[PATCH] powerpc: booke: fix boot crash due to null hugepd

[PATCH] powerpc: booke: fix boot crash due to null hugepd

[laurentiu.tudor]

From: Laurentiu Tudor <laurentiu.tudor@nxp.com>

On 32-bit book-e machines, hugepd_ok() does not take
into account null hugepd values, causing this crash at boot:

Unable to handle kernel paging request for data at address 0x80000000
Faulting instruction address: 0xc00182a8
Oops: Kernel access of bad area, sig: 11 [#1]
SMP NR_CPUS=24
CoreNet Generic
Modules linked in:
CPU: 1 PID: 1 Comm: swapper/0 Tainted: G        W       4.10.0-rc8-00016-g69b1f87 #11
task: e5050000 task.stack: e5058000
NIP: c00182a8 LR: c001829c CTR: 00007ffe
REGS: e5059c50 TRAP: 0300   Tainted: G        W        (4.10.0-rc8-00016-g69b1f87)
MSR: 00021002 <CE,ME>
  CR: 88428e82  XER: 00000000
DEAR: 80000000 ESR: 00000000
GPR00: c0107510 e5059d00 e5050000 80000000 bffffff1 e5059d0c e5059d08 00002017
GPR08: 00000000 00000000 00000000 00000000 28428e82 00000000 c00027d0 00000000
GPR16: 00000000 00000000 88a28e82 20000000 48422e82 00000000 88a28e84 dd004000
GPR24: e5059e38 00000000 00000000 bffffff1 dd004000 00000001 00029002 bffffff1
NIP [c00182a8] follow_huge_addr+0x38/0xf0
LR [c001829c] follow_huge_addr+0x2c/0xf0
Call Trace:
[e5059d00] [e5059d00] 0xe5059d00 (unreliable)
[e5059d20] [c0107510] follow_page_mask+0x40/0x3c0
[e5059d80] [c0107958] __get_user_pages+0xc8/0x420
[e5059de0] [c010817c] get_user_pages_remote+0x8c/0x230
[e5059e30] [c013f170] copy_strings+0x110/0x3a0
[e5059ea0] [c013f42c] copy_strings_kernel+0x2c/0x50
[e5059ec0] [c0141324] do_execveat_common+0x474/0x620
[e5059f10] [c01414fc] do_execve+0x2c/0x40
[e5059f20] [c0001f68] try_to_run_init_process+0x18/0x60
[e5059f30] [c000289c] kernel_init+0xcc/0x120
[e5059f40] [c000f1e8] ret_from_kernel_thread+0x5c/0x64
Instruction dump:
bfc10018 7c9f2378 90010024 7fc000a6 7c000146 80630020 38a1000c 38c10008
4bfff869 2c030000 41c20090 81210008 <81430000> 81630004 3860ffea 2f890000
---[ end trace 4bf94e15fd9fa824 ]---

This impacts all nxp (ex-freescale) 32-bit booke platforms.

Fixes: 20717e1ff526 ("powerpc/mm: Fix little-endian 4K hugetlb")

Reported-by: Madalin-Cristian Bucur <madalin.bucur@nxp.com>
Signed-off-by: Laurentiu Tudor <laurentiu.tudor@nxp.com>
---
 arch/powerpc/include/asm/nohash/pgtable.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/powerpc/include/asm/nohash/pgtable.h b/arch/powerpc/include/asm/nohash/pgtable.h
index 0cd8a38..e5805ad 100644
--- a/arch/powerpc/include/asm/nohash/pgtable.h
+++ b/arch/powerpc/include/asm/nohash/pgtable.h
@@ -230,7 +230,7 @@ static inline int hugepd_ok(hugepd_t hpd)
 	return ((hpd_val(hpd) & 0x4) != 0);
 #else
 	/* We clear the top bit to indicate hugepd */
-	return ((hpd_val(hpd) & PD_HUGE) ==  0);
+	return (hpd_val(hpd) && (hpd_val(hpd) & PD_HUGE) == 0);
 #endif
 }
 
-- 
1.8.3.1

[PATCH] powerpc: booke: fix boot crash due to null hugepd

[laurentiu.tudor at nxp.com]

From: Laurentiu Tudor <laurentiu.tudor@nxp.com>

On 32-bit book-e machines, hugepd_ok() does not take
into account null hugepd values, causing this crash at boot:

Unable to handle kernel paging request for data at address 0x80000000
Faulting instruction address: 0xc00182a8
Oops: Kernel access of bad area, sig: 11 [#1]
SMP NR_CPUS=24
CoreNet Generic
Modules linked in:
CPU: 1 PID: 1 Comm: swapper/0 Tainted: G        W       4.10.0-rc8-00016-g69b1f87 #11
task: e5050000 task.stack: e5058000
NIP: c00182a8 LR: c001829c CTR: 00007ffe
REGS: e5059c50 TRAP: 0300   Tainted: G        W        (4.10.0-rc8-00016-g69b1f87)
MSR: 00021002 <CE,ME>
  CR: 88428e82  XER: 00000000
DEAR: 80000000 ESR: 00000000
GPR00: c0107510 e5059d00 e5050000 80000000 bffffff1 e5059d0c e5059d08 00002017
GPR08: 00000000 00000000 00000000 00000000 28428e82 00000000 c00027d0 00000000
GPR16: 00000000 00000000 88a28e82 20000000 48422e82 00000000 88a28e84 dd004000
GPR24: e5059e38 00000000 00000000 bffffff1 dd004000 00000001 00029002 bffffff1
NIP [c00182a8] follow_huge_addr+0x38/0xf0
LR [c001829c] follow_huge_addr+0x2c/0xf0
Call Trace:
[e5059d00] [e5059d00] 0xe5059d00 (unreliable)
[e5059d20] [c0107510] follow_page_mask+0x40/0x3c0
[e5059d80] [c0107958] __get_user_pages+0xc8/0x420
[e5059de0] [c010817c] get_user_pages_remote+0x8c/0x230
[e5059e30] [c013f170] copy_strings+0x110/0x3a0
[e5059ea0] [c013f42c] copy_strings_kernel+0x2c/0x50
[e5059ec0] [c0141324] do_execveat_common+0x474/0x620
[e5059f10] [c01414fc] do_execve+0x2c/0x40
[e5059f20] [c0001f68] try_to_run_init_process+0x18/0x60
[e5059f30] [c000289c] kernel_init+0xcc/0x120
[e5059f40] [c000f1e8] ret_from_kernel_thread+0x5c/0x64
Instruction dump:
bfc10018 7c9f2378 90010024 7fc000a6 7c000146 80630020 38a1000c 38c10008
4bfff869 2c030000 41c20090 81210008 <81430000> 81630004 3860ffea 2f890000
---[ end trace 4bf94e15fd9fa824 ]---

This impacts all nxp (ex-freescale) 32-bit booke platforms.

