Re: Regression in kernel 4.12-rc1 for Powerpc 32 - bisected to commit 3448890c32c3

Re: Regression in kernel 4.12-rc1 for Powerpc 32 - bisected to commit 3448890c32c3

[Al Viro]

On Fri, Jun 23, 2017 at 01:49:16PM -0500, Larry Finger wrote:

> > BTW, could you try to check what happens if you kill the
> > 	if (__builtin_constant_p(n) && (n <= 8))
> > bits in raw_copy_{to,from}_user()?  The usefulness of those (in __copy_from_user()
> > originally) had always been dubious and the things are simpler without them.
> > If _that_ turns out to cure breakage, I would be very surprised, though.
> > 
> Sorry I was gone so long. Installing jessie on this box resulted in a crash
> on boot. Lubuntu 14.04 yielded a desktop with a functioning cursor, but
> nothing else. Finally, Ubuntu 12.04 resulted in a working system. I hate
> Unity, but I guess I'm stuck for now.

Ho-hum...  Jessie is 3.16, so whatever is crashing there, it's something
different...  Ubuntu 12.04 is what, 3.2?

> I know how easy it is to screw up a long bisection by booting the wrong
> kernel. To help that problem and to work around the yaconf/yboot nonsense on
> the MAC, my /etc/yaconf has always had generic kernel stanzas with only
> default, old, and original kernels mentioned. From there I use a local
> script to finish a kernel installation by moving the default links to the
> old ones and creating the new default links pointing to the current kernel.
> With those long-tested scripts, I'm sure that I am booting the one I want.
> 
> With the new installation, kernel 4.12-rc6 failed, as did 3448890c with the
> backported 46f401c4 added.
> 
> Replacing "if (__builtin_constant_p(n) && (n <= 8))" with "if (0)" had no effect.

OK, that simplifies things a bit.  Just to make sure we are on the same page:

* f2ed8bebee69 + cherry-pick of 46f401c4 boots (Ubuntu 12.04 userland)
* 3448890c32c3 + cherry-pick of 46f401c4 fails (Ubuntu 12.04 userland), ditto
  with removal of constant-size bits in raw_copy_..._user().  Failure appears
  to be on udev getting EFAULT on some syscalls.
* straight Ubuntu 12.04 works
* jessie crashes on boot.

Could you post the boot logs of the first two?

Re: Regression in kernel 4.12-rc1 for Powerpc 32 - bisected to commit 3448890c32c3

[Larry Finger]

[-- Attachment #1: Type: text/plain, Size: 3342 bytes --]

On 06/23/2017 03:29 PM, Al Viro wrote:
> On Fri, Jun 23, 2017 at 01:49:16PM -0500, Larry Finger wrote:
> 
>>> BTW, could you try to check what happens if you kill the
>>> 	if (__builtin_constant_p(n) && (n <= 8))
>>> bits in raw_copy_{to,from}_user()?  The usefulness of those (in __copy_from_user()
>>> originally) had always been dubious and the things are simpler without them.
>>> If _that_ turns out to cure breakage, I would be very surprised, though.
>>>
>> Sorry I was gone so long. Installing jessie on this box resulted in a crash
>> on boot. Lubuntu 14.04 yielded a desktop with a functioning cursor, but
>> nothing else. Finally, Ubuntu 12.04 resulted in a working system. I hate
>> Unity, but I guess I'm stuck for now.
> 
> Ho-hum...  Jessie is 3.16, so whatever is crashing there, it's something
> different...  Ubuntu 12.04 is what, 3.2?
> 
>> I know how easy it is to screw up a long bisection by booting the wrong
>> kernel. To help that problem and to work around the yaconf/yboot nonsense on
>> the MAC, my /etc/yaconf has always had generic kernel stanzas with only
>> default, old, and original kernels mentioned. From there I use a local
>> script to finish a kernel installation by moving the default links to the
>> old ones and creating the new default links pointing to the current kernel.
>> With those long-tested scripts, I'm sure that I am booting the one I want.
>>
>> With the new installation, kernel 4.12-rc6 failed, as did 3448890c with the
>> backported 46f401c4 added.
>>
>> Replacing "if (__builtin_constant_p(n) && (n <= 8))" with "if (0)" had no effect.
> 
> OK, that simplifies things a bit.  Just to make sure we are on the same page:
> 
> * f2ed8bebee69 + cherry-pick of 46f401c4 boots (Ubuntu 12.04 userland)
> * 3448890c32c3 + cherry-pick of 46f401c4 fails (Ubuntu 12.04 userland), ditto
>    with removal of constant-size bits in raw_copy_..._user().  Failure appears
>    to be on udev getting EFAULT on some syscalls.
> * straight Ubuntu 12.04 works
> * jessie crashes on boot.
> 
> Could you post the boot logs of the first two?

Yes, we are on the same page, and straight Ubuntu 12.04 has a 3.2 kernel.

I have attached the log for the first one. The second case never finds the 
system disk, thus nothing is logged. I have a blurry photo that I will type the 
last few lines:

Freeing unused kernel memory: 365K
This architecture does not have kernel memory protection.
Loading. please wait...
Begin: Loading essential drivers ... done
Begin: Running /scripts/init-premount ... done
Begin: Mounting root file system ... Begin: Running /scripts/local-top ... done.
Gave up waiting for root file system. Common problems:
  - Boot args (cat /proc/cmdline)
   - Check rootdelay= (did the system wait long enough?)
   - Check root= (did the system wait for the right device?)
  - Missing modules (cat /proc/modules: ls /dev)
ALERT! /dev/disk/by-uuid/.... does not exist. Dropping to a shell!
FATAL: Error inserting i8042 (/lib/modules/.../i8042.ko): No such device

BusyBox v1.18.6-1ubuntu4) built-in shell (ash)
Enter 'help' for a list of built-in commands.


(initramfs) [time] random: fast init done
[time] random: crng init done

The lines output after the "Architecture does not have ..." Is different under 
Ubuntu than it was for Mint, which had the udev errors reported earlier.

Larry


[-- Attachment #2: dmesg.out --]
[-- Type: text/plain, Size: 30992 bytes --]

