerpc/kernel/entry_32.S +++ b/arch/powerpc/kernel/entry_32.S @@ -129,9 +129,7 @@ transfer_to_handler_cont: stw r12,TI_LOCAL_FLAGS(r2) lwz r9,_MSR(r11)/* if sleeping, clear MSR.EE */ rlwinm r9,r9,0,~MSR_EE - lwz r12,_LINK(r11) /* and return to address in LR */ - kuap_restore r11, r2, r3, r4, r5 - lwz r2, GPR2(r11) + stw r9,_MSR(r11) b fast_exception_return #endif _ASM_NOKPROBE_SYMBOL(transfer_to_handler) @@ -334,69 +332,20 @@ END_FTR_SECTION_IFSET(CPU_FTR_SPE) .globl fast_exception_return fast_exception_return: + lwz r6,_MSR(r1) + andi. r0,r6,MSR_PR + bne .Lfast_user_interrupt_return + li r3,0 /* 0 return value, no EMULATE_STACK_STORE */ #if !(defined(CONFIG_4xx) || defined(CONFIG_BOOKE)) - andi. r10,r9,MSR_RI /* check for recoverable interrupt */ - beq 1f /* if not, we've got problems */ -#endif - -2: REST_4GPRS(3, r11) - lwz r10,_CCR(r11) - REST_GPR(1, r11) - mtcrr10 - lwz r10,_LINK(r11) - mtlrr10 - /* Clear the exception_marker on the stack to avoid confusing stacktrace */ - li r10, 0 - stw r10, 8(r11) - REST_GPR(10, r11) -#if defined(CONFIG_PPC_8xx) && defined(CONFIG_PERF_EVENTS) - mtspr SPRN_NRI, r0 -#endif - mtspr SPRN_SRR1,r9 - mtspr SPRN_SRR0,r12 - REST_GPR(9, r11) - REST_GPR(12, r11) - lwz r11,GPR11(r11) - rfi -#ifdef CONFIG_40x - b . /* Prevent prefetch past rfi */ -#endif -_ASM_NOKPROBE_SYMBOL(fast_exception_return) - -#if !(defined(CONFIG_4xx) || defined(CONFIG_BOOKE)) -/* check if the exception happened in a restartable section */ -1: lis r3,exc_exit_restart_end@ha - addir3,r3,exc_exit_restart_end@l - cmplw r12,r3 - bge 3f - lis r4,exc_exit_restart@ha - addir4,r4,exc_exit_restart@l - cmplw r12,r4 - blt 3f - lis r3,fee_restarts@ha - tophys(r3,r3) - lwz r5,fee_restarts@l(r3) - addir5,r5,1 - stw r5,fee_restarts@l(r3) - mr r12,r4 /* restart at exc_exit_restart */ - b 2b - - .section .bss - .align 2 -fee_restarts: - .space 4 - .previous - -/* aargh, a nonrecoverable interrupt, panic */ -/* aargh, we don't know which trap this is */ -3: - li r10,-1 - stw r10,_TRAP(r11) + andi. r0,r6,MSR_RI + bne+.Lfast_kernel_interrupt_return addir3,r1,STACK_FRAME_OVERHEAD - bl transfer_to_handler_full bl unrecoverable_exception - b ret_from_except + trap/* should not get here */ +#else + b .Lfast_kernel_interrupt_return #endif +_ASM_NOKPROBE_SYMBOL(fast_exception_return) .globl ret_from_except_full ret_from_except_full: @@ -405,213 +354,146 @@ ret_from_except_full: .globl ret_from_except ret_from_except: - /* Hard-disable interrupts so that current_thread_info()->flags -* can't change between when we test it and when we return -* from the interrupt. */ - /* Note: We don't bother telling lockdep about it */ - LOAD_REG_IMMEDIATE(r10,MSR_KERNEL) - mtmsr r10 /* disable interrupts */ - - lwz r3,_MSR(r1) /* Returning to user mode? */ - andi. r0,r3,MSR_PR - beq resume_kernel - -user_exc_return: /* r10 contains MSR_KERNEL here */ - /* Check current_thread_info()->flags */ - lwz r9,TI_FLAGS(r2) - andi. r0,r9,_TIF_USER_WORK_MASK - bne do_work - -restore_user: -#if defined(CONFIG_4xx) || defined(CONFIG_BOOKE) - /* Check whether this process has its own DBCR0 value. The internal - debug mode bit tells us that dbcr0 should be loaded. */ - lwz r0,THREAD+THREAD_DBCR0(r2) - andis. r10,r0,DBCR0_IDM@h - bnel- load_dbcr0 -#endif - ACCOUNT_CPU_USER_EXIT(r2, r10, r11) +_ASM_NOKPROBE_SYMBOL(ret_from_except) + + .globl interrupt_return +interrupt_return: + lwz r4,_MSR(r1) + andi. r0,r4,MSR_PR + beq .Lkernel_interrupt_return + addir3,r1,STACK_FRAME_OVERHEAD + bl interrupt_exit_user_prepare + cmpwi r3,0 + bne-.Lrestore_nvgprs + +.Lfast_user_interrupt_return: #ifdef CONFIG_PPC_BOOK3S_32 kuep_unlock r10, r11 #endif +