Fixes: 20717e1ff526 ("powerpc/mm: Fix little-endian 4K hugetlb")

Reported-by: Madalin-Cristian Bucur <madalin.bucur@nxp.com>
Signed-off-by: Laurentiu Tudor <laurentiu.tudor@nxp.com>
---
 arch/powerpc/include/asm/nohash/pgtable.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/powerpc/include/asm/nohash/pgtable.h b/arch/powerpc/include/asm/nohash/pgtable.h
index 0cd8a38..e5805ad 100644
--- a/arch/powerpc/include/asm/nohash/pgtable.h
+++ b/arch/powerpc/include/asm/nohash/pgtable.h
@@ -230,7 +230,7 @@ static inline int hugepd_ok(hugepd_t hpd)
 	return ((hpd_val(hpd) & 0x4) != 0);
 #else
 	/* We clear the top bit to indicate hugepd */
-	return ((hpd_val(hpd) & PD_HUGE) ==  0);
+	return (hpd_val(hpd) && (hpd_val(hpd) & PD_HUGE) == 0);
 #endif
 }
 
-- 
1.8.3.1

Re: [PATCH] powerpc: booke: fix boot crash due to null hugepd

[Greg KH]

On Tue, May 16, 2017 at 09:47:52AM -0500, laurentiu.tudor@nxp.com wrote:
> From: Laurentiu Tudor <laurentiu.tudor@nxp.com>
> 
> On 32-bit book-e machines, hugepd_ok() does not take
> into account null hugepd values, causing this crash at boot:
> 
> Unable to handle kernel paging request for data at address 0x80000000
> Faulting instruction address: 0xc00182a8
> Oops: Kernel access of bad area, sig: 11 [#1]
> SMP NR_CPUS=24
> CoreNet Generic
> Modules linked in:
> CPU: 1 PID: 1 Comm: swapper/0 Tainted: G        W       4.10.0-rc8-00016-g69b1f87 #11
> task: e5050000 task.stack: e5058000
> NIP: c00182a8 LR: c001829c CTR: 00007ffe
> REGS: e5059c50 TRAP: 0300   Tainted: G        W        (4.10.0-rc8-00016-g69b1f87)
> MSR: 00021002 <CE,ME>
>   CR: 88428e82  XER: 00000000
> DEAR: 80000000 ESR: 00000000
> GPR00: c0107510 e5059d00 e5050000 80000000 bffffff1 e5059d0c e5059d08 00002017
> GPR08: 00000000 00000000 00000000 00000000 28428e82 00000000 c00027d0 00000000
> GPR16: 00000000 00000000 88a28e82 20000000 48422e82 00000000 88a28e84 dd004000
> GPR24: e5059e38 00000000 00000000 bffffff1 dd004000 00000001 00029002 bffffff1
> NIP [c00182a8] follow_huge_addr+0x38/0xf0
> LR [c001829c] follow_huge_addr+0x2c/0xf0
> Call Trace:
> [e5059d00] [e5059d00] 0xe5059d00 (unreliable)
> [e5059d20] [c0107510] follow_page_mask+0x40/0x3c0
> [e5059d80] [c0107958] __get_user_pages+0xc8/0x420
> [e5059de0] [c010817c] get_user_pages_remote+0x8c/0x230
> [e5059e30] [c013f170] copy_strings+0x110/0x3a0
> [e5059ea0] [c013f42c] copy_strings_kernel+0x2c/0x50
> [e5059ec0] [c0141324] do_execveat_common+0x474/0x620
> [e5059f10] [c01414fc] do_execve+0x2c/0x40
> [e5059f20] [c0001f68] try_to_run_init_process+0x18/0x60
> [e5059f30] [c000289c] kernel_init+0xcc/0x120
> [e5059f40] [c000f1e8] ret_from_kernel_thread+0x5c/0x64
> Instruction dump:
> bfc10018 7c9f2378 90010024 7fc000a6 7c000146 80630020 38a1000c 38c10008
> 4bfff869 2c030000 41c20090 81210008 <81430000> 81630004 3860ffea 2f890000
> ---[ end trace 4bf94e15fd9fa824 ]---
> 
> This impacts all nxp (ex-freescale) 32-bit booke platforms.
> 
> Fixes: 20717e1ff526 ("powerpc/mm: Fix little-endian 4K hugetlb")
> 
> Reported-by: Madalin-Cristian Bucur <madalin.bucur@nxp.com>
> Signed-off-by: Laurentiu Tudor <laurentiu.tudor@nxp.com>
> ---
>  arch/powerpc/include/asm/nohash/pgtable.h | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/arch/powerpc/include/asm/nohash/pgtable.h b/arch/powerpc/include/asm/nohash/pgtable.h
> index 0cd8a38..e5805ad 100644
> --- a/arch/powerpc/include/asm/nohash/pgtable.h
> +++ b/arch/powerpc/include/asm/nohash/pgtable.h
> @@ -230,7 +230,7 @@ static inline int hugepd_ok(hugepd_t hpd)
>  	return ((hpd_val(hpd) & 0x4) != 0);
>  #else
>  	/* We clear the top bit to indicate hugepd */
> -	return ((hpd_val(hpd) & PD_HUGE) ==  0);
> +	return (hpd_val(hpd) && (hpd_val(hpd) & PD_HUGE) == 0);
>  #endif
>  }
>  

$ ./scripts/get_maintainer.pl --file arch/powerpc/include/asm/nohash/pgtable.h
Benjamin Herrenschmidt <benh@kernel.crashing.org> (supporter:LINUX FOR POWERPC (32-BIT AND 64-BIT))
Paul Mackerras <paulus@samba.org> (supporter:LINUX FOR POWERPC (32-BIT AND 64-BIT))
Michael Ellerman <mpe@ellerman.id.au> (supporter:LINUX FOR POWERPC (32-BIT AND 64-BIT),commit_signer:2/3=67%)
"Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com> (commit_signer:2/3=67%,authored:1/3=33%,added_lines:3/8=38%,removed_lines:2/3=67%)
Scott Wood <oss@buserror.net> (commit_signer:1/3=33%)
Laurentiu Tudor <laurentiu.tudor@nxp.com> (commit_signer:1/3=33%,authored:1/3=33%,added_lines:1/8=12%,removed_lines:1/3=33%)
Christophe Leroy <christophe.leroy@c-s.fr> (commit_signer:1/3=33%,authored:1/3=33%,added_lines:4/8=50%)
linuxppc-dev@lists.ozlabs.org (open list:LINUX FOR POWERPC (32-BIT AND 64-BIT))
linux-kernel@vger.kernel.org (open list)

I'm not listed there at all, any specific reason you sent this to me?
Nothing I can do with it...

greg k-h

[PATCH] powerpc: booke: fix boot crash due to null hugepd

[Greg KH]

