Re: [PATCH v2 1/2] maple_tree: Disable mas_wr_append() when other readers are possible

linuxppc-dev.lists.ozlabs.org archive mirror
 help / color / mirror / Atom feed

* Re: [PATCH v2 1/2] maple_tree: Disable mas_wr_append() when other readers are possible
       [not found] ` <20230819004356.1454718-2-Liam.Howlett@oracle.com>
@ 2023-08-30 19:49   ` Andreas Schwab
  2023-08-31  5:37     ` Michael Ellerman
  2023-09-12 18:15     ` Andreas Schwab
  0 siblings, 2 replies; 6+ messages in thread
From: Andreas Schwab @ 2023-08-30 19:49 UTC (permalink / raw)
  To: Liam R. Howlett
  Cc: linux-kernel, stable, maple-tree, linux-mm, Andrew Morton,
	linuxppc-dev

This breaks booting on ppc32:

Kernel attemptd to writ user page (1ff0) - exploit attempt? (uid: 0)
BUG: Unable to handle kernel data access on write at 0x00001ff0
Faulting instruction address: 0xc0009554
Vector: 300 (Data Access) at [c0b09d10]
    pc: c0009554: do_softirq_own_stack+0x18/0x30
    lr: c004f480: __irq_exit_rcu+0x70/0xc0
    sp: c0b09dd0
   msr: 1032
   dar: 1ff0
 dsisr: 42000000
  current = 0xc0a08360
    pid   = 0, comm = swapper
Linux version 6.5.0 ...
enter ? for help
[c0b09de0] c00ff480 __irq_exit_rcu+0x70/0xc0
[c0b09df0] c0005a98 Decrementer_virt+0x108/0x10c
--- Exception: 900 (Decrementer) at c06cfa0c __schedule+0x4fc/0x510
[c0b09ec0] c06cf75c __schedule+0x1cc/0x510 (unreliable)
[c0b09ef0] c06cfc90 __cond_resched+0x2c/0x54
[c0b09f00] c06d07f8 mutex_lock_killable+0x18/0x5c
[c0b09f10] c013c404 pcpu_alloc+0x110/0x4dc
[c0b09f70] c000cc34 alloc_descr.isra.18+0x48/0x144
[c0b09f90] c0988aa0 early_irq_init+0x64/0x8c
[c0b09fa0] c097a5a4 start_kernel+0x5b4/0x7b0
[c0b09ff0] 00003dc0
mon>

-- 
Andreas Schwab, schwab@linux-m68k.org
GPG Key fingerprint = 7578 EB47 D4E5 4D69 2510  2552 DF73 E780 A9DA AEC1
"And now for something completely different."

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH v2 1/2] maple_tree: Disable mas_wr_append() when other readers are possible
  2023-08-30 19:49   ` [PATCH v2 1/2] maple_tree: Disable mas_wr_append() when other readers are possible Andreas Schwab
@ 2023-08-31  5:37     ` Michael Ellerman
  2023-08-31 19:01       ` Andreas Schwab
  2023-09-12 18:15     ` Andreas Schwab
  1 sibling, 1 reply; 6+ messages in thread
From: Michael Ellerman @ 2023-08-31  5:37 UTC (permalink / raw)
  To: Andreas Schwab, Liam R. Howlett
  Cc: linux-kernel, stable, maple-tree, linux-mm, Andrew Morton,
	linuxppc-dev

Andreas Schwab <schwab@linux-m68k.org> writes:
> This breaks booting on ppc32:

Does enabling CONFIG_DEBUG_ATOMIC_SLEEP fix the crash? It did for me on
qemu.

