* [PATCH 1/2] Revert "powerpc: Remove unused FW_FEATURE_NATIVE references"
@ 2022-08-23 11:59 Michael Ellerman
2022-08-23 11:59 ` [PATCH 2/2] powerpc/rtas: Fix RTAS MSR[HV] handling for Cell Michael Ellerman
2022-08-31 13:12 ` [PATCH 1/2] Revert "powerpc: Remove unused FW_FEATURE_NATIVE references" Michael Ellerman
0 siblings, 2 replies; 7+ messages in thread
From: Michael Ellerman @ 2022-08-23 11:59 UTC (permalink / raw)
To: linuxppc-dev; +Cc: rmclure, ldufour, npiggin
This reverts commit 79b74a68486765a4fe685ac4069bc71366c538f5.
It broke booting on IBM Cell machines when the kernel is also built with
CONFIG_PPC_PS3=y.
That's because FW_FEATURE_NATIVE_ALWAYS = 0 does have an important
effect, which is to clear the PS3 ALWAYS features from
FW_FEATURE_ALWAYS.
Note that CONFIG_PPC_NATIVE has since been renamed
CONFIG_PPC_HASH_MMU_NATIVE.
Fixes: 79b74a684867 ("powerpc: Remove unused FW_FEATURE_NATIVE references")
Cc: stable@vger.kernel.org # v5.17+
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
---
arch/powerpc/include/asm/firmware.h | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/arch/powerpc/include/asm/firmware.h b/arch/powerpc/include/asm/firmware.h
index 398e0b5e485f..ed6db13a1d7c 100644
--- a/arch/powerpc/include/asm/firmware.h
+++ b/arch/powerpc/include/asm/firmware.h
@@ -83,6 +83,8 @@ enum {
FW_FEATURE_POWERNV_ALWAYS = 0,
FW_FEATURE_PS3_POSSIBLE = FW_FEATURE_LPAR | FW_FEATURE_PS3_LV1,
FW_FEATURE_PS3_ALWAYS = FW_FEATURE_LPAR | FW_FEATURE_PS3_LV1,
+ FW_FEATURE_NATIVE_POSSIBLE = 0,
+ FW_FEATURE_NATIVE_ALWAYS = 0,
FW_FEATURE_POSSIBLE =
#ifdef CONFIG_PPC_PSERIES
FW_FEATURE_PSERIES_POSSIBLE |
@@ -92,6 +94,9 @@ enum {
#endif
#ifdef CONFIG_PPC_PS3
FW_FEATURE_PS3_POSSIBLE |
+#endif
+#ifdef CONFIG_PPC_HASH_MMU_NATIVE
+ FW_FEATURE_NATIVE_ALWAYS |
#endif
0,
FW_FEATURE_ALWAYS =
@@ -103,6 +108,9 @@ enum {
#endif
#ifdef CONFIG_PPC_PS3
FW_FEATURE_PS3_ALWAYS &
+#endif
+#ifdef CONFIG_PPC_HASH_MMU_NATIVE
+ FW_FEATURE_NATIVE_ALWAYS &
#endif
FW_FEATURE_POSSIBLE,
--
2.37.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH 2/2] powerpc/rtas: Fix RTAS MSR[HV] handling for Cell
2022-08-23 11:59 [PATCH 1/2] Revert "powerpc: Remove unused FW_FEATURE_NATIVE references" Michael Ellerman
@ 2022-08-23 11:59 ` Michael Ellerman
2022-08-24 1:50 ` Jordan Niethe
2022-08-31 13:12 ` [PATCH 1/2] Revert "powerpc: Remove unused FW_FEATURE_NATIVE references" Michael Ellerman
1 sibling, 1 reply; 7+ messages in thread
From: Michael Ellerman @ 2022-08-23 11:59 UTC (permalink / raw)
To: linuxppc-dev; +Cc: rmclure, ldufour, npiggin
The semi-recent changes to MSR handling when entering RTAS (firmware)
cause crashes on IBM Cell machines. An example trace:
kernel tried to execute user page (2fff01a8) - exploit attempt? (uid: 0)
BUG: Unable to handle kernel instruction fetch
Faulting instruction address: 0x2fff01a8
Oops: Kernel access of bad area, sig: 11 [#1]
BE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=4 NUMA Cell
Modules linked in:
CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 6.0.0-rc2-00433-gede0a8d3307a #207
NIP: 000000002fff01a8 LR: 0000000000032608 CTR: 0000000000000000
REGS: c0000000015236b0 TRAP: 0400 Tainted: G W (6.0.0-rc2-00433-gede0a8d3307a)
MSR: 0000000008001002 <ME,RI> CR: 00000000 XER: 20000000
...