On Tue, May 16, 2017 at 09:47:52AM -0500, laurentiu.tudor at nxp.com wrote:
> From: Laurentiu Tudor <laurentiu.tudor@nxp.com>
> 
> On 32-bit book-e machines, hugepd_ok() does not take
> into account null hugepd values, causing this crash at boot:
> 
> Unable to handle kernel paging request for data at address 0x80000000
> Faulting instruction address: 0xc00182a8
> Oops: Kernel access of bad area, sig: 11 [#1]
> SMP NR_CPUS=24
> CoreNet Generic
> Modules linked in:
> CPU: 1 PID: 1 Comm: swapper/0 Tainted: G        W       4.10.0-rc8-00016-g69b1f87 #11
> task: e5050000 task.stack: e5058000
> NIP: c00182a8 LR: c001829c CTR: 00007ffe
> REGS: e5059c50 TRAP: 0300   Tainted: G        W        (4.10.0-rc8-00016-g69b1f87)
> MSR: 00021002 <CE,ME>
>   CR: 88428e82  XER: 00000000
> DEAR: 80000000 ESR: 00000000
> GPR00: c0107510 e5059d00 e5050000 80000000 bffffff1 e5059d0c e5059d08 00002017
> GPR08: 00000000 00000000 00000000 00000000 28428e82 00000000 c00027d0 00000000
> GPR16: 00000000 00000000 88a28e82 20000000 48422e82 00000000 88a28e84 dd004000
> GPR24: e5059e38 00000000 00000000 bffffff1 dd004000 00000001 00029002 bffffff1
> NIP [c00182a8] follow_huge_addr+0x38/0xf0
> LR [c001829c] follow_huge_addr+0x2c/0xf0
> Call Trace:
> [e5059d00] [e5059d00] 0xe5059d00 (unreliable)
> [e5059d20] [c0107510] follow_page_mask+0x40/0x3c0
> [e5059d80] [c0107958] __get_user_pages+0xc8/0x420
> [e5059de0] [c010817c] get_user_pages_remote+0x8c/0x230
> [e5059e30] [c013f170] copy_strings+0x110/0x3a0
> [e5059ea0] [c013f42c] copy_strings_kernel+0x2c/0x50
> [e5059ec0] [c0141324] do_execveat_common+0x474/0x620
> [e5059f10] [c01414fc] do_execve+0x2c/0x40
> [e5059f20] [c0001f68] try_to_run_init_process+0x18/0x60
> [e5059f30] [c000289c] kernel_init+0xcc/0x120
> [e5059f40] [c000f1e8] ret_from_kernel_thread+0x5c/0x64
> Instruction dump:
> bfc10018 7c9f2378 90010024 7fc000a6 7c000146 80630020 38a1000c 38c10008
> 4bfff869 2c030000 41c20090 81210008 <81430000> 81630004 3860ffea 2f890000
> ---[ end trace 4bf94e15fd9fa824 ]---
> 
> This impacts all nxp (ex-freescale) 32-bit booke platforms.
> 
> Fixes: 20717e1ff526 ("powerpc/mm: Fix little-endian 4K hugetlb")
> 
> Reported-by: Madalin-Cristian Bucur <madalin.bucur@nxp.com>
> Signed-off-by: Laurentiu Tudor <laurentiu.tudor@nxp.com>
> ---
>  arch/powerpc/include/asm/nohash/pgtable.h | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/arch/powerpc/include/asm/nohash/pgtable.h b/arch/powerpc/include/asm/nohash/pgtable.h
> index 0cd8a38..e5805ad 100644
> --- a/arch/powerpc/include/asm/nohash/pgtable.h
> +++ b/arch/powerpc/include/asm/nohash/pgtable.h
> @@ -230,7 +230,7 @@ static inline int hugepd_ok(hugepd_t hpd)
>  	return ((hpd_val(hpd) & 0x4) != 0);
>  #else
>  	/* We clear the top bit to indicate hugepd */
> -	return ((hpd_val(hpd) & PD_HUGE) ==  0);
> +	return (hpd_val(hpd) && (hpd_val(hpd) & PD_HUGE) == 0);
>  #endif
>  }
>  

$ ./scripts/get_maintainer.pl --file arch/powerpc/include/asm/nohash/pgtable.h
Benjamin Herrenschmidt <benh@kernel.crashing.org> (supporter:LINUX FOR POWERPC (32-BIT AND 64-BIT))
Paul Mackerras <paulus@samba.org> (supporter:LINUX FOR POWERPC (32-BIT AND 64-BIT))
Michael Ellerman <mpe@ellerman.id.au> (supporter:LINUX FOR POWERPC (32-BIT AND 64-BIT),commit_signer:2/3=67%)
"Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com> (commit_signer:2/3=67%,authored:1/3=33%,added_lines:3/8=38%,removed_lines:2/3=67%)
Scott Wood <oss@buserror.net> (commit_signer:1/3=33%)
Laurentiu Tudor <laurentiu.tudor@nxp.com> (commit_signer:1/3=33%,authored:1/3=33%,added_lines:1/8=12%,removed_lines:1/3=33%)
Christophe Leroy <christophe.leroy@c-s.fr> (commit_signer:1/3=33%,authored:1/3=33%,added_lines:4/8=50%)
linuxppc-dev at lists.ozlabs.org (open list:LINUX FOR POWERPC (32-BIT AND 64-BIT))
linux-kernel at vger.kernel.org (open list)

I'm not listed there at all, any specific reason you sent this to me?
Nothing I can do with it...

greg k-h

Re: [PATCH] powerpc: booke: fix boot crash due to null hugepd

[Laurentiu Tudor]

Hi Greg,

On 05/17/2017 12:15 PM, Greg KH wrote:
> On Tue, May 16, 2017 at 09:47:52AM -0500, laurentiu.tudor@nxp.com wrote:
>> From: Laurentiu Tudor <laurentiu.tudor@nxp.com>
>>
>> On 32-bit book-e machines, hugepd_ok() does not take
>> into account null hugepd values, causing this crash at boot:
>>
>
> $ ./scripts/get_maintainer.pl --file arch/powerpc/include/asm/nohash/pgtable.h
> Benjamin Herrenschmidt <benh@kernel.crashing.org> (supporter:LINUX FOR POWERPC (32-BIT AND 64-BIT))
> Paul Mackerras <paulus@samba.org> (supporter:LINUX FOR POWERPC (32-BIT AND 64-BIT))
> Michael Ellerman <mpe@ellerman.id.au> (supporter:LINUX FOR POWERPC (32-BIT AND 64-BIT),commit_signer:2/3=67%)
> "Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com> (commit_signer:2/3=67%,authored:1/3=33%,added_lines:3/8=38%,removed_lines:2/3=67%)
> Scott Wood <oss@buserror.net> (commit_signer:1/3=33%)
> Laurentiu Tudor <laurentiu.tudor@nxp.com> (commit_signer:1/3=33%,authored:1/3=33%,added_lines:1/8=12%,removed_lines:1/3=33%)
> Christophe Leroy <christophe.leroy@c-s.fr> (commit_signer:1/3=33%,authored:1/3=33%,added_lines:4/8=50%)
> linuxppc-dev@lists.ozlabs.org (open list:LINUX FOR POWERPC (32-BIT AND 64-BIT))
> linux-kernel@vger.kernel.org (open list)
>
> I'm not listed there at all, any specific reason you sent this to me?
> Nothing I can do with it...
>

Just some finger trouble on my side. Please disregard and sorry for the 
noise.

