From: Segher Boessenkool <segher@kernel.crashing.org>
To: Christophe Leroy <christophe.leroy@csgroup.eu>
Cc: userm57@yahoo.com, fthain@linux-m68k.org,
linux-kernel@vger.kernel.org, Paul Mackerras <paulus@samba.org>,
linuxppc-dev@lists.ozlabs.org
Subject: Re: [PATCH] powerpc/32s: Fix random crashes by adding isync() after locking/unlocking KUEP
Date: Tue, 17 Aug 2021 11:22:39 -0500 [thread overview]
Message-ID: <20210817162239.GF1583@gate.crashing.org> (raw)
In-Reply-To: <1d28441dd80845e6428d693c0724cb6457247466.1629211378.git.christophe.leroy@csgroup.eu>
On Tue, Aug 17, 2021 at 02:43:15PM +0000, Christophe Leroy wrote:
> Commit b5efec00b671 ("powerpc/32s: Move KUEP locking/unlocking in C")
> removed the 'isync' instruction after adding/removing NX bit in user
> segments. The reasoning behind this change was that when setting the
> NX bit we don't mind it taking effect with delay as the kernel never
> executes text from userspace, and when clearing the NX bit this is
> to return to userspace and then the 'rfi' should synchronise the
> context.
>
> However, it looks like on book3s/32 having a hash page table, at least
> on the G3 processor, we get an unexpected fault from userspace, then
> this is followed by something wrong in the verification of MSR_PR
> at end of another interrupt.
>
> This is fixed by adding back the removed isync() following update
> of NX bit in user segment registers. Only do it for cores with an
> hash table, as 603 cores don't exhibit that problem and the two isync
> increase ./null_syscall selftest by 6 cycles on an MPC 832x.
>
> First problem: unexpected PROTFAULT
>
> [ 62.896426] WARNING: CPU: 0 PID: 1660 at arch/powerpc/mm/fault.c:354 do_page_fault+0x6c/0x5b0
> [ 62.918111] Modules linked in:
> [ 62.923350] CPU: 0 PID: 1660 Comm: Xorg Not tainted 5.13.0-pmac-00028-gb3c15b60339a #40
> [ 62.943476] NIP: c001b5c8 LR: c001b6f8 CTR: 00000000
> [ 62.954714] REGS: e2d09e40 TRAP: 0700 Not tainted (5.13.0-pmac-00028-gb3c15b60339a)
That is not a protection fault. What causes this?
A CSI (like isync) is required both before and after mtsr. It may work
on some cores without -- what part of that is luck, if there is anything
that guarantees it, is anyone's guess :-/
> @@ -28,6 +30,8 @@ static inline void kuep_lock(void)
> return;
>
> update_user_segments(mfsr(0) | SR_NX);
> + if (mmu_has_feature(MMU_FTR_HPTE_TABLE))
> + isync(); /* Context sync required after mtsr() */
> }
This needs a comment why you are not doing this for systems without
hardware page table walk, at the least?
Segher
WARNING: multiple messages have this Message-ID (diff)
From: Segher Boessenkool <segher@kernel.crashing.org>
To: Christophe Leroy <christophe.leroy@csgroup.eu>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Paul Mackerras <paulus@samba.org>,
Michael Ellerman <mpe@ellerman.id.au>,
userm57@yahoo.com, fthain@linux-m68k.org,
linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] powerpc/32s: Fix random crashes by adding isync() after locking/unlocking KUEP
Date: Tue, 17 Aug 2021 11:22:39 -0500 [thread overview]
Message-ID: <20210817162239.GF1583@gate.crashing.org> (raw)
In-Reply-To: <1d28441dd80845e6428d693c0724cb6457247466.1629211378.git.christophe.leroy@csgroup.eu>
On Tue, Aug 17, 2021 at 02:43:15PM +0000, Christophe Leroy wrote:
> Commit b5efec00b671 ("powerpc/32s: Move KUEP locking/unlocking in C")
> removed the 'isync' instruction after adding/removing NX bit in user
> segments. The reasoning behind this change was that when setting the
> NX bit we don't mind it taking effect with delay as the kernel never
> executes text from userspace, and when clearing the NX bit this is
> to return to userspace and then the 'rfi' should synchronise the
> context.
>
> However, it looks like on book3s/32 having a hash page table, at least
> on the G3 processor, we get an unexpected fault from userspace, then
> this is followed by something wrong in the verification of MSR_PR
> at end of another interrupt.
>
> This is fixed by adding back the removed isync() following update
> of NX bit in user segment registers. Only do it for cores with an
> hash table, as 603 cores don't exhibit that problem and the two isync
> increase ./null_syscall selftest by 6 cycles on an MPC 832x.
>
> First problem: unexpected PROTFAULT
>
> [ 62.896426] WARNING: CPU: 0 PID: 1660 at arch/powerpc/mm/fault.c:354 do_page_fault+0x6c/0x5b0
> [ 62.918111] Modules linked in:
> [ 62.923350] CPU: 0 PID: 1660 Comm: Xorg Not tainted 5.13.0-pmac-00028-gb3c15b60339a #40
> [ 62.943476] NIP: c001b5c8 LR: c001b6f8 CTR: 00000000
> [ 62.954714] REGS: e2d09e40 TRAP: 0700 Not tainted (5.13.0-pmac-00028-gb3c15b60339a)
That is not a protection fault. What causes this?
A CSI (like isync) is required both before and after mtsr. It may work
on some cores without -- what part of that is luck, if there is anything
that guarantees it, is anyone's guess :-/
> @@ -28,6 +30,8 @@ static inline void kuep_lock(void)
> return;
>
> update_user_segments(mfsr(0) | SR_NX);
> + if (mmu_has_feature(MMU_FTR_HPTE_TABLE))
> + isync(); /* Context sync required after mtsr() */
> }
This needs a comment why you are not doing this for systems without
hardware page table walk, at the least?
Segher
next prev parent reply other threads:[~2021-08-17 16:25 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-17 14:43 [PATCH] powerpc/32s: Fix random crashes by adding isync() after locking/unlocking KUEP Christophe Leroy
2021-08-17 14:43 ` Christophe Leroy
2021-08-17 16:22 ` Segher Boessenkool [this message]
2021-08-17 16:22 ` Segher Boessenkool
2021-08-17 17:13 ` Christophe Leroy
2021-08-17 17:13 ` Christophe Leroy
2021-08-17 18:03 ` Segher Boessenkool
2021-08-17 18:03 ` Segher Boessenkool
-- strict thread matches above, loose matches on Subject: below --
2021-08-23 10:07 Christophe Leroy
2021-08-23 10:07 ` Christophe Leroy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210817162239.GF1583@gate.crashing.org \
--to=segher@kernel.crashing.org \
--cc=christophe.leroy@csgroup.eu \
--cc=fthain@linux-m68k.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=paulus@samba.org \
--cc=userm57@yahoo.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.