[    0.000000] bootconsole [udbg0] enabled
[    0.000000] Total memory = 1536MB; using 4096kB for hash table (at cfc00000)
[    0.000000] Linux version 4.11.0-rc1+ (finger@ubuntu) (gcc version 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5) ) #5 Fri Jun 23 18:23:44 CDT 2017
[    0.000000] Found initrd at 0xc1700000:0xc2b9c000
[    0.000000] Found UniNorth memory controller & host bridge @ 0xf8000000 revision: 0xd2
[    0.000000] Mapped at 0xff7c0000
[    0.000000] Found a Intrepid mac-io controller, rev: 0, mapped at 0xff740000
[    0.000000] Processor NAP mode on idle enabled.
[    0.000000] PowerMac motherboard: PowerBook G4 15"
[    0.000000] Using PowerMac machine description
[    0.000000] -----------------------------------------------------
[    0.000000] Hash_size         = 0x400000
[    0.000000] phys_mem_size     = 0x60000000
[    0.000000] dcache_bsize      = 0x20
[    0.000000] icache_bsize      = 0x20
[    0.000000] cpu_features      = 0x000000000422244e
[    0.000000]   possible        = 0x0000000005a6fd7f
[    0.000000]   always          = 0x0000000000020000
[    0.000000] cpu_user_features = 0x9c000001 0x00000000
[    0.000000] mmu_features      = 0x00010001
[    0.000000] Hash              = 0xcfc00000
[    0.000000] Hash_mask         = 0xffff
[    0.000000] -----------------------------------------------------
[    0.000000] Found UniNorth PCI host bridge at 0x00000000f0000000. Firmware bus number: 0->1
[    0.000000] PCI host bridge /pci@f0000000  ranges:
[    0.000000]  MEM 0x00000000f1000000..0x00000000f1ffffff -> 0x00000000f1000000 
[    0.000000]   IO 0x00000000f0000000..0x00000000f07fffff -> 0x0000000000000000
[    0.000000]  MEM 0x00000000b0000000..0x00000000bfffffff -> 0x00000000b0000000 
[    0.000000] Found UniNorth PCI host bridge at 0x00000000f2000000. Firmware bus number: 0->1
[    0.000000] PCI host bridge /pci@f2000000 (primary) ranges:
[    0.000000]  MEM 0x00000000f3000000..0x00000000f3ffffff -> 0x00000000f3000000 
[    0.000000]   IO 0x00000000f2000000..0x00000000f27fffff -> 0x0000000000000000
[    0.000000]  MEM 0x0000000080000000..0x00000000afffffff -> 0x0000000080000000 
[    0.000000] Found UniNorth PCI host bridge at 0x00000000f4000000. Firmware bus number: 0->1
[    0.000000] PCI host bridge /pci@f4000000  ranges:
[    0.000000]  MEM 0x00000000f5000000..0x00000000f5ffffff -> 0x00000000f5000000 
[    0.000000]   IO 0x00000000f4000000..0x00000000f47fffff -> 0x0000000000000000
[    0.000000] via-pmu: Server Mode is disabled
[    0.000000] PMU driver v2 initialized for Core99, firmware: 0c
[    0.000000] nvram: Checking bank 0...
[    0.000000] nvram: gen0=676, gen1=675
[    0.000000] nvram: Active bank is: 0
[    0.000000] nvram: OF partition at 0x410
[    0.000000] nvram: XP partition at 0x1020
[    0.000000] nvram: NR partition at 0x1120
[    0.000000] Top of RAM: 0x60000000, Total RAM: 0x60000000
[    0.000000] Memory hole size: 0MB
[    0.000000] Zone ranges:
[    0.000000]   DMA      [mem 0x0000000000000000-0x000000002fffffff]
[    0.000000]   Normal   empty
[    0.000000]   HighMem  [mem 0x0000000030000000-0x000000005fffffff]
[    0.000000] Movable zone start for each node
[    0.000000] Early memory node ranges
[    0.000000]   node   0: [mem 0x0000000000000000-0x000000005fffffff]
[    0.000000] Initmem setup node 0 [mem 0x0000000000000000-0x000000005fffffff]
[    0.000000] On node 0 totalpages: 393216
[    0.000000] free_area_init_node: node 0, pgdat c07aaf84, node_mem_map ef3db000
[    0.000000]   DMA zone: 1536 pages used for memmap
[    0.000000]   DMA zone: 0 pages reserved
[    0.000000]   DMA zone: 196608 pages, LIFO batch:31
[    0.000000]   HighMem zone: 196608 pages, LIFO batch:31
[    0.000000] pcpu-alloc: s0 r0 d32768 u32768 alloc=1*32768
[    0.000000] pcpu-alloc: [0] 0 
[    0.000000] Built 1 zonelists in Zone order, mobility grouping on.  Total pages: 391680
[    0.000000] Kernel command line: root=UUID=74dc016f-69db-4114-92e0-d6486a52ed19 ro 
[    0.000000] PID hash table entries: 4096 (order: 2, 16384 bytes)
[    0.000000] Dentry cache hash table entries: 131072 (order: 7, 524288 bytes)
[    0.000000] Inode-cache hash table entries: 65536 (order: 6, 262144 bytes)
[    0.000000] Memory: 1523876K/1572864K available (5388K kernel code, 516K rwdata, 1684K rodata, 352K init, 2269K bss, 48988K reserved, 0K cma-reserved, 786432K highmem)
[    0.000000] Kernel virtual memory layout:
[    0.000000]   * 0xfffcf000..0xfffff000  : fixmap
[    0.000000]   * 0xff800000..0xffc00000  : highmem PTEs
[    0.000000]   * 0xfde27000..0xff800000  : early ioremap
[    0.000000]   * 0xf1000000..0xfde27000  : vmalloc & ioremap
[    0.000000] NR_IRQS:512 nr_irqs:512 16
[    0.000000] mpic: Resetting
[    0.000000] mpic: Setting up MPIC " MPIC 1   " version 1.2 at 80040000, max 1 CPUs
[    0.000000] mpic: ISU size: 64, shift: 6, mask: 3f
[    0.000000] mpic: Initializing for 64 sources
[    0.000000] GMT Delta read from XPRAM: 0 minutes, DST: off
[    0.000000] time_init: decrementer frequency = 18.432000 MHz
[    0.000000] time_init: processor frequency   = 1666.666660 MHz
[    0.000012] clocksource: timebase: mask: 0xffffffffffffffff max_cycles: 0x440407933, max_idle_ns: 440795202532 ns
[    0.000437] clocksource: timebase mult[3640e38e] shift[24] registered
[    0.000797] clockevent: decrementer mult[4b7f5a5] shift[32] cpu[0]
[    0.001595] Console: colour dummy device 80x25
[    0.001923] console [tty0] enabled
[    0.002233] bootconsole [udbg0] disabled
[    0.002875] pid_max: default: 32768 minimum: 301
[    0.002996] Security Framework initialized
[    0.003013] AppArmor: AppArmor disabled by boot time parameter
[    0.003073] Mount-cache hash table entries: 2048 (order: 1, 8192 bytes)
[    0.003088] Mountpoint-cache hash table entries: 2048 (order: 1, 8192 bytes)
[    0.003923] MPC7450 family performance monitor hardware support registered
[    0.005673] devtmpfs: initialized
[    0.006061] OF: Duplicate name in PowerPC,G4@0, renamed to "l2-cache#1"
[    0.010639] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 7645041785100000 ns
[    0.010671] futex hash table entries: 256 (order: -1, 3072 bytes)
[    0.011063] NET: Registered protocol family 16
[    0.012329] KeyWest i2c @0xf8001003 irq 42 /uni-n@f8000000/i2c@f8001000
[    0.012352]  channel 1 bus /uni-n@f8000000/i2c@f8001000/i2c-bus@1
[    0.012366]  channel 0 bus /uni-n@f8000000/i2c@f8001000/i2c-bus@0
[    0.012487] KeyWest i2c @0x80018000 irq 26 /pci@f2000000/mac-io@17/i2c@18000
[    0.012505]  channel 0 bus /pci@f2000000/mac-io@17/i2c@18000/i2c-bus@0
[    0.012555] PMU i2c /pci@f2000000/mac-io@17/via-pmu@16000/pmu-i2c
[    0.012569]  channel 1 bus <multibus>
[    0.012583]  channel 2 bus <multibus>
[    0.012991] PCI: Probing PCI hardware
[    0.013134] PCI host bridge to bus 0000:00
[    0.013158] pci_bus 0000:00: root bus resource [io  0x802000-0x1001fff] (bus address [0x0000-0x7fffff])
[    0.013192] pci_bus 0000:00: root bus resource [mem 0xf1000000-0xf1ffffff]
[    0.013242] pci_bus 0000:00: root bus resource [mem 0xb0000000-0xbfffffff]
[    0.013265] pci_bus 0000:00: root bus resource [bus 00-ff]
[    0.013287] pci_bus 0000:00: busn_res: [bus 00-ff] end is updated to ff
[    0.013341] pci 0000:00:0b.0: [106b:0034] type 00 class 0x060000
[    0.013584] pci 0000:00:10.0: [1002:4e50] type 00 class 0x030000
[    0.013620] pci 0000:00:10.0: reg 0x10: [mem 0xb8000000-0xbfffffff pref]
[    0.013645] pci 0000:00:10.0: reg 0x14: [io  0x802400-0x8024ff]
[    0.013670] pci 0000:00:10.0: reg 0x18: [mem 0xb0000000-0xb000ffff]
[    0.013709] pci 0000:00:10.0: reg 0x30: [mem 0xb0020000-0xb003ffff pref]
[    0.013760] pci 0000:00:10.0: supports D1 D2
[    0.013974] pci_bus 0000:00: busn_res: [bus 00-ff] end is updated to 00
[    0.014116] PCI host bridge to bus 0001:10
[    0.014135] pci_bus 0001:10: root bus resource [io  0x0000-0x7fffff]
[    0.014156] pci_bus 0001:10: root bus resource [mem 0xf3000000-0xf3ffffff]
[    0.014176] pci_bus 0001:10: root bus resource [mem 0x80000000-0xafffffff]
[    0.014197] pci_bus 0001:10: root bus resource [bus 10-ff]
[    0.014217] pci_bus 0001:10: busn_res: [bus 10-ff] end is updated to ff
[    0.014266] pci 0001:10:0b.0: [106b:0035] type 00 class 0x060000
[    0.014477] pci 0001:10:12.0: [14e4:4320] type 00 class 0x028000
[    0.014511] pci 0001:10:12.0: reg 0x10: [mem 0xa0006000-0xa0007fff]
[    0.014584] pci 0001:10:12.0: supports D1 D2
[    0.014602] pci 0001:10:12.0: PME# supported from D0 D1 D2 D3hot D3cold
[    0.014782] pci 0001:10:13.0: [104c:ac56] type 02 class 0x060700
[    0.014818] pci 0001:10:13.0: reg 0x10: [mem 0xa0004000-0xa0004fff]
[    0.014867] pci 0001:10:13.0: supports D1 D2
[    0.014884] pci 0001:10:13.0: PME# supported from D0 D1 D2 D3hot D3cold
[    0.015043] pci 0001:10:17.0: [106b:003e] type 00 class 0xff0000
[    0.015075] pci 0001:10:17.0: reg 0x10: [mem 0x80000000-0x8007ffff]
[    0.015261] pci 0001:10:19.0: [106b:003f] type 00 class 0x0c0310
[    0.015293] pci 0001:10:19.0: reg 0x10: [mem 0x00000000-0x00000fff]
[    0.015461] pci 0001:10:1a.0: [106b:003f] type 00 class 0x0c0310
[    0.015492] pci 0001:10:1a.0: reg 0x10: [mem 0xa0003000-0xa0003fff]
[    0.015675] pci 0001:10:1b.0: [1033:0035] type 00 class 0x0c0310
[    0.015708] pci 0001:10:1b.0: reg 0x10: [mem 0xa0002000-0xa0002fff]
[    0.015783] pci 0001:10:1b.0: supports D1 D2
[    0.015800] pci 0001:10:1b.0: PME# supported from D0 D1 D2 D3hot D3cold
[    0.015959] pci 0001:10:1b.1: [1033:0035] type 00 class 0x0c0310
[    0.015992] pci 0001:10:1b.1: reg 0x10: [mem 0xa0001000-0xa0001fff]
[    0.016066] pci 0001:10:1b.1: supports D1 D2
[    0.016084] pci 0001:10:1b.1: PME# supported from D0 D1 D2 D3hot D3cold
[    0.016250] pci 0001:10:1b.2: [1033:00e0] type 00 class 0x0c0320
[    0.016283] pci 0001:10:1b.2: reg 0x10: [mem 0xa0000000-0xa00000ff]
[    0.016358] pci 0001:10:1b.2: supports D1 D2
[    0.016375] pci 0001:10:1b.2: PME# supported from D0 D1 D2 D3hot D3cold
[    0.016777] pci 0001:10:13.0: Primary bus is hard wired to 0
[    0.016800] pci 0001:10:13.0: bridge configuration invalid ([bus 01-01]), reconfiguring
[    0.016929] pci_bus 0001:11: busn_res: [bus 11-ff] end is updated to 14
[    0.016955] pci_bus 0001:10: busn_res: [bus 10-ff] end is updated to 14
