* [PATCH] powerpc/mm: Prevent unlikely crash in copro_calculate_slb()
@ 2016-06-17 16:53 Frederic Barrat
2016-06-21 4:25 ` Ian Munsie
` (2 more replies)
0 siblings, 3 replies; 7+ messages in thread
From: Frederic Barrat @ 2016-06-17 16:53 UTC (permalink / raw)
To: linuxppc-dev; +Cc: imunsie, mikey
If a cxl adapter faults on an invalid address for a kernel context, we
may enter copro_calculate_slb() with a NULL mm pointer (kernel
context) and an effective address which looks like a user
address. Which will cause a crash when dereferencing mm. It is clearly
an AFU bug, but there's no reason to crash either. So return an error,
so that cxl can ack the interrupt with an address error.
Signed-off-by: Frederic Barrat <fbarrat@linux.vnet.ibm.com>
Cc: <stable@vger.kernel.org>
---
arch/powerpc/mm/copro_fault.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/powerpc/mm/copro_fault.c b/arch/powerpc/mm/copro_fault.c
index 6527882..ddfd274 100644
--- a/arch/powerpc/mm/copro_fault.c
+++ b/arch/powerpc/mm/copro_fault.c
@@ -106,6 +106,8 @@ int copro_calculate_slb(struct mm_struct *mm, u64 ea, struct copro_slb *slb)
switch (REGION_ID(ea)) {
case USER_REGION_ID:
pr_devel("%s: 0x%llx -- USER_REGION_ID\n", __func__, ea);
+ if (mm == NULL)
+ return 1;
psize = get_slice_psize(mm, ea);
ssize = user_segment_size(ea);
vsid = get_vsid(mm->context.id, ea, ssize);
--
2.7.4
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH] powerpc/mm: Prevent unlikely crash in copro_calculate_slb()
2016-06-17 16:53 [PATCH] powerpc/mm: Prevent unlikely crash in copro_calculate_slb() Frederic Barrat
@ 2016-06-21 4:25 ` Ian Munsie
2016-10-12 14:14 ` Frederic Barrat
2016-10-21 22:02 ` Michael Ellerman
2 siblings, 0 replies; 7+ messages in thread
From: Ian Munsie @ 2016-06-21 4:25 UTC (permalink / raw)
To: Frederic Barrat; +Cc: linuxppc-dev, mikey
Acked-by: Ian Munsie <imunsie@au1.ibm.com>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] powerpc/mm: Prevent unlikely crash in copro_calculate_slb()
2016-06-17 16:53 [PATCH] powerpc/mm: Prevent unlikely crash in copro_calculate_slb() Frederic Barrat
2016-06-21 4:25 ` Ian Munsie
@ 2016-10-12 14:14 ` Frederic Barrat
2016-10-13 10:51 ` Michael Ellerman
2016-10-21 22:02 ` Michael Ellerman
2 siblings, 1 reply; 7+ messages in thread
From: Frederic Barrat @ 2016-10-12 14:14 UTC (permalink / raw)
To: linuxppc-dev
ping? The patch still applies cleanly on recent trees.
Fred
Le 17/06/2016 à 18:53, Frederic Barrat a écrit :
> If a cxl adapter faults on an invalid address for a kernel context, we
> may enter copro_calculate_slb() with a NULL mm pointer (kernel
> context) and an effective address which looks like a user
> address. Which will cause a crash when dereferencing mm. It is clearly
> an AFU bug, but there's no reason to crash either. So return an error,
> so that cxl can ack the interrupt with an address error.
>
> Signed-off-by: Frederic Barrat <fbarrat@linux.vnet.ibm.com>
> Cc: <stable@vger.kernel.org>
> ---
> arch/powerpc/mm/copro_fault.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/arch/powerpc/mm/copro_fault.c b/arch/powerpc/mm/copro_fault.c
> index 6527882..ddfd274 100644
> --- a/arch/powerpc/mm/copro_fault.c
> +++ b/arch/powerpc/mm/copro_fault.c
> @@ -106,6 +106,8 @@ int copro_calculate_slb(struct mm_struct *mm, u64 ea, struct copro_slb *slb)
> switch (REGION_ID(ea)) {
> case USER_REGION_ID:
> pr_devel("%s: 0x%llx -- USER_REGION_ID\n", __func__, ea);
> + if (mm == NULL)
> + return 1;
> psize = get_slice_psize(mm, ea);
> ssize = user_segment_size(ea);
> vsid = get_vsid(mm->context.id, ea, ssize);
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] powerpc/mm: Prevent unlikely crash in copro_calculate_slb()
2016-10-12 14:14 ` Frederic Barrat
@ 2016-10-13 10:51 ` Michael Ellerman
2016-10-13 11:54 ` Frederic Barrat
0 siblings, 1 reply; 7+ messages in thread
From: Michael Ellerman @ 2016-10-13 10:51 UTC (permalink / raw)
To: Frederic Barrat, linuxppc-dev
Frederic Barrat <fbarrat@linux.vnet.ibm.com> writes:
> ping? The patch still applies cleanly on recent trees.