NIP 0x2fff01a8
LR 0x32608
Call Trace:
0xc00000000143c5f8 (unreliable)
.rtas_call+0x224/0x320
.rtas_get_boot_time+0x70/0x150
.read_persistent_clock64+0x114/0x140
.read_persistent_wall_and_boot_offset+0x24/0x80
.timekeeping_init+0x40/0x29c
.start_kernel+0x674/0x8f0
start_here_common+0x1c/0x50
Unlike PAPR platforms where RTAS is only used in guests, on the IBM Cell
machines Linux runs with MSR[HV] set but also uses RTAS, provided by
SLOF.
Fix it by copying the MSR[HV] bit from the MSR value we've just read
using mfmsr into the value used for RTAS.
It seems like we could also fix it using an #ifdef CELL to set MSR[HV],
but that doesn't work because it's possible to build a single kernel
image that runs on both Cell native and pseries.
Fixes: b6b1c3ce06ca ("powerpc/rtas: Keep MSR[RI] set when calling RTAS")
Cc: stable@vger.kernel.org # v5.19+
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
---
arch/powerpc/kernel/rtas_entry.S | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/arch/powerpc/kernel/rtas_entry.S b/arch/powerpc/kernel/rtas_entry.S
index 9a434d42e660..6ce95ddadbcd 100644
--- a/arch/powerpc/kernel/rtas_entry.S
+++ b/arch/powerpc/kernel/rtas_entry.S
@@ -109,8 +109,12 @@ _GLOBAL(enter_rtas)
* its critical regions (as specified in PAPR+ section 7.2.1). MSR[S]
* is not impacted by RFI_TO_KERNEL (only urfid can unset it). So if
* MSR[S] is set, it will remain when entering RTAS.
+ * If we're in HV mode, RTAS must also run in HV mode, so extract MSR_HV
+ * from the saved MSR value and insert into the value RTAS will use.
*/
+ extrdi r0, r6, 1, 63 - MSR_HV_LG
LOAD_REG_IMMEDIATE(r6, MSR_ME | MSR_RI)
+ insrdi r6, r0, 1, 63 - MSR_HV_LG
li r0,0
mtmsrd r0,1 /* disable RI before using SRR0/1 */
--
2.37.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH 2/2] powerpc/rtas: Fix RTAS MSR[HV] handling for Cell
2022-08-23 11:59 ` [PATCH 2/2] powerpc/rtas: Fix RTAS MSR[HV] handling for Cell Michael Ellerman
@ 2022-08-24 1:50 ` Jordan Niethe
2022-08-24 12:04 ` Michael Ellerman
0 siblings, 1 reply; 7+ messages in thread
From: Jordan Niethe @ 2022-08-24 1:50 UTC (permalink / raw)
To: Michael Ellerman, linuxppc-dev; +Cc: rmclure, ldufour, npiggin
On Tue, 2022-08-23 at 21:59 +1000, Michael Ellerman wrote:
> The semi-recent changes to MSR handling when entering RTAS (firmware)
> cause crashes on IBM Cell machines. An example trace:
>
> kernel tried to execute user page (2fff01a8) - exploit attempt? (uid: 0)
> BUG: Unable to handle kernel instruction fetch
> Faulting instruction address: 0x2fff01a8
> Oops: Kernel access of bad area, sig: 11 [#1]
> BE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=4 NUMA Cell
> Modules linked in:
> CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 6.0.0-rc2-00433-gede0a8d3307a #207
> NIP: 000000002fff01a8 LR: 0000000000032608 CTR: 0000000000000000
> REGS: c0000000015236b0 TRAP: 0400 Tainted: G W (6.0.0-rc2-00433-gede0a8d3307a)
> MSR: 0000000008001002 <ME,RI> CR: 00000000 XER: 20000000
> ...
> NIP 0x2fff01a8
> LR 0x32608
> Call Trace:
> 0xc00000000143c5f8 (unreliable)
> .rtas_call+0x224/0x320
> .rtas_get_boot_time+0x70/0x150
> .read_persistent_clock64+0x114/0x140
> .read_persistent_wall_and_boot_offset+0x24/0x80
> .timekeeping_init+0x40/0x29c
> .start_kernel+0x674/0x8f0
> start_here_common+0x1c/0x50
>
> Unlike PAPR platforms where RTAS is only used in guests, on the IBM Cell
> machines Linux runs with MSR[HV] set but also uses RTAS, provided by
> SLOF.
>
> Fix it by copying the MSR[HV] bit from the MSR value we've just read
> using mfmsr into the value used for RTAS.