[    0.017092] PCI host bridge to bus 0002:24
[    0.017114] pci_bus 0002:24: root bus resource [io  0xff7fe000-0xffffdfff] (bus address [0x0000-0x7fffff])
[    0.017142] pci_bus 0002:24: root bus resource [mem 0xf5000000-0xf5ffffff]
[    0.017163] pci_bus 0002:24: root bus resource [bus 24-ff]
[    0.017183] pci_bus 0002:24: busn_res: [bus 24-ff] end is updated to ff
[    0.017228] pci 0002:24:0b.0: [106b:0036] type 00 class 0x060000
[    0.017468] pci 0002:24:0d.0: [106b:003b] type 00 class 0xff0000
[    0.017500] pci 0002:24:0d.0: reg 0x10: [mem 0xf5004000-0xf5007fff]
[    0.017668] pci 0002:24:0e.0: [106b:0031] type 00 class 0x0c0010
[    0.017698] pci 0002:24:0e.0: reg 0x10: [mem 0xf5000000-0xf5000fff]
[    0.017760] pci 0002:24:0e.0: supports D1 D2
[    0.017777] pci 0002:24:0e.0: PME# supported from D0 D1 D2 D3hot
[    0.017942] pci 0002:24:0f.0: [106b:0032] type 00 class 0x020000
[    0.017973] pci 0002:24:0f.0: reg 0x10: [mem 0xf5200000-0xf53fffff]
[    0.018020] pci 0002:24:0f.0: reg 0x30: [mem 0xf5100000-0xf51fffff pref]
[    0.018294] pci_bus 0002:24: busn_res: [bus 24-ff] end is updated to 24
[    0.018419] PCI 0000:00 Cannot reserve Legacy IO [io  0x802000-0x802fff]
[    0.018449] pci_bus 0000:00: resource 4 [io  0x802000-0x1001fff]
[    0.018469] pci_bus 0000:00: resource 5 [mem 0xf1000000-0xf1ffffff]
[    0.018489] pci_bus 0000:00: resource 6 [mem 0xb0000000-0xbfffffff]
[    0.018531] pci 0001:10:13.0: BAR 15: assigned [mem 0x84000000-0x87ffffff pref]
[    0.018557] pci 0001:10:13.0: BAR 16: assigned [mem 0x88000000-0x8bffffff]
[    0.018578] pci 0001:10:13.0: BAR 13: assigned [io  0x1000-0x10ff]
[    0.018599] pci 0001:10:13.0: BAR 14: assigned [io  0x1100-0x11ff]
[    0.018621] pci 0001:10:13.0: CardBus bridge to [bus 11-14]
[    0.018640] pci 0001:10:13.0:   bridge window [io  0x1000-0x10ff]
[    0.018660] pci 0001:10:13.0:   bridge window [io  0x1100-0x11ff]
[    0.018681] pci 0001:10:13.0:   bridge window [mem 0x84000000-0x87ffffff pref]
[    0.018707] pci 0001:10:13.0:   bridge window [mem 0x88000000-0x8bffffff]
[    0.018730] pci_bus 0001:10: resource 4 [io  0x0000-0x7fffff]
[    0.018749] pci_bus 0001:10: resource 5 [mem 0xf3000000-0xf3ffffff]
[    0.018769] pci_bus 0001:10: resource 6 [mem 0x80000000-0xafffffff]
[    0.018789] pci_bus 0001:11: resource 0 [io  0x1000-0x10ff]
[    0.018808] pci_bus 0001:11: resource 1 [io  0x1100-0x11ff]
[    0.018827] pci_bus 0001:11: resource 2 [mem 0x84000000-0x87ffffff pref]
[    0.018848] pci_bus 0001:11: resource 3 [mem 0x88000000-0x8bffffff]
[    0.018870] pci_bus 0002:24: resource 4 [io  0xff7fe000-0xffffdfff]
[    0.018890] pci_bus 0002:24: resource 5 [mem 0xf5000000-0xf5ffffff]
[    0.022477] pci 0000:00:10.0: vgaarb: VGA device added: decodes=io+mem,owns=mem,locks=none
[    0.022527] pci 0000:00:10.0: vgaarb: bridge control possible
[    0.022542] vgaarb: loaded
[    0.022779] SCSI subsystem initialized
[    0.022920] libata version 3.00 loaded.
[    0.023485] clocksource: Switched to clocksource timebase
[    0.070084] NET: Registered protocol family 2
[    0.070649] TCP established hash table entries: 8192 (order: 3, 32768 bytes)
[    0.070739] TCP bind hash table entries: 8192 (order: 3, 32768 bytes)
[    0.070820] TCP: Hash tables configured (established 8192 bind 8192)
[    0.070991] UDP hash table entries: 512 (order: 1, 8192 bytes)
[    0.071030] UDP-Lite hash table entries: 512 (order: 1, 8192 bytes)
[    0.071212] NET: Registered protocol family 1
[    0.071318] Apple USB OHCI 0001:10:19.0 disabled by firmware
[    0.071342] pci 0001:10:19.0: Can't enable PCI device, BIOS handoff failed.
[    0.071378] pci 0001:10:1a.0: enabling device (0000 -> 0002)
[    0.127546] pci 0001:10:1b.0: enabling device (0000 -> 0002)
[    0.187509] pci 0001:10:1b.1: enabling device (0000 -> 0002)
[    0.247509] pci 0001:10:1b.2: enabling device (0004 -> 0006)
[    0.247567] PCI: CLS mismatch (32 != 1020), using 32 bytes
[    0.247762] Unpacking initramfs...
[    1.386614] Freeing initrd memory: 21104K
[    1.387014] Thermal assist unit not available
[    1.387793] audit: initializing netlink subsys (disabled)
[    1.388336] audit: type=2000 audit(1498260534.384:1): state=initialized audit_enabled=0 res=1
[    1.388416] workingset: timestamp_bits=30 max_order=19 bucket_order=0
[    1.390325] bounce: pool size: 64 pages
[    1.390393] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 252)
[    1.390416] io scheduler noop registered
[    1.390430] io scheduler deadline registered
[    1.390486] io scheduler cfq registered (default)
[    1.390501] io scheduler mq-deadline registered
[    1.390914] radeonfb 0000:00:10.0: enabling device (0006 -> 0007)
[    1.586741] radeonfb 0000:00:10.0: Invalid PCI ROM header signature: expecting 0xaa55, got 0x0303
[    1.586774] radeonfb (0000:00:10.0): Invalid ROM signature 303 should be 0xaa55
[    1.586801] radeonfb: Retrieved PLL infos from Open Firmware
[    1.586820] radeonfb: Reference=27.00 MHz (RefDiv=12) Memory=203.00 Mhz, System=392.00 MHz
[    1.586842] radeonfb: PLL min 12000 max 35000
[    1.700594] i2c i2c-2: unable to read EDID block.
[    1.884585] i2c i2c-2: unable to read EDID block.
[    2.068585] i2c i2c-2: unable to read EDID block.
[    2.508473] radeonfb: Monitor 1 type LCD found
[    2.508487] radeonfb: EDID probed
[    2.508500] radeonfb: Monitor 2 type no found
[    2.508522] radeonfb: Using Firmware dividers 0x0002008e from PPLL 0
[    2.508596] radeonfb: Dynamic Clock Power Management enabled
[    2.531918] Console: switching to colour frame buffer device 160x53
[    2.540272] radeonfb: Backlight initialized (radeonbl0)
[    2.540360] radeonfb (0000:00:10.0): ATI Radeon 4e50 "NP"
[    2.540982] Serial: 8250/16550 driver, 4 ports, IRQ sharing disabled
[    2.541886] pmac_zilog: 0.6 (Benjamin Herrenschmidt <benh@kernel.crashing.org>)
[    2.542030] Serial: MPC52xx PSC UART driver
[    2.542148] Generic non-volatile memory driver v1.1
[    2.542332] Linux agpgart interface v0.103
[    2.542441] agpgart-uninorth 0000:00:0b.0: Apple UniNorth 2 chipset
[    2.543657] agpgart-uninorth 0000:00:0b.0: configuring for size idx: 64
[    2.543872] agpgart-uninorth 0000:00:0b.0: AGP aperture is 256M @ 0x0
[    2.544158] MacIO PCI driver attached to Intrepid chipset
[    2.545471] 0.00013020:ch-a: ttyPZ0 at MMIO 0x80013020 (irq = 22, base_baud = 230400) is a Z85c30 ESCC - Serial port
[    2.545994] 0.00013000:ch-b: ttyPZ1 at MMIO 0x80013000 (irq = 23, base_baud = 230400) is a Z85c30 ESCC - Serial port
[    2.546954] pata-pci-macio 0002:24:0d.0: enabling device (0000 -> 0002)
[    2.547202] adb: starting probe task...
[    2.547284] adb: finished probe task...
[    2.563517] pata-pci-macio 0002:24:0d.0: Activating pata-macio chipset UniNorth ATA-6, Apple bus ID 3
[    2.564225] scsi host0: pata_macio
[    2.564471] ata1: PATA max UDMA/100 irq 39
[    2.726107] ata1.00: ATA-6: ST9160821A, 3.ALD, max UDMA/100
[    2.726208] ata1.00: 312581808 sectors, multi 16: LBA48 
[    2.730986] ata1.00: configured for UDMA/100
[    2.731423] scsi 0:0:0:0: Direct-Access     ATA      ST9160821A       D    PQ: 0 ANSI: 5
[    2.732368] sd 0:0:0:0: [sda] 312581808 512-byte logical blocks: (160 GB/149 GiB)
[    2.732536] sd 0:0:0:0: [sda] Write Protect is off
[    2.732625] sd 0:0:0:0: [sda] Mode Sense: 00 3a 00 00
[    2.732773] sd 0:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
[    2.740338]  sda: [mac] sda1 sda2 sda3 sda4 sda5
[    2.746310] sd 0:0:0:0: [sda] Attached SCSI disk
[    3.619501] pata-macio 0.00020000:ata-3: Activating pata-macio chipset KeyLargo ATA-3, Apple bus ID 0
[    3.624738] scsi host1: pata_macio
[    3.629578] ata2: PATA max MWDMA2 irq 24
[    3.634492] cnic: QLogic cnicDriver v2.5.22 (July 20, 2015)
[    3.639582] mousedev: PS/2 mouse device common for all mice
[    3.644739] rtc-generic rtc-generic: rtc core: registered rtc-generic as rtc0
[    3.649577] pmac32_cpufreq: Registering PowerMac CPU frequency driver
[    3.654399] pmac32_cpufreq: Low: 833 Mhz, High: 1666 Mhz, Boot: 833 Mhz
[    3.667630] drop_monitor: Initializing network drop monitor service
[    3.671851] NET: Registered protocol family 17
[    3.675987] NET: Registered protocol family 33
[    3.680023] Key type rxrpc registered
[    3.683988] Key type rxrpc_s registered
[    3.687901] sctp: Hash tables configured (bind 1024/1024)
[    3.691887] Key type dns_resolver registered
[    3.695813] Key type ceph registered
[    3.699844] libceph: loaded (mon/osd proto 15/24)
[    3.704131] registered taskstats version 1
[    3.708448] hd: no drives specified - use hd=cyl,head,sectors on kernel command line
[    3.712667] input: PMU as /devices/virtual/input/input0
[    3.717078] rtc-generic rtc-generic: setting system clock to 2017-06-23 23:28:57 UTC (1498260537)
[    3.721426] PM: Hibernation image not present or could not be loaded.
[    3.794071] ata2.00: ATAPI: MATSHITADVD-R   UJ-845E, DMP2, max UDMA/66
[    3.802940] ata2.00: configured for MWDMA2
[    3.811618] scsi 1:0:0:0: CD-ROM            MATSHITA DVD-R   UJ-845E  DMP2 PQ: 0 ANSI: 5
[    3.828738] Freeing unused kernel memory: 352K
[    3.833093] This architecture does not have kernel memory protection.
[    3.900734] udevd[70]: starting version 175
[    4.189558] sungem.c:v1.0 David S. Miller <davem@redhat.com>
[    4.197762] sr 1:0:0:0: [sr0] scsi3-mmc drive: 24x/24x writer cd/rw xa/form2 cdda tray
[    4.202233] cdrom: Uniform CD-ROM driver Revision: 3.20
[    4.222148] gem 0002:24:0f.0 eth0: Sun GEM (PCI) 10/100/1000BaseT Ethernet 00:11:24:ca:df:de
[    4.243187] sr 1:0:0:0: Attached scsi CD-ROM sr0
[    4.305695] random: fast init done
[    4.413437] EXT4-fs (sda3): INFO: recovery required on readonly filesystem
[    4.417739] EXT4-fs (sda3): write access will be enabled during recovery
[    8.542043] random: crng init done
[    8.578819] EXT4-fs (sda3): recovery complete
[    8.608861] EXT4-fs (sda3): mounted filesystem with ordered data mode. Opts: (null)
[   23.336757] input: Macintosh mouse button emulation as /devices/virtual/input/input1
[   23.428969] udevd[240]: starting version 175
[   23.475314] Adding 4509592k swap on /dev/sda4.  Priority:-1 extents:1 across:4509592k 
[   23.699711] loop: module loaded
[   23.805681] PowerMac i2c bus pmu 2 registered