---
Best Regards, Laurentiu

[PATCH] powerpc: booke: fix boot crash due to null hugepd

[Laurentiu Tudor]

Hi Greg,

On 05/17/2017 12:15 PM, Greg KH wrote:
> On Tue, May 16, 2017 at 09:47:52AM -0500, laurentiu.tudor at nxp.com wrote:
>> From: Laurentiu Tudor <laurentiu.tudor@nxp.com>
>>
>> On 32-bit book-e machines, hugepd_ok() does not take
>> into account null hugepd values, causing this crash at boot:
>>
>
> $ ./scripts/get_maintainer.pl --file arch/powerpc/include/asm/nohash/pgtable.h
> Benjamin Herrenschmidt <benh@kernel.crashing.org> (supporter:LINUX FOR POWERPC (32-BIT AND 64-BIT))
> Paul Mackerras <paulus@samba.org> (supporter:LINUX FOR POWERPC (32-BIT AND 64-BIT))
> Michael Ellerman <mpe@ellerman.id.au> (supporter:LINUX FOR POWERPC (32-BIT AND 64-BIT),commit_signer:2/3=67%)
> "Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com> (commit_signer:2/3=67%,authored:1/3=33%,added_lines:3/8=38%,removed_lines:2/3=67%)
> Scott Wood <oss@buserror.net> (commit_signer:1/3=33%)
> Laurentiu Tudor <laurentiu.tudor@nxp.com> (commit_signer:1/3=33%,authored:1/3=33%,added_lines:1/8=12%,removed_lines:1/3=33%)
> Christophe Leroy <christophe.leroy@c-s.fr> (commit_signer:1/3=33%,authored:1/3=33%,added_lines:4/8=50%)
> linuxppc-dev at lists.ozlabs.org (open list:LINUX FOR POWERPC (32-BIT AND 64-BIT))
> linux-kernel at vger.kernel.org (open list)
>
> I'm not listed there at all, any specific reason you sent this to me?
> Nothing I can do with it...
>

Just some finger trouble on my side. Please disregard and sorry for the 
noise.

---
Best Regards, Laurentiu

Re: [PATCH] powerpc: booke: fix boot crash due to null hugepd

[Michael Ellerman]

Scott Wood <oss@buserror.net> writes:

> On Tue, 2017-02-28 at 14:55 +0000, Laurentiu Tudor wrote:
>> On 02/17/2017 02:18 PM, Aneesh Kumar K.V wrote:
>> > laurentiu.tudor@nxp.com writes:
>> > > From: Laurentiu Tudor <laurentiu.tudor@nxp.com>
>> > >=20
>> > > On 32-bit book-e machines, hugepd_ok() does not take
>> > > into account null hugepd values, causing this crash at boot:
>> > >=20
>> > > Unable to handle kernel paging request for data at address 0x80000000
>> > > Faulting instruction address: 0xc00182a8
>> > > Oops: Kernel access of bad area, sig: 11 [#1]
>> > > SMP NR_CPUS=3D24
>> > > CoreNet Generic
>> > > Modules linked in:
>> > > CPU: 1 PID: 1 Comm: swapper/0 Tainted: G=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0W=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A04.10.0-rc8-
>> > > 00016-g69b1f87 #11
>> > > task: e5050000 task.stack: e5058000
>> > > NIP: c00182a8 LR: c001829c CTR: 00007ffe
>> > > REGS: e5059c50 TRAP: 0300=C2=A0=C2=A0=C2=A0Tainted: G=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0W=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0(4.10.0-rc8-
>> > > 00016-g69b1f87)
>> > > MSR: 00021002 <CE,ME>
>> > > =C2=A0=C2=A0=C2=A0CR: 88428e82=C2=A0=C2=A0XER: 00000000
>> > > DEAR: 80000000 ESR: 00000000
>> > > GPR00: c0107510 e5059d00 e5050000 80000000 bffffff1 e5059d0c e5059d08
>> > > 00002017
>> > > GPR08: 00000000 00000000 00000000 00000000 28428e82 00000000 c00027d0
>> > > 00000000
>> > > GPR16: 00000000 00000000 88a28e82 20000000 48422e82 00000000 88a28e84
>> > > dd004000
>> > > GPR24: e5059e38 00000000 00000000 bffffff1 dd004000 00000001 00029002
>> > > bffffff1
>> > > NIP [c00182a8] follow_huge_addr+0x38/0xf0
>> > > LR [c001829c] follow_huge_addr+0x2c/0xf0
>> > > Call Trace:
>> > > [e5059d00] [e5059d00] 0xe5059d00 (unreliable)
>> > > [e5059d20] [c0107510] follow_page_mask+0x40/0x3c0
>> > > [e5059d80] [c0107958] __get_user_pages+0xc8/0x420
>> > > [e5059de0] [c010817c] get_user_pages_remote+0x8c/0x230
>> > > [e5059e30] [c013f170] copy_strings+0x110/0x3a0
>> > > [e5059ea0] [c013f42c] copy_strings_kernel+0x2c/0x50
>> > > [e5059ec0] [c0141324] do_execveat_common+0x474/0x620
>> > > [e5059f10] [c01414fc] do_execve+0x2c/0x40
>> > > [e5059f20] [c0001f68] try_to_run_init_process+0x18/0x60
>> > > [e5059f30] [c000289c] kernel_init+0xcc/0x120
>> > > [e5059f40] [c000f1e8] ret_from_kernel_thread+0x5c/0x64
>> > > Instruction dump:
>> > > bfc10018 7c9f2378 90010024 7fc000a6 7c000146 80630020 38a1000c 38c10=
008
>> > > 4bfff869 2c030000 41c20090 81210008 <81430000> 81630004 3860ffea
>> > > 2f890000
>> > > ---[ end trace 4bf94e15fd9fa824 ]---
>> >=20
>> > Which code path is that. That null should be filtered by the if
>> > (pmd_none(pmd)) check in find_linux_pte_or_hugepte right ?
>> The crash happens when __find_linux_pte_or_hugepte() calls hugepd_ok(),
>> on this line [1]. It's triggered when __find_linux_pte_or_hugepte() is
>> first called, when the kernel tries to spawn the init process. The input
>> effective address (ea arg) is bffffff1. This is the call stack:
>
> What is the pmd value? =C2=A0There's a pmd_none() check before that line.

It's a pgd, so a pgd_none() check.

But that does nothing because this is 32-bit, 4K PAGE_SIZE, which uses
pgtable-nopmd.h and pgtable-nopud.h, so pgd_none() is just:

  int pgd_none(pgd_t pgd) { return 0; }

> That said, regardless of what's going wrong here, it would be simpler and=
 more
> robust if is_hugepd() returned false for empty ptes rather than assuming =
the
> caller explicitly checked pmd_none().