>
> It seems like we could also fix it using an #ifdef CELL to set MSR[HV],
> but that doesn't work because it's possible to build a single kernel
> image that runs on both Cell native and pseries.
>
> Fixes: b6b1c3ce06ca ("powerpc/rtas: Keep MSR[RI] set when calling RTAS")
> Cc: stable@vger.kernel.org # v5.19+
> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
> ---
> arch/powerpc/kernel/rtas_entry.S | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/arch/powerpc/kernel/rtas_entry.S b/arch/powerpc/kernel/rtas_entry.S
> index 9a434d42e660..6ce95ddadbcd 100644
> --- a/arch/powerpc/kernel/rtas_entry.S
> +++ b/arch/powerpc/kernel/rtas_entry.S
> @@ -109,8 +109,12 @@ _GLOBAL(enter_rtas)
> * its critical regions (as specified in PAPR+ section 7.2.1). MSR[S]
> * is not impacted by RFI_TO_KERNEL (only urfid can unset it). So if
> * MSR[S] is set, it will remain when entering RTAS.
> + * If we're in HV mode, RTAS must also run in HV mode, so extract MSR_HV
> + * from the saved MSR value and insert into the value RTAS will use.
> */
Interestingly it looks like these are the first uses of these extended
mnemonics in the kernel?
> + extrdi r0, r6, 1, 63 - MSR_HV_LG
Or in non-mnemonic form...
rldicl r0, r6, 64 - MSR_HV_LG, 63
> LOAD_REG_IMMEDIATE(r6, MSR_ME | MSR_RI)
> + insrdi r6, r0, 1, 63 - MSR_HV_LG
Or in non-mnemonic form...
rldimi r6, r0, MSR_HV_LG, 63 - MSR_HV_LG
It is ok to use r0 as a scratch register as it is loaded with 0 afterwards anyway.
>
> li r0,0
> mtmsrd r0,1 /* disable RI before using SRR0/1 */
Reviewed-by: Jordan Niethe <jniethe5@gmail.com>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 2/2] powerpc/rtas: Fix RTAS MSR[HV] handling for Cell
2022-08-24 1:50 ` Jordan Niethe
@ 2022-08-24 12:04 ` Michael Ellerman
2022-08-25 1:22 ` Jordan Niethe
0 siblings, 1 reply; 7+ messages in thread
From: Michael Ellerman @ 2022-08-24 12:04 UTC (permalink / raw)
To: Jordan Niethe, linuxppc-dev; +Cc: rmclure, ldufour, npiggin
Jordan Niethe <jniethe5@gmail.com> writes:
> On Tue, 2022-08-23 at 21:59 +1000, Michael Ellerman wrote:
>> The semi-recent changes to MSR handling when entering RTAS (firmware)
>> cause crashes on IBM Cell machines. An example trace:
...
>> diff --git a/arch/powerpc/kernel/rtas_entry.S b/arch/powerpc/kernel/rtas_entry.S
>> index 9a434d42e660..6ce95ddadbcd 100644
>> --- a/arch/powerpc/kernel/rtas_entry.S
>> +++ b/arch/powerpc/kernel/rtas_entry.S
>> @@ -109,8 +109,12 @@ _GLOBAL(enter_rtas)
>> * its critical regions (as specified in PAPR+ section 7.2.1). MSR[S]
>> * is not impacted by RFI_TO_KERNEL (only urfid can unset it). So if
>> * MSR[S] is set, it will remain when entering RTAS.
>> + * If we're in HV mode, RTAS must also run in HV mode, so extract MSR_HV
>> + * from the saved MSR value and insert into the value RTAS will use.
>> */
>
> Interestingly it looks like these are the first uses of these extended
> mnemonics in the kernel?
We used to have at least one use I know of in TM code, but it's since
been converted to C.
>> + extrdi r0, r6, 1, 63 - MSR_HV_LG
>
> Or in non-mnemonic form...
> rldicl r0, r6, 64 - MSR_HV_LG, 63
It's rldicl all the way down.
>> LOAD_REG_IMMEDIATE(r6, MSR_ME | MSR_RI)
>> + insrdi r6, r0, 1, 63 - MSR_HV_LG
>
> Or in non-mnemonic form...
> rldimi r6, r0, MSR_HV_LG, 63 - MSR_HV_LG
I think the extended mnemonics are slightly more readable than the
open-coded versions?
> It is ok to use r0 as a scratch register as it is loaded with 0 afterwards anyway.
I originally used r7, but r0 is more obviously safe.