[   23.805743] PowerMac i2c bus pmu 1 registered
[   23.805794] PowerMac i2c bus mac-io 0 registered
[   23.805902] PowerMac i2c bus uni-n 0 registered
[   23.805998] PowerMac i2c bus uni-n 1 registered
[   23.807293] adt746x: version 1 (supported)
[   23.807298] sensor 0: CPU/INTREPID BOTTOMSIDE
[   23.807300] sensor 1: CPU BOTTOMSIDE
[   23.807301] sensor 2: PWR SUPPLY BOTTOMSIDE
[   23.808505] adt746x: ADT7467 initializing
[   23.811046] adt746x: Lowering max temperatures from 81, 80, 87 to 70, 50, 70
[   23.852263] EXT4-fs (sda3): re-mounted. Opts: errors=remount-ro
[   24.078880] yenta_cardbus 0001:10:13.0: CardBus bridge found [0000:0000]
[   24.078901] yenta_cardbus 0001:10:13.0: Enabling burst memory read transactions
[   24.078906] yenta_cardbus 0001:10:13.0: Using CSCINT to route CSC interrupts to PCI
[   24.078909] yenta_cardbus 0001:10:13.0: Routing CardBus interrupts to PCI
[   24.078915] yenta_cardbus 0001:10:13.0: TI: mfunc 0x00001002, devctl 0x60
[   24.196545] yenta_cardbus 0001:10:13.0: ISA IRQ mask 0x0000, PCI irq 53
[   24.196552] yenta_cardbus 0001:10:13.0: Socket status: 30000007
[   24.196567] yenta_cardbus 0001:10:13.0: pcmcia: parent PCI bridge window: [io  0x0000-0x7fffff]
[   24.196571] yenta_cardbus 0001:10:13.0: pcmcia: parent PCI bridge window: [mem 0xf3000000-0xf3ffffff]
[   24.196576] pcmcia_socket pcmcia_socket0: cs: memory probe 0xf3000000-0xf3ffffff:
[   24.196590]  clean
[   24.196594] yenta_cardbus 0001:10:13.0: pcmcia: parent PCI bridge window: [mem 0x80000000-0xafffffff]
[   24.196597] pcmcia_socket pcmcia_socket0: cs: memory probe 0x80000000-0xafffffff:
[   24.196600]  excluding 0x80000000-0x807fffff 0x84000000-0x8bffffff 0xa0000000-0xa07fffff
[   24.223742] b43-pci-bridge 0001:10:12.0: enabling device (0004 -> 0006)
[   24.223800] ssb: Found chip with id 0x4306, rev 0x03 and package 0x00
[   24.223806] ssb: Core 0 found: ChipCommon (cc 0x800, rev 0x04, vendor 0x4243)
[   24.223811] ssb: Core 1 found: IEEE 802.11 (cc 0x812, rev 0x05, vendor 0x4243)
[   24.223816] ssb: Core 2 found: PCMCIA (cc 0x80D, rev 0x02, vendor 0x4243)
[   24.223821] ssb: Core 3 found: V90 (cc 0x807, rev 0x02, vendor 0x4243)
[   24.223825] ssb: Core 4 found: PCI (cc 0x804, rev 0x09, vendor 0x4243)
[   24.264740] ssb: Sonics Silicon Backplane found on PCI device 0001:10:12.0
[   24.712531] usbcore: registered new interface driver usbfs
[   24.719882] usbcore: registered new interface driver hub
[   24.760065] usbcore: registered new device driver usb
[   24.761560] init: bluetooth main process (437) terminated with status 1
[   24.761675] init: bluetooth main process ended, respawning
[   25.090624] init: bluetooth main process (486) terminated with status 1
[   25.090732] init: bluetooth main process ended, respawning
[   25.120824] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
[   25.197140] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
[   25.197146] Warning! ehci_hcd should always be loaded before uhci_hcd and ohci_hcd, not after
[   25.240460] ohci-pci: OHCI PCI platform driver
[   25.240520] Apple USB OHCI 0001:10:19.0 disabled by firmware
[   25.240591] ohci-pci 0001:10:1a.0: OHCI PCI host controller
[   25.240624] ohci-pci 0001:10:1a.0: new USB bus registered, assigned bus number 1
[   25.240703] ohci-pci 0001:10:1a.0: irq 29, io mem 0xa0003000
[   25.263409] ehci-pci: EHCI PCI platform driver
[   25.359324] init: bluetooth main process (527) terminated with status 1
[   25.359432] init: bluetooth main process ended, respawning
[   25.603700] init: bluetooth main process (552) terminated with status 1
[   25.603810] init: bluetooth main process ended, respawning
[   25.731864] sungem_phy: PHY ID: 1410cc2, addr: 0
[   25.731921] gem 0002:24:0f.0 eth0: Found Marvell 88E1111 PHY
[   25.767701] init: bluetooth main process (576) terminated with status 1
[   25.767806] init: bluetooth main process ended, respawning
[   25.823393] usb usb1: New USB device found, idVendor=1d6b, idProduct=0001
[   25.823401] usb usb1: New USB device strings: Mfr=3, Product=2, SerialNumber=1
[   25.823404] usb usb1: Product: OHCI PCI host controller
[   25.823407] usb usb1: Manufacturer: Linux 4.11.0-rc1+ ohci_hcd
[   25.823410] usb usb1: SerialNumber: 0001:10:1a.0
[   25.851538] hub 1-0:1.0: USB hub found
[   25.851571] hub 1-0:1.0: 2 ports detected
[   25.873348] ehci-pci 0001:10:1b.2: EHCI Host Controller
[   25.873373] ehci-pci 0001:10:1b.2: new USB bus registered, assigned bus number 2
[   25.873457] ehci-pci 0001:10:1b.2: irq 63, io mem 0xa0000000
[   25.887554] ehci-pci 0001:10:1b.2: USB 2.0 started, EHCI 1.00
[   25.890737] usb usb2: New USB device found, idVendor=1d6b, idProduct=0002
[   25.890744] usb usb2: New USB device strings: Mfr=3, Product=2, SerialNumber=1
[   25.890747] usb usb2: Product: EHCI Host Controller
[   25.890750] usb usb2: Manufacturer: Linux 4.11.0-rc1+ ehci_hcd
[   25.890753] usb usb2: SerialNumber: 0001:10:1b.2
[   25.891387] hub 2-0:1.0: USB hub found
[   25.891422] hub 2-0:1.0: 5 ports detected
[   25.903614] ohci-pci 0001:10:1b.0: OHCI PCI host controller
[   25.903638] ohci-pci 0001:10:1b.0: new USB bus registered, assigned bus number 3
[   25.903699] ohci-pci 0001:10:1b.0: irq 63, io mem 0xa0002000
[   25.924773] init: bluetooth main process (601) terminated with status 1
[   25.924879] init: bluetooth main process ended, respawning
[   26.280919] usb 1-1: new full-speed USB device number 2 using ohci-pci
[   26.286243] init: failsafe main process (634) killed by TERM signal
[   26.292052] init: bluetooth main process (649) terminated with status 1
[   26.292168] init: bluetooth main process ended, respawning
[   26.521612] init: bluetooth main process (686) terminated with status 1
[   26.521731] init: bluetooth main process ended, respawning
[   26.543626] usb 1-1: New USB device found, idVendor=05ac, idProduct=1000
[   26.543635] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   26.723681] usb 1-2: new full-speed USB device number 3 using ohci-pci
[   26.791570] init: bluetooth main process (715) terminated with status 1
[   26.791688] init: bluetooth main process ended, respawning
[   26.859983] usb usb3: New USB device found, idVendor=1d6b, idProduct=0001
[   26.859988] usb usb3: New USB device strings: Mfr=3, Product=2, SerialNumber=1
[   26.859991] usb usb3: Product: OHCI PCI host controller
[   26.859994] usb usb3: Manufacturer: Linux 4.11.0-rc1+ ohci_hcd
[   26.859996] usb usb3: SerialNumber: 0001:10:1b.0
[   26.867830] hub 3-0:1.0: USB hub found
[   26.872240] hub 3-0:1.0: 3 ports detected
[   26.902602] ohci-pci 0001:10:1b.1: OHCI PCI host controller
[   26.902623] ohci-pci 0001:10:1b.1: new USB bus registered, assigned bus number 4
[   26.902691] ohci-pci 0001:10:1b.1: irq 63, io mem 0xa0001000
[   26.986616] usb 1-2: New USB device found, idVendor=05ac, idProduct=020e
[   26.986625] usb 1-2: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[   26.986628] usb 1-2: Product: Apple Internal Keyboard/Trackpad
[   26.986630] usb 1-2: Manufacturer: Apple Computer
[   27.012367] init: bluetooth main process (757) terminated with status 1
[   27.012476] init: bluetooth main process ended, respawning
[   27.166119] init: bluetooth main process (782) terminated with status 1
[   27.166224] init: bluetooth respawning too fast, stopped
[   28.133914] radeonfb 0000:00:10.0: Invalid PCI ROM header signature: expecting 0xaa55, got 0x0303
[   28.134030] radeonfb 0000:00:10.0: Invalid PCI ROM header signature: expecting 0xaa55, got 0x0303
[   28.226700] usb usb4: New USB device found, idVendor=1d6b, idProduct=0001
[   28.226708] usb usb4: New USB device strings: Mfr=3, Product=2, SerialNumber=1
[   28.226711] usb usb4: Product: OHCI PCI host controller
[   28.226714] usb usb4: Manufacturer: Linux 4.11.0-rc1+ ohci_hcd
[   28.226717] usb usb4: SerialNumber: 0001:10:1b.1
[   28.243314] hub 4-0:1.0: USB hub found
[   28.243823] hub 4-0:1.0: 2 ports detected
[   28.589356] [drm] radeon kernel modesetting enabled.
[   28.591227] pcmcia_socket pcmcia_socket0: cs: memory probe 0x80000000-0x80ffffff:
[   28.591238]  excluding 0x80000000-0x800fffff
[   28.636079] ams: Found I2C based motion sensor
[   28.990932] input: appletouch as /devices/pci0001:10/0001:10:1a.0/usb1/1-2/1-2:1.1/input/input2
[   28.992138] usbcore: registered new interface driver appletouch
[   29.037670] hidraw: raw HID events driver (C) Jiri Kosina
[   29.127988] usbcore: registered new interface driver usbhid
[   29.127994] usbhid: USB HID core driver
[   29.212731] input: Apple Computer Apple Internal Keyboard/Trackpad as /devices/pci0001:10/0001:10:1a.0/usb1/1-2/1-2:1.0/0003:05AC:020E.0003/input/input3
[   29.273049] apple 0003:05AC:020E.0003: input,hidraw0: USB HID v1.10 Keyboard [Apple Computer Apple Internal Keyboard/Trackpad] on usb-0001:10:1a.0-2/input0
[   29.281434] input: Apple Computer Apple Internal Keyboard/Trackpad as /devices/pci0001:10/0001:10:1a.0/usb1/1-2/1-2:1.2/0003:05AC:020E.0004/input/input4
[   29.308055] b43-phy0: Broadcom 4306 WLAN found (core revision 5)
[   29.323553] b43-phy0: Found PHY: Analog 2, Type 2 (G), Revision 2
[   29.323577] b43-phy0: Found Radio: Manuf 0x17F, ID 0x2050, Revision 2, Version 0
[   29.337763] usb 1-1: USB disconnect, device number 2
[   29.344052] usb 1-1: usbfs: USBDEVFS_CONTROL failed cmd hid2hci rqt 64 rq 0 len 0 ret -62
[   29.350124] Broadcom 43xx driver loaded [ Features: PL ]
[   29.351256] apple 0003:05AC:020E.0004: input,hidraw1: USB HID v1.10 Device [Apple Computer Apple Internal Keyboard/Trackpad] on usb-0001:10:1a.0-2/input2
[   29.379671] gem 0002:24:0f.0 eth0: Link is up at 1000 Mbps, full-duplex
[   29.379784] gem 0002:24:0f.0 eth0: Pause is enabled (rxfifo: 10240 off: 7168 on: 5632)
[   29.472075] ieee80211 phy0: Selected rate control algorithm 'minstrel_ht'
[   29.711533] usb 1-1: new full-speed USB device number 4 using ohci-pci
[   29.918975] b43-phy0: Loading firmware version 666.2 (2011-02-23 01:15:07)
[   30.091641] usb 1-1: New USB device found, idVendor=05ac, idProduct=8205
[   30.091650] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   30.863572] input: Mouseemu virtual keyboard as /devices/virtual/input/input5
[   30.868271] input: Mouseemu virtual mouse as /devices/virtual/input/input6
[   33.261201] fuse init (API version 7.26)