cheers

> Kernel attemptd to writ user page (1ff0) - exploit attempt? (uid: 0)
> BUG: Unable to handle kernel data access on write at 0x00001ff0
> Faulting instruction address: 0xc0009554
> Vector: 300 (Data Access) at [c0b09d10]
>     pc: c0009554: do_softirq_own_stack+0x18/0x30
>     lr: c004f480: __irq_exit_rcu+0x70/0xc0
>     sp: c0b09dd0
>    msr: 1032
>    dar: 1ff0
>  dsisr: 42000000
>   current = 0xc0a08360
>     pid   = 0, comm = swapper
> Linux version 6.5.0 ...
> enter ? for help
> [c0b09de0] c00ff480 __irq_exit_rcu+0x70/0xc0
> [c0b09df0] c0005a98 Decrementer_virt+0x108/0x10c
> --- Exception: 900 (Decrementer) at c06cfa0c __schedule+0x4fc/0x510
> [c0b09ec0] c06cf75c __schedule+0x1cc/0x510 (unreliable)
> [c0b09ef0] c06cfc90 __cond_resched+0x2c/0x54
> [c0b09f00] c06d07f8 mutex_lock_killable+0x18/0x5c
> [c0b09f10] c013c404 pcpu_alloc+0x110/0x4dc
> [c0b09f70] c000cc34 alloc_descr.isra.18+0x48/0x144
> [c0b09f90] c0988aa0 early_irq_init+0x64/0x8c
> [c0b09fa0] c097a5a4 start_kernel+0x5b4/0x7b0
> [c0b09ff0] 00003dc0
> mon>
>
> -- 
> Andreas Schwab, schwab@linux-m68k.org
> GPG Key fingerprint = 7578 EB47 D4E5 4D69 2510  2552 DF73 E780 A9DA AEC1
> "And now for something completely different."

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH v2 1/2] maple_tree: Disable mas_wr_append() when other readers are possible
  2023-08-31  5:37     ` Michael Ellerman
@ 2023-08-31 19:01       ` Andreas Schwab
  0 siblings, 0 replies; 6+ messages in thread
From: Andreas Schwab @ 2023-08-31 19:01 UTC (permalink / raw)
  To: Michael Ellerman
  Cc: linux-kernel, stable, maple-tree, linux-mm, Liam R. Howlett,
	Andrew Morton, linuxppc-dev

On Aug 31 2023, Michael Ellerman wrote:

> Andreas Schwab <schwab@linux-m68k.org> writes:
>> This breaks booting on ppc32:
>
> Does enabling CONFIG_DEBUG_ATOMIC_SLEEP fix the crash?

Yes, it does.

-- 
Andreas Schwab, schwab@linux-m68k.org
GPG Key fingerprint = 7578 EB47 D4E5 4D69 2510  2552 DF73 E780 A9DA AEC1
"And now for something completely different."

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH v2 1/2] maple_tree: Disable mas_wr_append() when other readers are possible
  2023-08-30 19:49   ` [PATCH v2 1/2] maple_tree: Disable mas_wr_append() when other readers are possible Andreas Schwab
  2023-08-31  5:37     ` Michael Ellerman
@ 2023-09-12 18:15     ` Andreas Schwab
  2023-09-12 19:09       ` Liam R. Howlett
  1 sibling, 1 reply; 6+ messages in thread
From: Andreas Schwab @ 2023-09-12 18:15 UTC (permalink / raw)
  To: Liam R. Howlett
  Cc: linux-kernel, stable, maple-tree, linux-mm, Andrew Morton,
	linuxppc-dev

Any news?  This is still broken.

-- 
Andreas Schwab, schwab@linux-m68k.org
GPG Key fingerprint = 7578 EB47 D4E5 4D69 2510  2552 DF73 E780 A9DA AEC1
"And now for something completely different."

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH v2 1/2] maple_tree: Disable mas_wr_append() when other readers are possible
  2023-09-12 18:15     ` Andreas Schwab
@ 2023-09-12 19:09       ` Liam R. Howlett
  2023-09-12 20:01         ` Andreas Schwab
  0 siblings, 1 reply; 6+ messages in thread
From: Liam R. Howlett @ 2023-09-12 19:09 UTC (permalink / raw)
  To: Andreas Schwab
  Cc: linux-kernel, stable, maple-tree, linux-mm, Geert Uytterhoeven,
	Andrew Morton, linuxppc-dev

[-- Attachment #1: Type: text/plain, Size: 268 bytes --]

* Andreas Schwab <schwab@linux-m68k.org> [230912 14:15]:
> Any news?  This is still broken.