>>
>> li r0,0
>> mtmsrd r0,1 /* disable RI before using SRR0/1 */
>
> Reviewed-by: Jordan Niethe <jniethe5@gmail.com>
Thanks.
cheers
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 2/2] powerpc/rtas: Fix RTAS MSR[HV] handling for Cell
2022-08-24 12:04 ` Michael Ellerman
@ 2022-08-25 1:22 ` Jordan Niethe
2022-08-25 8:03 ` Michael Ellerman
0 siblings, 1 reply; 7+ messages in thread
From: Jordan Niethe @ 2022-08-25 1:22 UTC (permalink / raw)
To: Michael Ellerman, linuxppc-dev; +Cc: rmclure, ldufour, npiggin
On Wed, 2022-08-24 at 22:04 +1000, Michael Ellerman wrote:
> Jordan Niethe <jniethe5@gmail.com> writes:
> > On Tue, 2022-08-23 at 21:59 +1000, Michael Ellerman wrote:
> > > The semi-recent changes to MSR handling when entering RTAS (firmware)
> > > cause crashes on IBM Cell machines. An example trace:
> ...
> > > diff --git a/arch/powerpc/kernel/rtas_entry.S b/arch/powerpc/kernel/rtas_entry.S
> > > index 9a434d42e660..6ce95ddadbcd 100644
> > > --- a/arch/powerpc/kernel/rtas_entry.S
> > > +++ b/arch/powerpc/kernel/rtas_entry.S
> > > @@ -109,8 +109,12 @@ _GLOBAL(enter_rtas)
> > > * its critical regions (as specified in PAPR+ section 7.2.1). MSR[S]
> > > * is not impacted by RFI_TO_KERNEL (only urfid can unset it). So if
> > > * MSR[S] is set, it will remain when entering RTAS.
> > > + * If we're in HV mode, RTAS must also run in HV mode, so extract MSR_HV
> > > + * from the saved MSR value and insert into the value RTAS will use.
> > > */
> >
> > Interestingly it looks like these are the first uses of these extended
> > mnemonics in the kernel?
>
> We used to have at least one use I know of in TM code, but it's since
> been converted to C.
>
> > > + extrdi r0, r6, 1, 63 - MSR_HV_LG
> >
> > Or in non-mnemonic form...
> > rldicl r0, r6, 64 - MSR_HV_LG, 63
>
> It's rldicl all the way down.
>
> > > LOAD_REG_IMMEDIATE(r6, MSR_ME | MSR_RI)
> > > + insrdi r6, r0, 1, 63 - MSR_HV_LG
> >
> > Or in non-mnemonic form...
> > rldimi r6, r0, MSR_HV_LG, 63 - MSR_HV_LG
>
> I think the extended mnemonics are slightly more readable than the
> open-coded versions?
Yeah definitely. I was just noting the plain instruction as I think we
have some existing patterns that may be potential candidates for conversion to the
extended version. Like in exceptions-64s.S
rldicl. r0, r12, (64-MSR_TS_LG), (64-2)
to
extrdi. r0, r12, 2, 63 - MSR_TS_LG - 1
Would it be worth changing these?
>
> > It is ok to use r0 as a scratch register as it is loaded with 0 afterwards anyway.
>
> I originally used r7, but r0 is more obviously safe.
>
> > > li r0,0
> > > mtmsrd r0,1 /* disable RI before using SRR0/1 */
> >
> > Reviewed-by: Jordan Niethe <jniethe5@gmail.com>
>
> Thanks.
>
> cheers
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 2/2] powerpc/rtas: Fix RTAS MSR[HV] handling for Cell
2022-08-25 1:22 ` Jordan Niethe
@ 2022-08-25 8:03 ` Michael Ellerman
0 siblings, 0 replies; 7+ messages in thread
From: Michael Ellerman @ 2022-08-25 8:03 UTC (permalink / raw)
To: Jordan Niethe, linuxppc-dev; +Cc: rmclure, ldufour, npiggin
Jordan Niethe <jniethe5@gmail.com> writes:
> On Wed, 2022-08-24 at 22:04 +1000, Michael Ellerman wrote:
>> Jordan Niethe <jniethe5@gmail.com> writes:
>> > On Tue, 2022-08-23 at 21:59 +1000, Michael Ellerman wrote:
>> > > The semi-recent changes to MSR handling when entering RTAS (firmware)
>> > > cause crashes on IBM Cell machines. An example trace:
>> ...