[-- Attachment #3: mac_error.jpg --]
[-- Type: image/jpeg, Size: 808648 bytes --]

Re: Regression in kernel 4.12-rc1 for Powerpc 32 - bisected to commit 3448890c32c3

[Larry Finger]

On 06/23/2017 03:29 PM, Al Viro wrote:
> On Fri, Jun 23, 2017 at 01:49:16PM -0500, Larry Finger wrote:
> 
>>> BTW, could you try to check what happens if you kill the
>>> 	if (__builtin_constant_p(n) && (n <= 8))
>>> bits in raw_copy_{to,from}_user()?  The usefulness of those (in __copy_from_user()
>>> originally) had always been dubious and the things are simpler without them.
>>> If _that_ turns out to cure breakage, I would be very surprised, though.
>>>
>> Sorry I was gone so long. Installing jessie on this box resulted in a crash
>> on boot. Lubuntu 14.04 yielded a desktop with a functioning cursor, but
>> nothing else. Finally, Ubuntu 12.04 resulted in a working system. I hate
>> Unity, but I guess I'm stuck for now.
> 
> Ho-hum...  Jessie is 3.16, so whatever is crashing there, it's something
> different...  Ubuntu 12.04 is what, 3.2?
> 
>> I know how easy it is to screw up a long bisection by booting the wrong
>> kernel. To help that problem and to work around the yaconf/yboot nonsense on
>> the MAC, my /etc/yaconf has always had generic kernel stanzas with only
>> default, old, and original kernels mentioned. From there I use a local
>> script to finish a kernel installation by moving the default links to the
>> old ones and creating the new default links pointing to the current kernel.
>> With those long-tested scripts, I'm sure that I am booting the one I want.
>>
>> With the new installation, kernel 4.12-rc6 failed, as did 3448890c with the
>> backported 46f401c4 added.
>>
>> Replacing "if (__builtin_constant_p(n) && (n <= 8))" with "if (0)" had no effect.
> 
> OK, that simplifies things a bit.  Just to make sure we are on the same page:
> 
> * f2ed8bebee69 + cherry-pick of 46f401c4 boots (Ubuntu 12.04 userland)
> * 3448890c32c3 + cherry-pick of 46f401c4 fails (Ubuntu 12.04 userland), ditto
>    with removal of constant-size bits in raw_copy_..._user().  Failure appears
>    to be on udev getting EFAULT on some syscalls.
> * straight Ubuntu 12.04 works
> * jessie crashes on boot.

I made a break through. If I turn off inline copy to/from users for 32-bit ppc 
with the following patch, then the system boots:

diff --git a/arch/powerpc/include/asm/uaccess.h b/arch/powerpc/include/asm/uaccess.h
index 5c0d8a8cdae5..1e6a8723f497 100644
--- a/arch/powerpc/include/asm/uaccess.h
+++ b/arch/powerpc/include/asm/uaccess.h
@@ -267,12 +267,7 @@ do { 
        \
  extern unsigned long __copy_tofrom_user(void __user *to,
                 const void __user *from, unsigned long size);

-#ifndef __powerpc64__
-
-#define INLINE_COPY_FROM_USER
-#define INLINE_COPY_TO_USE
-
-#else /* __powerpc64__ */
+#ifdef __powerpc64__

  static inline unsigned long
  raw_copy_in_user(void __user *to, const void __user *from, unsigned long n)

It seems whatever problem I am seeing is in the inline version of 
_copy_to_user() and _copy_from_user() on the 32-bit ppc. The only other 
difference between the two versions is the placement of the __user macro, which 
looks to be wrong in the non-inlined version of _copy_to_user() in 
lib/usercopy.c, but that is the one that works.