Yeah, in fact it has to, because of the above.

So Laurentiu's patch is pretty much the correct fix.

cheers

Re: [PATCH] powerpc: booke: fix boot crash due to null hugepd

[Scott Wood]

On Tue, 2017-02-28 at 14:55 +0000, Laurentiu Tudor wrote:
> Hi,
> 
> Some more information on the crash, inline.
> 
> On 02/17/2017 02:18 PM, Aneesh Kumar K.V wrote:
> > 
> > laurentiu.tudor@nxp.com writes:
> > 
> > > 
> > > From: Laurentiu Tudor <laurentiu.tudor@nxp.com>
> > > 
> > > On 32-bit book-e machines, hugepd_ok() does not take
> > > into account null hugepd values, causing this crash at boot:
> > > 
> > > Unable to handle kernel paging request for data at address 0x80000000
> > > Faulting instruction address: 0xc00182a8
> > > Oops: Kernel access of bad area, sig: 11 [#1]
> > > SMP NR_CPUS=24
> > > CoreNet Generic
> > > Modules linked in:
> > > CPU: 1 PID: 1 Comm: swapper/0 Tainted: G        W       4.10.0-rc8-
> > > 00016-g69b1f87 #11
> > > task: e5050000 task.stack: e5058000
> > > NIP: c00182a8 LR: c001829c CTR: 00007ffe
> > > REGS: e5059c50 TRAP: 0300   Tainted: G        W        (4.10.0-rc8-
> > > 00016-g69b1f87)
> > > MSR: 00021002 <CE,ME>
> > >    CR: 88428e82  XER: 00000000
> > > DEAR: 80000000 ESR: 00000000
> > > GPR00: c0107510 e5059d00 e5050000 80000000 bffffff1 e5059d0c e5059d08
> > > 00002017
> > > GPR08: 00000000 00000000 00000000 00000000 28428e82 00000000 c00027d0
> > > 00000000
> > > GPR16: 00000000 00000000 88a28e82 20000000 48422e82 00000000 88a28e84
> > > dd004000
> > > GPR24: e5059e38 00000000 00000000 bffffff1 dd004000 00000001 00029002
> > > bffffff1
> > > NIP [c00182a8] follow_huge_addr+0x38/0xf0
> > > LR [c001829c] follow_huge_addr+0x2c/0xf0
> > > Call Trace:
> > > [e5059d00] [e5059d00] 0xe5059d00 (unreliable)
> > > [e5059d20] [c0107510] follow_page_mask+0x40/0x3c0
> > > [e5059d80] [c0107958] __get_user_pages+0xc8/0x420
> > > [e5059de0] [c010817c] get_user_pages_remote+0x8c/0x230
> > > [e5059e30] [c013f170] copy_strings+0x110/0x3a0
> > > [e5059ea0] [c013f42c] copy_strings_kernel+0x2c/0x50
> > > [e5059ec0] [c0141324] do_execveat_common+0x474/0x620
> > > [e5059f10] [c01414fc] do_execve+0x2c/0x40
> > > [e5059f20] [c0001f68] try_to_run_init_process+0x18/0x60
> > > [e5059f30] [c000289c] kernel_init+0xcc/0x120
> > > [e5059f40] [c000f1e8] ret_from_kernel_thread+0x5c/0x64
> > > Instruction dump:
> > > bfc10018 7c9f2378 90010024 7fc000a6 7c000146 80630020 38a1000c 38c10008
> > > 4bfff869 2c030000 41c20090 81210008 <81430000> 81630004 3860ffea
> > > 2f890000
> > > ---[ end trace 4bf94e15fd9fa824 ]---
> > 
> > Which code path is that. That null should be filtered by the if
> > (pmd_none(pmd)) check in find_linux_pte_or_hugepte right ?
> The crash happens when __find_linux_pte_or_hugepte() calls hugepd_ok(),
> on this line [1]. It's triggered when __find_linux_pte_or_hugepte() is
> first called, when the kernel tries to spawn the init process. The input
> effective address (ea arg) is bffffff1. This is the call stack:

What is the pmd value?  There's a pmd_none() check before that line.

That said, regardless of what's going wrong here, it would be simpler and more
robust if is_hugepd() returned false for empty ptes rather than assuming the
caller explicitly checked pmd_none().

-Scott

Re: [PATCH] powerpc: booke: fix boot crash due to null hugepd

[Laurentiu Tudor]

Hi,

Some more information on the crash, inline.

On 02/17/2017 02:18 PM, Aneesh Kumar K.V wrote:
> laurentiu.tudor@nxp.com writes:
>
>> From: Laurentiu Tudor <laurentiu.tudor@nxp.com>
>>
>> On 32-bit book-e machines, hugepd_ok() does not take
>> into account null hugepd values, causing this crash at boot:
>>
>> Unable to handle kernel paging request for data at address 0x80000000
>> Faulting instruction address: 0xc00182a8
>> Oops: Kernel access of bad area, sig: 11 [#1]
>> SMP NR_CPUS=3D24
>> CoreNet Generic
>> Modules linked in:
>> CPU: 1 PID: 1 Comm: swapper/0 Tainted: G        W       4.10.0-rc8-00016=
-g69b1f87 #11
>> task: e5050000 task.stack: e5058000
>> NIP: c00182a8 LR: c001829c CTR: 00007ffe
>> REGS: e5059c50 TRAP: 0300   Tainted: G        W        (4.10.0-rc8-00016=
-g69b1f87)
>> MSR: 00021002 <CE,ME>
>>    CR: 88428e82  XER: 00000000
>> DEAR: 80000000 ESR: 00000000
>> GPR00: c0107510 e5059d00 e5050000 80000000 bffffff1 e5059d0c e5059d08 00=
002017
>> GPR08: 00000000 00000000 00000000 00000000 28428e82 00000000 c00027d0 00=
000000
>> GPR16: 00000000 00000000 88a28e82 20000000 48422e82 00000000 88a28e84 dd=
004000
>> GPR24: e5059e38 00000000 00000000 bffffff1 dd004000 00000001 00029002 bf=
fffff1
>> NIP [c00182a8] follow_huge_addr+0x38/0xf0
>> LR [c001829c] follow_huge_addr+0x2c/0xf0
>> Call Trace:
>> [e5059d00] [e5059d00] 0xe5059d00 (unreliable)
>> [e5059d20] [c0107510] follow_page_mask+0x40/0x3c0
>> [e5059d80] [c0107958] __get_user_pages+0xc8/0x420
>> [e5059de0] [c010817c] get_user_pages_remote+0x8c/0x230
>> [e5059e30] [c013f170] copy_strings+0x110/0x3a0
>> [e5059ea0] [c013f42c] copy_strings_kernel+0x2c/0x50
>> [e5059ec0] [c0141324] do_execveat_common+0x474/0x620
>> [e5059f10] [c01414fc] do_execve+0x2c/0x40
>> [e5059f20] [c0001f68] try_to_run_init_process+0x18/0x60
>> [e5059f30] [c000289c] kernel_init+0xcc/0x120
>> [e5059f40] [c000f1e8] ret_from_kernel_thread+0x5c/0x64
>> Instruction dump:
>> bfc10018 7c9f2378 90010024 7fc000a6 7c000146 80630020 38a1000c 38c10008
>> 4bfff869 2c030000 41c20090 81210008 <81430000> 81630004 3860ffea 2f89000=
0
>> ---[ end trace 4bf94e15fd9fa824 ]---
>
>
> Which code path is that. That null should be filtered by the if
> (pmd_none(pmd)) check in find_linux_pte_or_hugepte right ?