Fell through the cracks :/
Fixes: ?
cheers
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] powerpc/mm: Prevent unlikely crash in copro_calculate_slb()
2016-10-13 10:51 ` Michael Ellerman
@ 2016-10-13 11:54 ` Frederic Barrat
2016-10-14 0:41 ` Michael Ellerman
0 siblings, 1 reply; 7+ messages in thread
From: Frederic Barrat @ 2016-10-13 11:54 UTC (permalink / raw)
To: Michael Ellerman, linuxppc-dev
Le 13/10/2016 à 12:51, Michael Ellerman a écrit :
> Frederic Barrat <fbarrat@linux.vnet.ibm.com> writes:
>
>> ping? The patch still applies cleanly on recent trees.
>
> Fell through the cracks :/
>
> Fixes: ?
Nothing obvious. Current code was introduced by
73d16a6e0e51990cbe13f8d8f43bd5329bbab30a
but it was apparently moved from cell, where the issue may not have
applied, I don't know. I guess we should use that id if really needed:
Fixes: 73d16a6e0e51 ("powerpc/cell: Move data segment faulting code out
of cell platform")
Fred
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] powerpc/mm: Prevent unlikely crash in copro_calculate_slb()
2016-10-13 11:54 ` Frederic Barrat
@ 2016-10-14 0:41 ` Michael Ellerman
0 siblings, 0 replies; 7+ messages in thread
From: Michael Ellerman @ 2016-10-14 0:41 UTC (permalink / raw)
To: Frederic Barrat, linuxppc-dev
Frederic Barrat <fbarrat@linux.vnet.ibm.com> writes:
> Le 13/10/2016 =C3=A0 12:51, Michael Ellerman a =C3=A9crit :
>> Frederic Barrat <fbarrat@linux.vnet.ibm.com> writes:
>>
>>> ping? The patch still applies cleanly on recent trees.
>>
>> Fell through the cracks :/
>>
>> Fixes: ?
>
> Nothing obvious. Current code was introduced by=20
> 73d16a6e0e51990cbe13f8d8f43bd5329bbab30a
> but it was apparently moved from cell, where the issue may not have=20
> applied, I don't know. I guess we should use that id if really needed:
>
> Fixes: 73d16a6e0e51 ("powerpc/cell: Move data segment faulting code out o=
f cell platform")
Yeah that works, it allows us to mechanically determine that "if you
have backported 73d16a6e0e51 then you need this fix", which can be
useful.
cheers
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: powerpc/mm: Prevent unlikely crash in copro_calculate_slb()
2016-06-17 16:53 [PATCH] powerpc/mm: Prevent unlikely crash in copro_calculate_slb() Frederic Barrat
2016-06-21 4:25 ` Ian Munsie
2016-10-12 14:14 ` Frederic Barrat
@ 2016-10-21 22:02 ` Michael Ellerman
2 siblings, 0 replies; 7+ messages in thread
From: Michael Ellerman @ 2016-10-21 22:02 UTC (permalink / raw)
To: Frederic Barrat, linuxppc-dev; +Cc: mikey, imunsie
On Fri, 2016-17-06 at 16:53:28 UTC, Frederic Barrat wrote:
> If a cxl adapter faults on an invalid address for a kernel context, we
> may enter copro_calculate_slb() with a NULL mm pointer (kernel
> context) and an effective address which looks like a user
> address. Which will cause a crash when dereferencing mm. It is clearly
> an AFU bug, but there's no reason to crash either. So return an error,
> so that cxl can ack the interrupt with an address error.
>
> Signed-off-by: Frederic Barrat <fbarrat@linux.vnet.ibm.com>
> Cc: <stable@vger.kernel.org>
> Acked-by: Ian Munsie <imunsie@au1.ibm.com>
Applied to powerpc fixes, thanks.
https://git.kernel.org/powerpc/c/d2cf909cda5f8c5609cb7ed6cda816
cheers
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2016-10-21 22:02 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-06-17 16:53 [PATCH] powerpc/mm: Prevent unlikely crash in copro_calculate_slb() Frederic Barrat
2016-06-21 4:25 ` Ian Munsie
2016-10-12 14:14 ` Frederic Barrat
2016-10-13 10:51 ` Michael Ellerman
2016-10-13 11:54 ` Frederic Barrat
2016-10-14 0:41 ` Michael Ellerman
2016-10-21 22:02 ` Michael Ellerman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).