To me, this looks like a compiler error. On the PowerBook, 'gcc --version' 
reports "gcc (Ubuntu/Linaro 4.6.3-1ubuntu5) 4.6.3".

I will prepare a proper patch that I will send to you privately. If you agree 
with it, it can be send through normal channels in time for the release of 4.12.

Larry

Re: Regression in kernel 4.12-rc1 for Powerpc 32 - bisected to commit 3448890c32c3

[Al Viro]

On Sat, Jun 24, 2017 at 12:29:23PM -0500, Larry Finger wrote:

> I made a break through. If I turn off inline copy to/from users for 32-bit
> ppc with the following patch, then the system boots:

OK...  So it's 4.6.3 miscompiling something - it is hardware-independent,
reproduced in qemu.  I'd like to get more self-contained example of
miscompile, though; should be done by tonight...

Re: Regression in kernel 4.12-rc1 for Powerpc 32 - bisected to commit 3448890c32c3

[Al Viro]

On Sun, Jun 25, 2017 at 10:53:58AM +0100, Al Viro wrote:
> On Sat, Jun 24, 2017 at 12:29:23PM -0500, Larry Finger wrote:
> 
> > I made a break through. If I turn off inline copy to/from users for 32-bit
> > ppc with the following patch, then the system boots:
> 
> OK...  So it's 4.6.3 miscompiling something - it is hardware-independent,
> reproduced in qemu.  I'd like to get more self-contained example of
> miscompile, though; should be done by tonight...

OK, it's the call in rw_copy_check_uvector(); with INLINE_COPY_FROM_USER
it's miscompiled by 4.6.3.  I hadn't looked through the generated code
yet; will do that after I grab some sleep.

gcc 4.6.3 miscompile on ppc32 (was Re: Regression in kernel 4.12-rc1 for Powerpc 32 - bisected to commit 3448890c32c3)

[Al Viro]

[-- Attachment #1: Type: text/plain, Size: 2667 bytes --]

On Sun, Jun 25, 2017 at 12:14:04PM +0100, Al Viro wrote:
> On Sun, Jun 25, 2017 at 10:53:58AM +0100, Al Viro wrote:
> > On Sat, Jun 24, 2017 at 12:29:23PM -0500, Larry Finger wrote:
> > 
> > > I made a break through. If I turn off inline copy to/from users for 32-bit
> > > ppc with the following patch, then the system boots:
> > 
> > OK...  So it's 4.6.3 miscompiling something - it is hardware-independent,
> > reproduced in qemu.  I'd like to get more self-contained example of
> > miscompile, though; should be done by tonight...
> 
> OK, it's the call in rw_copy_check_uvector(); with INLINE_COPY_FROM_USER
> it's miscompiled by 4.6.3.  I hadn't looked through the generated code
> yet; will do that after I grab some sleep.

Confirmed.  It manages to bugger the loop immediately after the (successful)
copying of iovec array in rw_copy_check_uvector(); both with and without
INLINE_COPY_FROM_USER it has (just before the call of copy_from_user()) r27
set to nr_segs * sizeof(struct iovec).  The call is made, we check that it
has succeeded and that's when it hits the fan: without INLINE_COPY_FROM_USER
we have (interleaved with unrelated insns)
        addi 27,27,-8
        srwi 27,27,3
        addi 27,27,1
        mtctr 27
Weird, but manages to pass nr_segs to mtctr.  _With_ INLINE_COPY_FROM_USER we
get this:
        lis 9,0x2000
        mtctr 9
In other words, the loop will try to go through 8192 iterations.  No idea where
that number has come from, but it sure as hell is wrong.  That's where those
-EINVAL, etc. are coming from - we run into something negative in iov[seg].len,
after having run out of on-stack iovec array.

	Assembler generated out of rw_copy_check_uvector() with and without
INLINE_COPY_FROM_USER is attached; it's a definite miscompile.  Neither 4.4.5
nor 6.3.0 use mtctr/bdnz for that loop.

	The bottom line is, ppc cross-toolchain on kernel.org happens to be
the version that miscompiles rw_copy_check_uvector() with INLINE_COPY_FROM_USER
and hell knows what else.  Said that, I would rather have ppc32 drop the
INLINE_COPY_{TO,FROM}_USER anyway; that won't fix any other places where
the same 4.6.3 bug hits, but I seriously suspect that it will end up being
faster even on non^Wless buggy gcc versions.  Could powerpc folks check
what does removing those two defines from arch/powerpc/include/asm/uaccess.h
do to performance?  If there's no slowdown, I would strongly recommend just
removing those as in the patch Larry has posted upthread.

	Fixing whatever it is in gcc 4.6.3 that triggers that behaviour is
IMO pointless - it might make sense to switch kernel.org cross-toolchain to
something more recent, but that's it.

[-- Attachment #2: rw_copy_check_uvector() with INLINE_COPY_FROM_USER --]
[-- Type: text/plain, Size: 3342 bytes --]

	.globl rw_copy_check_uvector
	.type	rw_copy_check_uvector, @function
rw_copy_check_uvector:
.LFB2683:
	.loc 1 773 0
	stwu 1,-32(1)	 #,,
.LCFI142:
	mflr 0	 #,
.LCFI143:
	stmw 27,12(1)	 #,
.LCFI144:
	.loc 1 783 0
	mr. 27,5	 # nr_segs, nr_segs
	.loc 1 773 0
	mr 30,3	 # type, type
	stw 0,36(1)	 #,
.LCFI145:
	.loc 1 773 0
	mr 31,4	 # uvector, uvector
	mr 29,8	 # ret_pointer, ret_pointer
	.loc 1 776 0
	mr 28,7	 # iov, fast_pointer
	.loc 1 784 0
	li 0,0	 # ret,
	.loc 1 783 0
	beq- 0,.L495	 #
	.loc 1 792 0
	cmplwi 7,27,1024	 #, tmp160, nr_segs
	.loc 1 793 0
	li 0,-22	 # ret,
	.loc 1 792 0
	bgt- 7,.L495	 #
	.loc 1 796 0
	cmplw 7,27,6	 # fast_segs, tmp161, nr_segs
	ble- 7,.L496	 #
.LBB1538:
.LBB1539:
	.file 21 "./include/linux/slab.h"
	.loc 21 495 0
	lis 4,0x140	 # tmp190,
	slwi 3,27,3	 #, nr_segs,
	ori 4,4,192	 #,, tmp190,
	bl __kmalloc	 #
.LBE1539:
.LBE1538:
	.loc 1 799 0
	li 0,-12	 # ret,
	.loc 1 798 0
	mr. 28,3	 # iov,
	beq- 0,.L495	 #
.L496:
.LBB1540:
.LBB1541:
.LBB1542:
.LBB1543:
	.loc 19 113 0
	lwz 0,1128(2)	 # current.192_185->thread.fs.seg, D.39493
.LBE1543:
.LBE1542:
.LBE1541:
.LBE1540:
	.loc 1 803 0
	slwi 27,27,3	 # n, nr_segs,
.LBB1549:
.LBB1548:
.LBB1547:
.LBB1546:
	mr 5,27	 # n, n
	.loc 19 113 0
	cmplw 7,31,0	 # D.39493, tmp165, uvector
	bgt- 7,.L497	 #
	addi 9,27,-1	 # tmp166, n,
	subf 0,31,0	 # tmp167, uvector, D.39493
	cmplw 7,9,0	 # tmp167, tmp168, tmp166
	bgt- 7,.L497	 #
.LBB1544:
.LBB1545:
	.file 22 "./arch/powerpc/include/asm/uaccess.h"
	.loc 22 305 0
	mr 3,28	 #, iov
	mr 4,31	 #, uvector
	bl __copy_tofrom_user	 #
.LBE1545:
.LBE1544:
	.loc 19 115 0
	mr. 5,3	 # n,
	beq+ 0,.L498	 #
.L497:
	.loc 19 116 0
	subf 3,5,27	 # tmp170, n, n
	li 4,0	 #,
	add 3,28,3	 #, iov, tmp170
	bl memset	 #
	b .L510	 #
.L498:
.LBE1546:
.LBE1547:
.LBE1548:
.LBE1549:
.LBB1550:
	.loc 1 833 0
	lis 9,0x2000	 #,
	.loc 1 828 0
	cmpwi 6,30,0	 #, tmp186, type
	.loc 1 833 0
	lis 6,0x7fff	 # tmp189,
	mtctr 9	 # tmp188,
	.loc 1 829 0
	mr 5,2	 # current.121, current
	li 8,0	 # ivtmp.533,
	li 0,0	 # ret,
	.loc 1 833 0
	ori 6,6,61440	 #, tmp187, tmp189,
.L501:
	.loc 1 819 0
	mr 11,28	 # D.40168, iov
	lwzux 10,11,8	 # MEM[base: iov_4, index: ivtmp.533_176, offset: 0B], buf
	.loc 1 820 0
	lwz 9,4(11)	 # MEM[base: D.40168_211, offset: 4B], len
	.loc 1 824 0
	cmpwi 7,9,0	 #, tmp175, len
	blt- 7,.L508	 #
	.loc 1 828 0
	blt- 6,.L499	 #
	.loc 1 829 0
	lwz 7,1128(5)	 # current.121_33->thread.fs.seg, D.36573
	cmplw 1,10,7	 # D.36573, tmp177, buf
	bgt- 1,.L510	 #
	.loc 1 829 0 is_stmt 0 discriminator 1
	beq- 7,.L499	 #
	.loc 1 829 0 discriminator 4
	addi 4,9,-1	 # tmp179, len,
	subf 10,10,7	 # tmp180, buf, D.36573
	cmplw 7,4,10	 # tmp180, tmp181, tmp179
	bgt- 7,.L510	 #
.L499:
	.loc 1 833 0 is_stmt 1
	subf 10,0,6	 # len, ret, tmp187
	cmpw 7,9,10	 # len, tmp183, len
	ble- 7,.L500	 #
	.loc 1 835 0
	stw 10,4(11)	 # MEM[base: D.40168_211, offset: 4B], len
	mr 9,10	 # len, len
.L500:
	.loc 1 837 0
	add 0,0,9	 # ret, ret, len
	addi 8,8,8	 # ivtmp.533, ivtmp.533,
.LBE1550:
	.loc 1 818 0
	bdnz .L501	 #
	b .L495	 #
.L508:
.LBB1551:
	.loc 1 825 0
	li 0,-22	 # ret,
	b .L495	 #
.L510:
	.loc 1 830 0
	li 0,-14	 # ret,
.L495:
.LBE1551:
	.loc 1 842 0
	addi 11,1,32	 #,,
	.loc 1 840 0
	stw 28,0(29)	 # *ret_pointer_53(D), iov
	.loc 1 842 0
	mr 3,0	 #, ret
	b _restgpr_27_x	 #
.LFE2683:
	.size	rw_copy_check_uvector,.-rw_copy_check_uvector

