Yakkety SRU - 16.04.2: Extra patches for POWER9

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Yakkety SRU - 16.04.2: Extra patches for POWER9

Tim Gardner-2
https://bugs.launchpad.net/bugs/1664564

[PATCH 1/2] powerpc/mm: Fix no execute fault handling on pre-POWER5
[PATCH 2/2] powerpc/mm: Fix spurrious segfaults on radix with

rtg

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

[PATCH 1/2] powerpc/mm: Fix no execute fault handling on pre-POWER5

Tim Gardner-2
From: Balbir Singh <[hidden email]>

BugLink: http://bugs.launchpad.net/bugs/1664564

Aneesh/Ben reported that the change to do_page_fault() we made in commit
1d18ad026844 ("powerpc/mm: Detect instruction fetch denied and report")
needs to handle the case where CPU_FTR_COHERENT_ICACHE is missing but we
have CPU_FTR_NOEXECUTE. In those cases the check added for
SRR1_ISI_N_OR_G might trigger a false positive.

This patch adds a check for CPU_FTR_COHERENT_ICACHE in addition to the
MSR value.

Fixes: 1d18ad026844 ("powerpc/mm: Detect instruction fetch denied and report")
Reported-by: Aneesh Kumar K.V <[hidden email]>
Acked-by: Benjamin Herrenschmidt <[hidden email]>
Signed-off-by: Balbir Singh <[hidden email]>
Signed-off-by: Michael Ellerman <[hidden email]>
(cherry picked from commit 0ab5171b8971282d7562b77f9b14137a827117fc)
Signed-off-by: Tim Gardner <[hidden email]>
---
 arch/powerpc/mm/fault.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c
index 18bbb9e..242c9b0 100644
--- a/arch/powerpc/mm/fault.c
+++ b/arch/powerpc/mm/fault.c
@@ -392,8 +392,16 @@ good_area:
  if (is_exec) {
  /*
  * An execution fault + no execute ?
+ *
+ * On CPUs that don't have CPU_FTR_COHERENT_ICACHE we
+ * deliberately create NX mappings, and use the fault to do the
+ * cache flush. This is usually handled in hash_page_do_lazy_icache()
+ * but we could end up here if that races with a concurrent PTE
+ * update. In that case we need to fall through here to the VMA
+ * check below.
  */
- if (regs->msr & SRR1_ISI_N_OR_G)
+ if (cpu_has_feature(CPU_FTR_COHERENT_ICACHE) &&
+ (regs->msr & SRR1_ISI_N_OR_G))
  goto bad_area;
 
  /*
--
2.7.4


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

[PATCH 2/2] powerpc/mm: Fix spurrious segfaults on radix with autonuma

Tim Gardner-2
In reply to this post by Tim Gardner-2
From: Benjamin Herrenschmidt <[hidden email]>

BugLink: http://bugs.launchpad.net/bugs/1664564

When autonuma (Automatic NUMA balancing) marks a PTE inaccessible it
clears all the protection bits but leave the PTE valid.

With the Radix MMU, an attempt at executing from such a PTE will
take a fault with bit 35 of SRR1 set "SRR1_ISI_N_OR_G".

It is thus incorrect to treat all such faults as errors. We should
pass them to handle_mm_fault() for autonuma to deal with. The case
of pages that are really not executable is handled by the existing
test for VM_EXEC further down.

That leaves us with catching the kernel attempts at executing user
pages. We can catch that earlier, even before we do find_vma.

It is never valid on powerpc for the kernel to take an exec fault
to begin with. So fold that test with the existing test for the
kernel faulting on kernel addresses to bail out early.

Fixes: 1d18ad026844 ("powerpc/mm: Detect instruction fetch denied and report")
Signed-off-by: Benjamin Herrenschmidt <[hidden email]>
Reviewed-by: Aneesh Kumar K.V <[hidden email]>
Acked-by: Balbir Singh <[hidden email]>
Signed-off-by: Michael Ellerman <[hidden email]>
(cherry picked from commit d7df2443cd5f67fc6ee7c05a88e4996e8177f91b)
Signed-off-by: Tim Gardner <[hidden email]>
---
 arch/powerpc/mm/fault.c | 21 +++++----------------
 1 file changed, 5 insertions(+), 16 deletions(-)

diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c
index 242c9b0..6c8683d 100644
--- a/arch/powerpc/mm/fault.c
+++ b/arch/powerpc/mm/fault.c
@@ -253,8 +253,11 @@ int __kprobes do_page_fault(struct pt_regs *regs, unsigned long address,
  if (unlikely(debugger_fault_handler(regs)))
  goto bail;
 
- /* On a kernel SLB miss we can only check for a valid exception entry */
- if (!user_mode(regs) && (address >= TASK_SIZE)) {
+ /*
+ * The kernel should never take an execute fault nor should it
+ * take a page fault to a kernel address.
+ */
+ if (!user_mode(regs) && (is_exec || (address >= TASK_SIZE))) {
  rc = SIGSEGV;
  goto bail;
  }
@@ -391,20 +394,6 @@ good_area:
 
  if (is_exec) {
  /*
- * An execution fault + no execute ?
- *
- * On CPUs that don't have CPU_FTR_COHERENT_ICACHE we
- * deliberately create NX mappings, and use the fault to do the
- * cache flush. This is usually handled in hash_page_do_lazy_icache()
- * but we could end up here if that races with a concurrent PTE
- * update. In that case we need to fall through here to the VMA
- * check below.
- */
- if (cpu_has_feature(CPU_FTR_COHERENT_ICACHE) &&
- (regs->msr & SRR1_ISI_N_OR_G))
- goto bad_area;
-
- /*
  * Allow execution from readable areas if the MMU does not
  * provide separate controls over reading and executing.
  *
--
2.7.4


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

ACK/cmnt: Yakkety SRU - 16.04.2: Extra patches for POWER9

Stefan Bader-2
In reply to this post by Tim Gardner-2
On 14.02.2017 16:02, Tim Gardner wrote:
> https://bugs.launchpad.net/bugs/1664564
>
> [PATCH 1/2] powerpc/mm: Fix no execute fault handling on pre-POWER5
> [PATCH 2/2] powerpc/mm: Fix spurrious segfaults on radix with
>

Now that the mail queue cleaned up a bit it looks like that one fell off the
radar somehow. Point release on ISO is too late but if it can be in updates it
looks acceptable.

-Stefan




--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team

signature.asc (836 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

ACK and APPLIED: Yakkety SRU - 16.04.2: Extra patches for POWER9

Thadeu Lima de Souza Cascardo-3
In reply to this post by Tim Gardner-2
Applied to yakkety master-next branch.

Thanks.
Cascardo.

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team