[PATCH] powerpc/book3s64/radix: Avoid WARN_ON in destroy_context

[PATCH] powerpc/book3s64/radix: Avoid WARN_ON in destroy_context

[Aneesh Kumar K.V]

On failed task initialization due to memory allocation failures,
we can call into destroy_context with process_tb entry set. This patch
forces the process_tb entry to zero in destroy_context. With
this patch, we lose the ability to track if we are destroying a context
without flushing the process table entry.

 WARNING: CPU: 4 PID: 6368 at arch/powerpc/mm/mmu_context_book3s64.c:246 destroy_context+0x58/0x340
 NIP [c0000000000875f8] destroy_context+0x58/0x340
 LR [c00000000013da18] __mmdrop+0x78/0x270
 Call Trace:
 [c000000f7db77c80] [c00000000013da18] __mmdrop+0x78/0x270
 [c000000f7db77cf0] [c0000000004d6a34] __do_execve_file.isra.13+0xbd4/0x1000
 [c000000f7db77e00] [c0000000004d7428] sys_execve+0x58/0x70
 [c000000f7db77e30] [c00000000000b388] system_call+0x5c/0x70

Reported-by: Priya M.A <priyama2@in.ibm.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
---
 arch/powerpc/mm/book3s64/mmu_context.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/arch/powerpc/mm/book3s64/mmu_context.c b/arch/powerpc/mm/book3s64/mmu_context.c
index 2d0cb5ba9a47..3a0f5ab190ec 100644
--- a/arch/powerpc/mm/book3s64/mmu_context.c
+++ b/arch/powerpc/mm/book3s64/mmu_context.c
@@ -256,8 +256,18 @@ void destroy_context(struct mm_struct *mm)
 #ifdef CONFIG_SPAPR_TCE_IOMMU
 	WARN_ON_ONCE(!list_empty(&mm->context.iommu_group_mem_list));
 #endif
+	/* For tasks which were successfully initialized we would end up
+	 * calling arch_exit_mmap which clears the process table entry.
+	 * arch_exit_mmap get called before the required fullmm tlb flush
+	 * which does a RIC=2 flush. Hence for an initialized task, we do
+	 * clear any cached process table entry. The condition below handles
+	 * the error case during task init. We do set the process table entry
+	 * early and if we fail a task initialization, we need to ensure
+	 * the process table entry is zeroed. We need not worry about process
+	 * table entry caches because the task never ran with the PID value.
+	 */
 	if (radix_enabled())
-		WARN_ON(process_tb[mm->context.id].prtb0 != 0);
+		process_tb[mm->context.id].prtb0 = 0;
 	else
 		subpage_prot_free(mm);
 	destroy_contexts(&mm->context);
-- 
2.21.0

Re: [PATCH] powerpc/book3s64/radix: Avoid WARN_ON in destroy_context

[Michael Ellerman]

On Wed, 2019-09-18 at 14:01:03 UTC, "Aneesh Kumar K.V" wrote:
> On failed task initialization due to memory allocation failures,
> we can call into destroy_context with process_tb entry set. This patch
> forces the process_tb entry to zero in destroy_context. With
> this patch, we lose the ability to track if we are destroying a context
> without flushing the process table entry.
> 
>  WARNING: CPU: 4 PID: 6368 at arch/powerpc/mm/mmu_context_book3s64.c:246 destroy_context+0x58/0x340
>  NIP [c0000000000875f8] destroy_context+0x58/0x340
>  LR [c00000000013da18] __mmdrop+0x78/0x270
>  Call Trace:
>  [c000000f7db77c80] [c00000000013da18] __mmdrop+0x78/0x270
>  [c000000f7db77cf0] [c0000000004d6a34] __do_execve_file.isra.13+0xbd4/0x1000
>  [c000000f7db77e00] [c0000000004d7428] sys_execve+0x58/0x70
>  [c000000f7db77e30] [c00000000000b388] system_call+0x5c/0x70
> 
> Reported-by: Priya M.A <priyama2@in.ibm.com>
> Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>

Applied to powerpc fixes, thanks.

https://git.kernel.org/powerpc/c/7aec584eaf1cc1a527dcbe7d80f2e44e3bfcfe1d

cheers