The crash happens when __find_linux_pte_or_hugepte() calls hugepd_ok(),
on this line [1]. It's triggered when __find_linux_pte_or_hugepte() is
first called, when the kernel tries to spawn the init process. The input
effective address (ea arg) is bffffff1. This is the call stack:

[e5059cd0] [c0017b60] __find_linux_pte_or_hugepte+0x60/0x120 (unreliable)
[e5059d00] [c001832c] follow_huge_addr+0x2c/0xf0
[e5059d20] [c0107590] follow_page_mask+0x40/0x3c0
[e5059d80] [c01079d8] __get_user_pages+0xc8/0x420
[e5059de0] [c01081fc] get_user_pages_remote+0x8c/0x230
[e5059e30] [c013f210] copy_strings+0x110/0x3a0
[e5059ea0] [c013f4cc] copy_strings_kernel+0x2c/0x50
[e5059ec0] [c01413c4] do_execveat_common+0x474/0x620
[e5059f10] [c014159c] do_execve+0x2c/0x40
[e5059f20] [c0001f68] try_to_run_init_process+0x18/0x60
[e5059f30] [c000289c] kernel_init+0xcc/0x120
[e5059f40] [c000f1e8] ret_from_kernel_thread+0x5c/0x64

Thanks in advance for any pointers.

[1]=20
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/arch/po=
werpc/mm/hugetlbpage.c#n918

---
Best Regards, Laurentiu=

Re: [PATCH] powerpc: booke: fix boot crash due to null hugepd

[Laurentiu Tudor]

On 02/17/2017 02:18 PM, Aneesh Kumar K.V wrote:
> laurentiu.tudor@nxp.com writes:
>
>> From: Laurentiu Tudor <laurentiu.tudor@nxp.com>
>>
>> On 32-bit book-e machines, hugepd_ok() does not take
>> into account null hugepd values, causing this crash at boot:
>>
>> Unable to handle kernel paging request for data at address 0x80000000
>> Faulting instruction address: 0xc00182a8
>> Oops: Kernel access of bad area, sig: 11 [#1]
>> SMP NR_CPUS=3D24
>> CoreNet Generic
>> Modules linked in:
>> CPU: 1 PID: 1 Comm: swapper/0 Tainted: G        W       4.10.0-rc8-00016=
-g69b1f87 #11
>> task: e5050000 task.stack: e5058000
>> NIP: c00182a8 LR: c001829c CTR: 00007ffe
>> REGS: e5059c50 TRAP: 0300   Tainted: G        W        (4.10.0-rc8-00016=
-g69b1f87)
>> MSR: 00021002 <CE,ME>
>>    CR: 88428e82  XER: 00000000
>> DEAR: 80000000 ESR: 00000000
>> GPR00: c0107510 e5059d00 e5050000 80000000 bffffff1 e5059d0c e5059d08 00=
002017
>> GPR08: 00000000 00000000 00000000 00000000 28428e82 00000000 c00027d0 00=
000000
>> GPR16: 00000000 00000000 88a28e82 20000000 48422e82 00000000 88a28e84 dd=
004000
>> GPR24: e5059e38 00000000 00000000 bffffff1 dd004000 00000001 00029002 bf=
fffff1
>> NIP [c00182a8] follow_huge_addr+0x38/0xf0
>> LR [c001829c] follow_huge_addr+0x2c/0xf0
>> Call Trace:
>> [e5059d00] [e5059d00] 0xe5059d00 (unreliable)
>> [e5059d20] [c0107510] follow_page_mask+0x40/0x3c0
>> [e5059d80] [c0107958] __get_user_pages+0xc8/0x420
>> [e5059de0] [c010817c] get_user_pages_remote+0x8c/0x230
>> [e5059e30] [c013f170] copy_strings+0x110/0x3a0
>> [e5059ea0] [c013f42c] copy_strings_kernel+0x2c/0x50
>> [e5059ec0] [c0141324] do_execveat_common+0x474/0x620
>> [e5059f10] [c01414fc] do_execve+0x2c/0x40
>> [e5059f20] [c0001f68] try_to_run_init_process+0x18/0x60
>> [e5059f30] [c000289c] kernel_init+0xcc/0x120
>> [e5059f40] [c000f1e8] ret_from_kernel_thread+0x5c/0x64
>> Instruction dump:
>> bfc10018 7c9f2378 90010024 7fc000a6 7c000146 80630020 38a1000c 38c10008
>> 4bfff869 2c030000 41c20090 81210008 <81430000> 81630004 3860ffea 2f89000=
0
>> ---[ end trace 4bf94e15fd9fa824 ]---
>
>
> Which code path is that. That null should be filtered by the if
> (pmd_none(pmd)) check in find_linux_pte_or_hugepte right ?
>

I haven't characterized the issue in detail as i wanted to get the patch=20
out ASAP.
I only noticed that the previous check, that is:

	"signed hpd_val > 0"

vs the new one, that is:

	"unsigned hpd_val & PD_HUGE =3D=3D 0"

evaluate differently for a value of zero: old expression evaluates
to false and the new one to true.