[-- Attachment #3: the same without INLINE_COPY_FROM_USER --]
[-- Type: text/plain, Size: 2872 bytes --]

	.globl rw_copy_check_uvector
	.type	rw_copy_check_uvector, @function
rw_copy_check_uvector:
.LFB2683:
	.loc 1 773 0
	stwu 1,-32(1)	 #,,
.LCFI142:
	mflr 0	 #,
.LCFI143:
	stmw 27,12(1)	 #,
.LCFI144:
	.loc 1 783 0
	mr. 27,5	 # nr_segs, nr_segs
	.loc 1 773 0
	mr 31,3	 # type, type
	stw 0,36(1)	 #,
.LCFI145:
	.loc 1 773 0
	mr 30,4	 # uvector, uvector
	mr 29,8	 # ret_pointer, ret_pointer
	.loc 1 776 0
	mr 28,7	 # iov, fast_pointer
	.loc 1 784 0
	li 0,0	 # ret,
	.loc 1 783 0
	beq- 0,.L495	 #
	.loc 1 792 0
	cmplwi 7,27,1024	 #, tmp151, nr_segs
	.loc 1 793 0
	li 0,-22	 # ret,
	.loc 1 792 0
	bgt- 7,.L495	 #
	.loc 1 796 0
	cmplw 7,27,6	 # fast_segs, tmp152, nr_segs
	ble- 7,.L496	 #
.LBB1516:
.LBB1517:
	.file 21 "./include/linux/slab.h"
	.loc 21 495 0
	lis 4,0x140	 # tmp175,
	slwi 3,27,3	 #, nr_segs,
	ori 4,4,192	 #,, tmp175,
	bl __kmalloc	 #
.LBE1517:
.LBE1516:
	.loc 1 799 0
	li 0,-12	 # ret,
	.loc 1 798 0
	mr. 28,3	 # iov,
	beq- 0,.L495	 #
.L496:
	.loc 1 803 0
	slwi 27,27,3	 # n, nr_segs,
.LBB1518:
.LBB1519:
	.loc 19 153 0
	mr 3,28	 #, iov
	mr 4,30	 #, uvector
	mr 5,27	 #, n
	bl _copy_from_user	 #
.LBE1519:
.LBE1518:
	.loc 1 804 0
	li 0,-14	 # ret,
	.loc 1 803 0
	cmpwi 7,3,0	 #, tmp156,
	bne- 7,.L495	 #
.LBB1520:
	.loc 1 833 0
	addi 27,27,-8	 # tmp172, n,
	.loc 1 828 0
	cmpwi 6,31,0	 #, tmp168, type
	.loc 1 833 0
	srwi 27,27,3	 # tmp173, tmp172,
	lis 6,0x7fff	 # tmp174,
	addi 27,27,1	 #, tmp173,
	.loc 1 829 0
	mr 5,2	 # current.121, current
	.loc 1 833 0
	mtctr 27	 # tmp170,
	.loc 1 829 0
	li 8,0	 # ivtmp.528,
	li 0,0	 # ret,
	.loc 1 833 0
	ori 6,6,61440	 #, tmp169, tmp174,
.L499:
	.loc 1 819 0
	mr 11,28	 # D.40034, iov
	lwzux 10,11,8	 # MEM[base: iov_4, index: ivtmp.528_176, offset: 0B], buf
	.loc 1 820 0
	lwz 9,4(11)	 # MEM[base: D.40034_183, offset: 4B], len
	.loc 1 824 0
	cmpwi 7,9,0	 #, tmp157, len
	blt- 7,.L505	 #
	.loc 1 828 0
	blt- 6,.L497	 #
	.loc 1 829 0
	lwz 7,1128(5)	 # current.121_33->thread.fs.seg, D.36573
	cmplw 1,10,7	 # D.36573, tmp159, buf
	bgt- 1,.L507	 #
	.loc 1 829 0 is_stmt 0 discriminator 1
	beq- 7,.L497	 #
	.loc 1 829 0 discriminator 4
	addi 4,9,-1	 # tmp161, len,
	subf 10,10,7	 # tmp162, buf, D.36573
	cmplw 7,4,10	 # tmp162, tmp163, tmp161
	bgt- 7,.L507	 #
.L497:
	.loc 1 833 0 is_stmt 1
	subf 10,0,6	 # len, ret, tmp169
	cmpw 7,9,10	 # len, tmp165, len
	ble- 7,.L498	 #
	.loc 1 835 0
	stw 10,4(11)	 # MEM[base: D.40034_183, offset: 4B], len
	mr 9,10	 # len, len
.L498:
	.loc 1 837 0
	add 0,0,9	 # ret, ret, len
	addi 8,8,8	 # ivtmp.528, ivtmp.528,
.LBE1520:
	.loc 1 818 0
	bdnz .L499	 #
	b .L495	 #
.L505:
.LBB1521:
	.loc 1 825 0
	li 0,-22	 # ret,
	b .L495	 #
.L507:
	.loc 1 830 0
	li 0,-14	 # ret,
.L495:
.LBE1521:
	.loc 1 842 0
	addi 11,1,32	 #,,
	.loc 1 840 0
	stw 28,0(29)	 # *ret_pointer_53(D), iov
	.loc 1 842 0
	mr 3,0	 #, ret
	b _restgpr_27_x	 #
.LFE2683:
	.size	rw_copy_check_uvector,.-rw_copy_check_uvector

Re: gcc 4.6.3 miscompile on ppc32 (was Re: Regression in kernel 4.12-rc1 for Powerpc 32 - bisected to commit 3448890c32c3)

[Segher Boessenkool]

On Sun, Jun 25, 2017 at 09:53:24PM +0100, Al Viro wrote:
> Confirmed.  It manages to bugger the loop immediately after the (successful)
> copying of iovec array in rw_copy_check_uvector(); both with and without
> INLINE_COPY_FROM_USER it has (just before the call of copy_from_user()) r27
> set to nr_segs * sizeof(struct iovec).  The call is made, we check that it
> has succeeded and that's when it hits the fan: without INLINE_COPY_FROM_USER
> we have (interleaved with unrelated insns)
>         addi 27,27,-8
>         srwi 27,27,3
>         addi 27,27,1
>         mtctr 27
> Weird, but manages to pass nr_segs to mtctr.

This weirdosity is https://gcc.gnu.org/PR67288 .  Those three instructions
are not the same as just  srwi 27,27,3  in case r27 is 0; GCC does not
figure out this cannot happen here.

> _With_ INLINE_COPY_FROM_USER we
> get this:
>         lis 9,0x2000
>         mtctr 9
> In other words, the loop will try to go through 8192 iterations.  No idea where
> that number has come from, but it sure as hell is wrong.

8192*65535, even.  This is as if r27 was 0 always.

Do you have a short stand-alone testcase?  4.6 is ancient, of course, but
the actual problem may still exist in more recent compilers (if it _is_
a compiler problem; if it's not, you *really* want to know :-) )


Segher

Re: gcc 4.6.3 miscompile on ppc32 (was Re: Regression in kernel 4.12-rc1 for Powerpc 32 - bisected to commit 3448890c32c3)

[Al Viro]

On Sun, Jun 25, 2017 at 04:44:09PM -0500, Segher Boessenkool wrote:

> Do you have a short stand-alone testcase?  4.6 is ancient, of course, but
> the actual problem may still exist in more recent compilers (if it _is_
> a compiler problem; if it's not, you *really* want to know :-) )

Enjoy.  At least 6.3 doesn't step into that.  Look for mtctr in the resulting
asm...

