From: Kuniyuki Iwashima <kuniyu@amazon.com>
To: <deller@gmx.de>
Cc: <dave.anglin@bell.net>, <kuniyu@amazon.co.jp>,
<kuniyu@amazon.com>, <linux-parisc@vger.kernel.org>
Subject: Re: linux v5.18.3 fails to boot
Date: Mon, 27 Jun 2022 10:24:28 -0700 [thread overview]
Message-ID: <20220627172428.83872-1-kuniyu@amazon.com> (raw)
In-Reply-To: <faea80e5-de8f-f1ca-1412-43f513b3b45c@gmx.de>
From: Helge Deller <deller@gmx.de>
Date: Mon, 27 Jun 2022 02:08:29 +0200
> On 6/10/22 20:18, John David Anglin wrote:
>> On 2022-06-10 12:49 p.m., John David Anglin wrote:
>>>> The commit was added to prevent compiler optimisation from splitting
>>>> read/write operations. I think it can lead in a change in opcodes but
>>>> must be safe. So I'm not sure why the commit causes boot failure for now.
>>> Neither am I.
>>>>
>>>> I'm not familiar with PARISC and this may be a stupid question though,
>>>> what does `ldd` exactly do? and which line is it executed in the func/file?
>>> ldd performs a 64-bit load to register rp (r2). It is part of mpt_reply's epilogue.
>>> The prior "sync" instruction corresponds to the "mb()" at the end of mpt_reply.
>>>
>>
>> Possibly, this might affect Fusion MPT base driver but no patches are applied:
>>
>> [ 29.971295] mptbase alternatives: applied 0 out of 3 patches
>> [ 29.971295] Fusion MPT base driver 3.04.20
>> [ 29.971295] Copyright (c) 1999-2008 LSI Corporation
>> [ 29.971295] Fusion MPT SPI Host driver 3.04.20
>
> To sum it up - this issue war triggered by a few special situations:
>
> The kernel patching code uses the altinstructions table from kernel modules to patch
> in alternative assembly instructions.
> To read the entries it uses a 32-bit ldw() instruction since the table holds 32-bit values.
> Because of another issue this table was located at unaligned memory addresses.
> That's why then the kernel ldw() emulation jumped in and read the content.
> Commit e8aa7b17fe41 ("parisc/unaligned: Rewrite inline assembly of emulate_ldw()")
> broke the ldw() emulation and as such invalid 32-bit values were read back.
> This then triggered random memory corruption, because the kernel then patched addresses which it shouldn't.
>
> I just sent a patch to the parisc mailing list to fix up the ldw() handler, which
> finally fixed this issue here too.
Interesting!
I was wondering enabling CONFIG_STRICT_MODULE_RWX, which was originally off,
could have another impact.
I appreciate your summary and fix!
Best regards,
Kuniyuki
>
> Everyone who runs kernel v5.18+ on parisc should better apply the patch I sent:
> https://patchwork.kernel.org/project/linux-parisc/patch/20220626233911.1023515-1-deller@gmx.de/
>
> Helge
prev parent reply other threads:[~2022-06-27 17:41 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-09 18:13 linux v5.18.3 fails to boot John David Anglin
2022-06-10 15:06 ` John David Anglin
2022-06-10 16:06 ` Kuniyuki Iwashima
2022-06-10 16:49 ` John David Anglin
2022-06-10 18:18 ` John David Anglin
2022-06-27 0:08 ` Helge Deller
2022-06-27 6:15 ` Sam James
2022-06-27 17:24 ` Kuniyuki Iwashima [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220627172428.83872-1-kuniyu@amazon.com \
--to=kuniyu@amazon.com \
--cc=dave.anglin@bell.net \
--cc=deller@gmx.de \
--cc=kuniyu@amazon.co.jp \
--cc=linux-parisc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.