---
Best Regards, Laurentiu=

Re: [PATCH] powerpc: booke: fix boot crash due to null hugepd

[Aneesh Kumar K.V]

laurentiu.tudor@nxp.com writes:

> From: Laurentiu Tudor <laurentiu.tudor@nxp.com>
>
> On 32-bit book-e machines, hugepd_ok() does not take
> into account null hugepd values, causing this crash at boot:
>
> Unable to handle kernel paging request for data at address 0x80000000
> Faulting instruction address: 0xc00182a8
> Oops: Kernel access of bad area, sig: 11 [#1]
> SMP NR_CPUS=24
> CoreNet Generic
> Modules linked in:
> CPU: 1 PID: 1 Comm: swapper/0 Tainted: G        W       4.10.0-rc8-00016-g69b1f87 #11
> task: e5050000 task.stack: e5058000
> NIP: c00182a8 LR: c001829c CTR: 00007ffe
> REGS: e5059c50 TRAP: 0300   Tainted: G        W        (4.10.0-rc8-00016-g69b1f87)
> MSR: 00021002 <CE,ME>
>   CR: 88428e82  XER: 00000000
> DEAR: 80000000 ESR: 00000000
> GPR00: c0107510 e5059d00 e5050000 80000000 bffffff1 e5059d0c e5059d08 00002017
> GPR08: 00000000 00000000 00000000 00000000 28428e82 00000000 c00027d0 00000000
> GPR16: 00000000 00000000 88a28e82 20000000 48422e82 00000000 88a28e84 dd004000
> GPR24: e5059e38 00000000 00000000 bffffff1 dd004000 00000001 00029002 bffffff1
> NIP [c00182a8] follow_huge_addr+0x38/0xf0
> LR [c001829c] follow_huge_addr+0x2c/0xf0
> Call Trace:
> [e5059d00] [e5059d00] 0xe5059d00 (unreliable)
> [e5059d20] [c0107510] follow_page_mask+0x40/0x3c0
> [e5059d80] [c0107958] __get_user_pages+0xc8/0x420
> [e5059de0] [c010817c] get_user_pages_remote+0x8c/0x230
> [e5059e30] [c013f170] copy_strings+0x110/0x3a0
> [e5059ea0] [c013f42c] copy_strings_kernel+0x2c/0x50
> [e5059ec0] [c0141324] do_execveat_common+0x474/0x620
> [e5059f10] [c01414fc] do_execve+0x2c/0x40
> [e5059f20] [c0001f68] try_to_run_init_process+0x18/0x60
> [e5059f30] [c000289c] kernel_init+0xcc/0x120
> [e5059f40] [c000f1e8] ret_from_kernel_thread+0x5c/0x64
> Instruction dump:
> bfc10018 7c9f2378 90010024 7fc000a6 7c000146 80630020 38a1000c 38c10008
> 4bfff869 2c030000 41c20090 81210008 <81430000> 81630004 3860ffea 2f890000
> ---[ end trace 4bf94e15fd9fa824 ]---


Which code path is that. That null should be filtered by the if
(pmd_none(pmd)) check in find_linux_pte_or_hugepte right ?

>
> This impacts all nxp (ex-freescale) 32-bit booke platforms.
>
> Fixes: 20717e1ff526 ("powerpc/mm: Fix little-endian 4K hugetlb")
>
> Reported-by: Madalin-Cristian Bucur <madalin.bucur@nxp.com>
> Signed-off-by: Laurentiu Tudor <laurentiu.tudor@nxp.com>
> ---
>  arch/powerpc/include/asm/nohash/pgtable.h | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/powerpc/include/asm/nohash/pgtable.h b/arch/powerpc/include/asm/nohash/pgtable.h
> index 0cd8a38..e5805ad 100644
> --- a/arch/powerpc/include/asm/nohash/pgtable.h
> +++ b/arch/powerpc/include/asm/nohash/pgtable.h
> @@ -230,7 +230,7 @@ static inline int hugepd_ok(hugepd_t hpd)
>  	return ((hpd_val(hpd) & 0x4) != 0);
>  #else
>  	/* We clear the top bit to indicate hugepd */
> -	return ((hpd_val(hpd) & PD_HUGE) ==  0);
> +	return (hpd_val(hpd) && (hpd_val(hpd) & PD_HUGE) == 0);
>  #endif
>  }
>
> -- 
> 1.8.3.1

Re: [PATCH] powerpc: booke: fix boot crash due to null hugepd

[Laurentiu Tudor]

DQoNCk9uIDAyLzE3LzIwMTcgMTI6MDggUE0sIFNjb3R0IFdvb2Qgd3JvdGU6DQo+IE9uIFRodSwg
MjAxNy0wMi0xNiBhdCAwOToxMSAtMDYwMCwgbGF1cmVudGl1LnR1ZG9yQG54cC5jb20gd3JvdGU6
DQo+PiBGcm9tOiBMYXVyZW50aXUgVHVkb3IgPGxhdXJlbnRpdS50dWRvckBueHAuY29tPg0KPj4N
Cj4+IE9uIDMyLWJpdCBib29rLWUgbWFjaGluZXMsIGh1Z2VwZF9vaygpIGRvZXMgbm90IHRha2UN
Cj4+IGludG8gYWNjb3VudCBudWxsIGh1Z2VwZCB2YWx1ZXMsIGNhdXNpbmcgdGhpcyBjcmFzaCBh
dCBib290Og0KPg0KPiBXaHkgb25seSAzMi1iaXQ/DQoNCkkgd2FudGVkIHRvIGdldCB0aGlzIHBh
dGNoIG91dCBhcyBxdWljayBhcyBwb3NzaWJsZSBzbyBpIGRpZG4ndCBoYWQNCnRpbWUgdG8gaW52
ZXN0aWdhdGUgaW4gZGVwdGguIEkganVzdCB0ZXN0ZWQgb24gNjQtYml0IHRoYXQgdGhlDQprZXJu
ZWwgYm9vdHMgb2suDQoNCj4+IGRpZmYgLS1naXQgYS9hcmNoL3Bvd2VycGMvaW5jbHVkZS9hc20v
bm9oYXNoL3BndGFibGUuaA0KPj4gYi9hcmNoL3Bvd2VycGMvaW5jbHVkZS9hc20vbm9oYXNoL3Bn
dGFibGUuaA0KPj4gaW5kZXggMGNkOGEzOC4uZTU4MDVhZCAxMDA2NDQNCj4+IC0tLSBhL2FyY2gv
cG93ZXJwYy9pbmNsdWRlL2FzbS9ub2hhc2gvcGd0YWJsZS5oDQo+PiArKysgYi9hcmNoL3Bvd2Vy
cGMvaW5jbHVkZS9hc20vbm9oYXNoL3BndGFibGUuaA0KPj4gQEAgLTIzMCw3ICsyMzAsNyBAQCBz
dGF0aWMgaW5saW5lIGludCBodWdlcGRfb2soaHVnZXBkX3QgaHBkKQ0KPj4gICAJcmV0dXJuICgo
aHBkX3ZhbChocGQpICYgMHg0KSAhPSAwKTsNCj4+ICAgI2Vsc2UNCj4+ICAgCS8qIFdlIGNsZWFy
IHRoZSB0b3AgYml0IHRvIGluZGljYXRlIGh1Z2VwZCAqLw0KPj4gLQlyZXR1cm4gKChocGRfdmFs
KGhwZCkgJiBQRF9IVUdFKSA9PSAgMCk7DQo+PiArCXJldHVybiAoaHBkX3ZhbChocGQpICYmICho
cGRfdmFsKGhwZCkgJiBQRF9IVUdFKSA9PSAwKTsNCj4+ICAgI2VuZGlmDQo+PiAgIH0NCj4+DQo+
DQo+IEFueSByZWFzb24gd2h5IHRoaXMgY2FuJ3QgZ28gYmFjayB0byBiZWluZyAiaHBkX3ZhbCho
cGQpID4gMCI/ICBXaHkgd2FzIG5vaGFzaA0KPiBjaGFuZ2VkIHRvIGJlZ2luIHdpdGg/ICBJIGRv
bid0IGV4cGVjdCBub2hhc2ggKG9yIGF0IGxlYXN0IGZzbC1ib29rM2UpIHdpbGwNCj4gZXZlciBo
YXZlIGEgcGFnZXRhYmxlIHRoYXQgaXMgbm90IG5hdGl2ZS1lbmRpYW4sIGFuZCAiPiAwIiBpcyBj
b25zaXN0ZW50IHdpdGgNCj4gd2hhdCB0aGUgVExCIG1pc3MgY29kZSBpcyBkb2luZy4NCg0KVGhl
IHBhdGNoIHRoYXQgaW50cm9kdWNlZCB0aGUgYnJva2VubmVzcyBjaGFuZ2VzICJodWdlcGRfdC5w
ZCIgZnJvbSANCiJzaWduZWQgbG9uZyIgdG8gInVuc2lnbmVkIGxvbmciIHNvIGFzIGEgY29uc2Vx
dWVuY2UgIj4gMCIgd2FzIHJlcGxhY2VkDQp3aXRoIHRoZSBiaXR3aXNlIG9wLg0KDQotLS0NCkJl
c3QgUmVnYXJkcywgTGF1cmVudGl1