cat <<'EOF' >a.c
struct iovec
{
 void *iov_base;
 unsigned iov_len;
};

unsigned long v;

extern void * barf(void *,int,unsigned);

extern unsigned long bar(void *to, const void *from, unsigned long size);

static inline unsigned long __bar(void *to, const void *from, unsigned long n)
{
 unsigned long res = n;
 if (__builtin_expect(!!(((void)0, (((( unsigned long)(from)) <= v) && ((((n)) == 0) || ((((n)) - 1) <= (v - (( unsigned long)(from)))))))), 1))
  res = bar(to, from, n);
 if (res)
  barf(to + (n - res), 0, res);
 return res;
}

int foo(int type, const struct iovec * uvector,
         unsigned long nr_segs, unsigned long fast_segs,
         struct iovec *iov,
         struct iovec **ret_pointer)
{
 unsigned long seg;
 int ret;
 if (nr_segs == 0) {
  ret = 0;
  goto out;
 }
 if (nr_segs > 1024) {
  ret = -22;
  goto out;
 }
 if (__bar(iov, uvector, nr_segs*sizeof(*uvector))) {
  ret = -14;
  goto out;
 }
 ret = 0;
 for (seg = 0; seg < nr_segs; seg++) {
  void *buf = iov[seg].iov_base;
  int len = (int)iov[seg].iov_len;
  if (len < 0) {
   ret = -22;
   goto out;
  }
  if (type >= 0
      && __builtin_expect(!!(!((void)0, (((( unsigned long)(buf)) <= v) && ((((len)) == 0) || ((((len)) - 1) <= (v - (( unsigned long)(buf)))))))), 0)) {
   ret = -14;
   goto out;
  }
  ret += len;
 }
out:
 *ret_pointer = iov;
 return ret;
}
EOF
powerpc-linux-gcc -m32 -fno-strict-aliasing -fno-common -std=gnu89 -fno-PIE -msoft-float -pipe -ffixed-r2 -mmultiple -mno-altivec -mno-vsx -mno-spe -mspe=no -funit-at-a-time -fno-dwarf2-cfi-asm -mno-string -mcpu=powerpc -Wa,-maltivec -mbig-endian -fno-delete-null-pointer-checks -Os -fno-stack-protector -Wno-unused-but-set-variable -fomit-frame-pointer -fno-var-tracking-assignments -femit-struct-debug-baseonly -fno-var-tracking -fno-strict-overflow -fconserve-stack -fverbose-asm -S a.c

Re: gcc 4.6.3 miscompile on ppc32 (was Re: Regression in kernel 4.12-rc1 for Powerpc 32 - bisected to commit 3448890c32c3)

[Michael Ellerman]

Al Viro <viro@ZenIV.linux.org.uk> writes:

> On Sun, Jun 25, 2017 at 04:44:09PM -0500, Segher Boessenkool wrote:
>
>> Do you have a short stand-alone testcase?  4.6 is ancient, of course, but
>> the actual problem may still exist in more recent compilers (if it _is_
>> a compiler problem; if it's not, you *really* want to know :-) )
>
> Enjoy.  At least 6.3 doesn't step into that.  Look for mtctr in the resulting
> asm...
>
> cat <<'EOF' >a.c
...

I pointed creduce at that and got the version below, which I'm pretty
sure still exhibits the weird mtctr behaviour.

cheers

# cat input.c
struct {
  void *iov_base;
  unsigned iov_len;
} * c;
long v;
void *a;
int b;
unsigned bar();
foo(unsigned p1) {
  unsigned d, e = p1;
  if (p1 == 0)
    goto out;
  if (p1 > 4)
    goto out;
  if (__builtin_expect(!!(0, v && a), 1))
    e = bar();
  if (e)
    barf(e);
  if (e)
    goto out;
  d = 0;
  for (; d < p1; d++) {
    int f = c[d].iov_len;
    if (__builtin_expect(c[d].iov_base && f, 0))
      b = 4;
  }
out:;
}

$ cat output.s 
	.file	"input.c"

 # rs6000/powerpc options: -mcpu=powerpc -msdata=data -G 8
 # GNU C (GCC) version 4.6.3 (powerpc64-linux)
 #	compiled by GNU C version 4.3.2, GMP version 4.3.2, MPFR version 2.4.2, MPC version 0.8.2
 # ...

 # Compiler executable checksum: 4b51a6b899110d06c9e3310ac66ad26c

	.section	".text"
	.align 2
	.globl foo
	.type	foo, @function
foo:
	cmpwi 0,3,0	 # tmp169, p1
	stwu 1,-16(1)	 #,,
	mflr 0	 #,
	stw 0,20(1)	 #,
	beq- 0,.L9	 #
	cmplwi 7,3,4	 #, tmp170, p1
	bgt- 7,.L9	 #
	lis 9,v@ha	 # tmp172,
	lwz 0,v@l(9)	 # v, v
	cmpwi 7,0,0	 #, tmp174, v
	beq- 7,.L3	 #
	lis 9,a@ha	 # tmp176,
	lwz 0,a@l(9)	 # a, a
	cmpwi 7,0,0	 #, tmp178, a
	beq- 7,.L3	 #
	bl bar	 #
	cmpwi 0,3,0	 # tmp179, e
	beq+ 0,.L4	 #
.L3:
	bl barf	 #
	b .L9	 #
.L4:
	lis 8,0x2000	 #,
	lis 9,c@ha	 # tmp181,
	mtctr 8	 # tmp192,
	lwz 11,c@l(9)	 # c, c.3
	lis 10,b@ha	 # tmp190,
	li 9,0	 # ivtmp.12,
	li 0,4	 # tmp191,
.L6:
	lwzx 7,11,9	 # MEM[base: c.3_14, index: ivtmp.12_25, offset: 0B], MEM[base: c.3_14, index: ivtmp.12_25, offset: 0B]
	add 8,11,9	 # tmp182, c.3, ivtmp.12
	lwz 8,4(8)	 # MEM[base: D.1310_21, offset: 4B], D.1287
	cmpwi 7,7,0	 #, tmp184, MEM[base: c.3_14, index: ivtmp.12_25, offset: 0B]
	beq+ 7,.L5	 #
	cmpwi 7,8,0	 #, tmp185, D.1287
	beq+ 7,.L5	 #
	stw 0,b@l(10)	 # b, tmp191
.L5:
	addi 9,9,8	 # ivtmp.12, ivtmp.12,
	bdnz .L6	 #
.L2:
.L9:
	lwz 0,20(1)	 #,
	addi 1,1,16	 #,,
	mtlr 0	 #,
	blr	 #
	.size	foo,.-foo
	.globl b
	.globl a
	.globl v
	.globl c
	.section	.sbss,"aw",@nobits
	.align 2
	.type	b, @object
	.size	b, 4
b:
	.zero	4
	.type	a, @object
	.size	a, 4
a:
	.zero	4
	.type	v, @object
	.size	v, 4
v:
	.zero	4
	.type	c, @object
	.size	c, 4
c:
	.zero	4
	.ident	"GCC: (GNU) 4.6.3"
	.section	.note.GNU-stack,"",@progbits

Re: Regression in kernel 4.12-rc1 for Powerpc 32 - bisected to commit 3448890c32c3

[Michael Ellerman]

Larry Finger <Larry.Finger@lwfinger.net> writes:

> On 06/23/2017 03:29 PM, Al Viro wrote:
>> On Fri, Jun 23, 2017 at 01:49:16PM -0500, Larry Finger wrote:
>> 
>>>> BTW, could you try to check what happens if you kill the
>>>> 	if (__builtin_constant_p(n) && (n <= 8))
>>>> bits in raw_copy_{to,from}_user()?  The usefulness of those (in __copy_from_user()
>>>> originally) had always been dubious and the things are simpler without them.
>>>> If _that_ turns out to cure breakage, I would be very surprised, though.
>>>>
>>> Sorry I was gone so long. Installing jessie on this box resulted in a crash
>>> on boot. Lubuntu 14.04 yielded a desktop with a functioning cursor, but
>>> nothing else. Finally, Ubuntu 12.04 resulted in a working system. I hate
>>> Unity, but I guess I'm stuck for now.
>> 
>> Ho-hum...  Jessie is 3.16, so whatever is crashing there, it's something
>> different...  Ubuntu 12.04 is what, 3.2?
>> 
>>> I know how easy it is to screw up a long bisection by booting the wrong
>>> kernel. To help that problem and to work around the yaconf/yboot nonsense on
>>> the MAC, my /etc/yaconf has always had generic kernel stanzas with only
>>> default, old, and original kernels mentioned. From there I use a local
>>> script to finish a kernel installation by moving the default links to the
>>> old ones and creating the new default links pointing to the current kernel.
>>> With those long-tested scripts, I'm sure that I am booting the one I want.
>>>
>>> With the new installation, kernel 4.12-rc6 failed, as did 3448890c with the
>>> backported 46f401c4 added.
>>>
>>> Replacing "if (__builtin_constant_p(n) && (n <= 8))" with "if (0)" had no effect.
>> 
>> OK, that simplifies things a bit.  Just to make sure we are on the same page:
>> 
>> * f2ed8bebee69 + cherry-pick of 46f401c4 boots (Ubuntu 12.04 userland)
>> * 3448890c32c3 + cherry-pick of 46f401c4 fails (Ubuntu 12.04 userland), ditto
>>    with removal of constant-size bits in raw_copy_..._user().  Failure appears
>>    to be on udev getting EFAULT on some syscalls.
>> * straight Ubuntu 12.04 works
>> * jessie crashes on boot.
>
> I made a break through. If I turn off inline copy to/from users for 32-bit ppc 
> with the following patch, then the system boots:
>
> diff --git a/arch/powerpc/include/asm/uaccess.h b/arch/powerpc/include/asm/uaccess.h
> index 5c0d8a8cdae5..1e6a8723f497 100644
> --- a/arch/powerpc/include/asm/uaccess.h
> +++ b/arch/powerpc/include/asm/uaccess.h
> @@ -267,12 +267,7 @@ do { 
>         \
>   extern unsigned long __copy_tofrom_user(void __user *to,
>                  const void __user *from, unsigned long size);
>
> -#ifndef __powerpc64__
> -
> -#define INLINE_COPY_FROM_USER
> -#define INLINE_COPY_TO_USE
> -
> -#else /* __powerpc64__ */
> +#ifdef __powerpc64__
>
>   static inline unsigned long
>   raw_copy_in_user(void __user *to, const void __user *from, unsigned long n)

Thanks for debugging this.

I just sent a fix based on the above. Let me know if it doesn't work for
you.

cheers