>> > > diff --git a/arch/powerpc/kernel/rtas_entry.S b/arch/powerpc/kernel/rtas_entry.S
>> > > index 9a434d42e660..6ce95ddadbcd 100644
>> > > --- a/arch/powerpc/kernel/rtas_entry.S
>> > > +++ b/arch/powerpc/kernel/rtas_entry.S
>> > > @@ -109,8 +109,12 @@ _GLOBAL(enter_rtas)
>> > > * its critical regions (as specified in PAPR+ section 7.2.1). MSR[S]
>> > > * is not impacted by RFI_TO_KERNEL (only urfid can unset it). So if
>> > > * MSR[S] is set, it will remain when entering RTAS.
>> > > + * If we're in HV mode, RTAS must also run in HV mode, so extract MSR_HV
>> > > + * from the saved MSR value and insert into the value RTAS will use.
>> > > */
>> >
>> > Interestingly it looks like these are the first uses of these extended
>> > mnemonics in the kernel?
>>
>> We used to have at least one use I know of in TM code, but it's since
>> been converted to C.
>>
>> > > + extrdi r0, r6, 1, 63 - MSR_HV_LG
>> >
>> > Or in non-mnemonic form...
>> > rldicl r0, r6, 64 - MSR_HV_LG, 63
>>
>> It's rldicl all the way down.
>>
>> > > LOAD_REG_IMMEDIATE(r6, MSR_ME | MSR_RI)
>> > > + insrdi r6, r0, 1, 63 - MSR_HV_LG
>> >
>> > Or in non-mnemonic form...
>> > rldimi r6, r0, MSR_HV_LG, 63 - MSR_HV_LG
>>
>> I think the extended mnemonics are slightly more readable than the
>> open-coded versions?
>
> Yeah definitely. I was just noting the plain instruction as I think we
> have some existing patterns that may be potential candidates for conversion to the
> extended version. Like in exceptions-64s.S
>
> rldicl. r0, r12, (64-MSR_TS_LG), (64-2)
> to
> extrdi. r0, r12, 2, 63 - MSR_TS_LG - 1
>
> Would it be worth changing these?
Some folks are very comfortable with rldicl and probably prefer the
former, but I'm not sure there's many of those people around anymore :)
I think the extrdi is a bit more readable.
You could use MSR_TS_T_LG to avoid the - 1? All those uses have a
comment about it being 2 bits already.
cheers
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 1/2] Revert "powerpc: Remove unused FW_FEATURE_NATIVE references"
2022-08-23 11:59 [PATCH 1/2] Revert "powerpc: Remove unused FW_FEATURE_NATIVE references" Michael Ellerman
2022-08-23 11:59 ` [PATCH 2/2] powerpc/rtas: Fix RTAS MSR[HV] handling for Cell Michael Ellerman
@ 2022-08-31 13:12 ` Michael Ellerman
1 sibling, 0 replies; 7+ messages in thread
From: Michael Ellerman @ 2022-08-31 13:12 UTC (permalink / raw)
To: Michael Ellerman, linuxppc-dev; +Cc: rmclure, ldufour, npiggin
On Tue, 23 Aug 2022 21:59:51 +1000, Michael Ellerman wrote:
> This reverts commit 79b74a68486765a4fe685ac4069bc71366c538f5.
>
> It broke booting on IBM Cell machines when the kernel is also built with
> CONFIG_PPC_PS3=y.
>
> That's because FW_FEATURE_NATIVE_ALWAYS = 0 does have an important
> effect, which is to clear the PS3 ALWAYS features from
> FW_FEATURE_ALWAYS.
>
> [...]
Applied to powerpc/fixes.
[1/2] Revert "powerpc: Remove unused FW_FEATURE_NATIVE references"
https://git.kernel.org/powerpc/c/310d1344e3c58cc2d625aa4e52cfcb7d8a26fcbf
[2/2] powerpc/rtas: Fix RTAS MSR[HV] handling for Cell
https://git.kernel.org/powerpc/c/91926d8b7e71aaf5f84f0cf208fc5a8b7a761050
cheers
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2022-08-31 13:13 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-08-23 11:59 [PATCH 1/2] Revert "powerpc: Remove unused FW_FEATURE_NATIVE references" Michael Ellerman
2022-08-23 11:59 ` [PATCH 2/2] powerpc/rtas: Fix RTAS MSR[HV] handling for Cell Michael Ellerman
2022-08-24 1:50 ` Jordan Niethe
2022-08-24 12:04 ` Michael Ellerman
2022-08-25 1:22 ` Jordan Niethe
2022-08-25 8:03 ` Michael Ellerman
2022-08-31 13:12 ` [PATCH 1/2] Revert "powerpc: Remove unused FW_FEATURE_NATIVE references" Michael Ellerman
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.