Re: [PATCH] powerpc: booke: fix boot crash due to null hugepd

[Scott Wood]

On Thu, 2017-02-16 at 09:11 -0600, laurentiu.tudor@nxp.com wrote:
> From: Laurentiu Tudor <laurentiu.tudor@nxp.com>
> 
> On 32-bit book-e machines, hugepd_ok() does not take
> into account null hugepd values, causing this crash at boot:

Why only 32-bit?

> diff --git a/arch/powerpc/include/asm/nohash/pgtable.h
> b/arch/powerpc/include/asm/nohash/pgtable.h
> index 0cd8a38..e5805ad 100644
> --- a/arch/powerpc/include/asm/nohash/pgtable.h
> +++ b/arch/powerpc/include/asm/nohash/pgtable.h
> @@ -230,7 +230,7 @@ static inline int hugepd_ok(hugepd_t hpd)
>  	return ((hpd_val(hpd) & 0x4) != 0);
>  #else
>  	/* We clear the top bit to indicate hugepd */
> -	return ((hpd_val(hpd) & PD_HUGE) ==  0);
> +	return (hpd_val(hpd) && (hpd_val(hpd) & PD_HUGE) == 0);
>  #endif
>  }
>  

Any reason why this can't go back to being "hpd_val(hpd) > 0"?  Why was nohash
changed to begin with?  I don't expect nohash (or at least fsl-book3e) will
ever have a pagetable that is not native-endian, and "> 0" is consistent with
what the TLB miss code is doing.

Also, the patch that broke this was tagged for stable (which again raises the
question of why an extraneous change was made) so this patch needs to be as
well.

-Scott

[PATCH] powerpc: booke: fix boot crash due to null hugepd

[laurentiu.tudor]

From: Laurentiu Tudor <laurentiu.tudor@nxp.com>

On 32-bit book-e machines, hugepd_ok() does not take
into account null hugepd values, causing this crash at boot:

Unable to handle kernel paging request for data at address 0x80000000
Faulting instruction address: 0xc00182a8
Oops: Kernel access of bad area, sig: 11 [#1]
SMP NR_CPUS=24
CoreNet Generic
Modules linked in:
CPU: 1 PID: 1 Comm: swapper/0 Tainted: G        W       4.10.0-rc8-00016-g69b1f87 #11
task: e5050000 task.stack: e5058000
NIP: c00182a8 LR: c001829c CTR: 00007ffe
REGS: e5059c50 TRAP: 0300   Tainted: G        W        (4.10.0-rc8-00016-g69b1f87)
MSR: 00021002 <CE,ME>
  CR: 88428e82  XER: 00000000
DEAR: 80000000 ESR: 00000000
GPR00: c0107510 e5059d00 e5050000 80000000 bffffff1 e5059d0c e5059d08 00002017
GPR08: 00000000 00000000 00000000 00000000 28428e82 00000000 c00027d0 00000000
GPR16: 00000000 00000000 88a28e82 20000000 48422e82 00000000 88a28e84 dd004000
GPR24: e5059e38 00000000 00000000 bffffff1 dd004000 00000001 00029002 bffffff1
NIP [c00182a8] follow_huge_addr+0x38/0xf0
LR [c001829c] follow_huge_addr+0x2c/0xf0
Call Trace:
[e5059d00] [e5059d00] 0xe5059d00 (unreliable)
[e5059d20] [c0107510] follow_page_mask+0x40/0x3c0
[e5059d80] [c0107958] __get_user_pages+0xc8/0x420
[e5059de0] [c010817c] get_user_pages_remote+0x8c/0x230
[e5059e30] [c013f170] copy_strings+0x110/0x3a0
[e5059ea0] [c013f42c] copy_strings_kernel+0x2c/0x50
[e5059ec0] [c0141324] do_execveat_common+0x474/0x620
[e5059f10] [c01414fc] do_execve+0x2c/0x40
[e5059f20] [c0001f68] try_to_run_init_process+0x18/0x60
[e5059f30] [c000289c] kernel_init+0xcc/0x120
[e5059f40] [c000f1e8] ret_from_kernel_thread+0x5c/0x64
Instruction dump:
bfc10018 7c9f2378 90010024 7fc000a6 7c000146 80630020 38a1000c 38c10008
4bfff869 2c030000 41c20090 81210008 <81430000> 81630004 3860ffea 2f890000
---[ end trace 4bf94e15fd9fa824 ]---

This impacts all nxp (ex-freescale) 32-bit booke platforms.

Fixes: 20717e1ff526 ("powerpc/mm: Fix little-endian 4K hugetlb")

Reported-by: Madalin-Cristian Bucur <madalin.bucur@nxp.com>
Signed-off-by: Laurentiu Tudor <laurentiu.tudor@nxp.com>
---
 arch/powerpc/include/asm/nohash/pgtable.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/powerpc/include/asm/nohash/pgtable.h b/arch/powerpc/include/asm/nohash/pgtable.h
index 0cd8a38..e5805ad 100644
--- a/arch/powerpc/include/asm/nohash/pgtable.h
+++ b/arch/powerpc/include/asm/nohash/pgtable.h
@@ -230,7 +230,7 @@ static inline int hugepd_ok(hugepd_t hpd)
 	return ((hpd_val(hpd) & 0x4) != 0);
 #else
 	/* We clear the top bit to indicate hugepd */
-	return ((hpd_val(hpd) & PD_HUGE) ==  0);
+	return (hpd_val(hpd) && (hpd_val(hpd) & PD_HUGE) == 0);
 #endif
 }
 
-- 
1.8.3.1