I have a proposed fix.  I seem to have caused a pre-existing problem to
show up.  Please see if the attached works for you, and I'll send it
to a lot of people.

Thanks,
Liam

[-- Attachment #2: 0001-init-main-Clear-boot-task-idle-flag.patch --]
[-- Type: text/x-diff, Size: 1607 bytes --]

From 9ef8f834bb0342dc26464b9dd0165929d3e6a7e5 Mon Sep 17 00:00:00 2001
From: "Liam R. Howlett" <Liam.Howlett@oracle.com>
Date: Tue, 12 Sep 2023 13:45:29 -0400
Subject: [PATCH] init/main: Clear boot task idle flag

Initial booting was setting the task flag to idle (PF_IDLE) by the call
path sched_init() -> init_idle().  Having the task idle and calling
call_rcu() in kernel/rcu/tiny.c means that TIF_NEED_RESCHED will be
enabled.  Subsequent calls to any cond_resched() will enable IRQs,
potentially earlier than the enabling of IRQs.

This causes a warning later in start_kernel() as interrupts are enabled
before the are fully set up.

Fix this issue by clearing the PF_IDLE flag on return from sched_init()
and restore the flag in rest_init().

Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com>
---
 init/main.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/init/main.c b/init/main.c
index ad920fac325c..46b35be8f00a 100644
--- a/init/main.c
+++ b/init/main.c
@@ -696,7 +696,7 @@ noinline void __ref __noreturn rest_init(void)
 	 */
 	rcu_read_lock();
 	tsk = find_task_by_pid_ns(pid, &init_pid_ns);
-	tsk->flags |= PF_NO_SETAFFINITY;
+	tsk->flags |= PF_NO_SETAFFINITY | PF_IDLE;
 	set_cpus_allowed_ptr(tsk, cpumask_of(smp_processor_id()));
 	rcu_read_unlock();
 
@@ -938,6 +938,7 @@ void start_kernel(void)
 	 * time - but meanwhile we still have a functioning scheduler.
 	 */
 	sched_init();
+	current->flags &= ~PF_IDLE;
 
 	if (WARN(!irqs_disabled(),
 		 "Interrupts were enabled *very* early, fixing it\n"))
-- 
2.39.2


^ permalink raw reply related	[flat|nested] 6+ messages in thread

* Re: [PATCH v2 1/2] maple_tree: Disable mas_wr_append() when other readers are possible
  2023-09-12 19:09       ` Liam R. Howlett
@ 2023-09-12 20:01         ` Andreas Schwab
  0 siblings, 0 replies; 6+ messages in thread
From: Andreas Schwab @ 2023-09-12 20:01 UTC (permalink / raw)
  To: Liam R. Howlett
  Cc: linux-kernel, stable, maple-tree, linux-mm, Geert Uytterhoeven,
	Andrew Morton, linuxppc-dev

On Sep 12 2023, Liam R. Howlett wrote:

> * Andreas Schwab <schwab@linux-m68k.org> [230912 14:15]:
>> Any news?  This is still broken.
>
> I have a proposed fix.  I seem to have caused a pre-existing problem to
> show up.  Please see if the attached works for you, and I'll send it
> to a lot of people.

Thanks, it fixes the issue for me (tested both 6.5 and 6.6-rc1).

-- 
Andreas Schwab, schwab@linux-m68k.org
GPG Key fingerprint = 7578 EB47 D4E5 4D69 2510  2552 DF73 E780 A9DA AEC1
"And now for something completely different."

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2023-09-12 20:02 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <20230819004356.1454718-1-Liam.Howlett@oracle.com>
     [not found] ` <20230819004356.1454718-2-Liam.Howlett@oracle.com>
2023-08-30 19:49   ` [PATCH v2 1/2] maple_tree: Disable mas_wr_append() when other readers are possible Andreas Schwab
2023-08-31  5:37     ` Michael Ellerman
2023-08-31 19:01       ` Andreas Schwab
2023-09-12 18:15     ` Andreas Schwab
2023-09-12 19:09       ` Liam R. Howlett
2023-09-12 20:01         ` Andreas Schwab

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).