KUEP broken on FSP2?

KUEP broken on FSP2?

[Eddie James]

Hi,

I'm attempting to run linux 6.1 on my FSP2, but my kernel crashes 
attempting to get into userspace. The init script works, but the first 
binary (mount) I run results in oops. Can anyone help me to debug this 
further or suggest anything?


Thanks,

Eddie


[    1.042743] kernel tried to execute user page (b7ee2000) - exploit 
attempt? (
uid: 0)
[    1.042846] BUG: Unable to handle kernel instruction fetch
[    1.042919] Faulting instruction address: 0xb7ee2000
[    1.042986] Oops: Kernel access of bad area, sig: 11 [#1]
[    1.043059] BE PAGE_SIZE=4K FSP-2
[    1.043106] Modules linked in:
[    1.043149] CPU: 0 PID: 61 Comm: mount Not tainted 
6.1.55-d23900f.ppcnf-fsp2
#1
[    1.043249] Hardware name: ibm,fsp2 476fpe 0x7ff520c0 FSP-2
[    1.043323] NIP:  b7ee2000 LR: 8c008000 CTR: 00000000
[    1.043392] REGS: bffebd83 TRAP: 0400   Not tainted 
(6.1.55-d23900f.ppcnf-fs
p2)
[    1.043491] MSR:  00000030 <IR,DR>  CR: 00001000  XER: 20000000
[    1.043579]
[    1.043579] GPR00: c00110ac bffebe63 bffebe7e bffebe88 8c008000 
00001000 0000
0d12 b7ee2000
[    1.043579] GPR08: 00000033 00000000 00000000 c139df10 48224824 
1016c314 1016
0000 00000000
[    1.043579] GPR16: 10160000 10160000 00000008 00000000 10160000 
00000000 1016
0000 1017f5b0
[    1.043579] GPR24: 1017fa50 1017f4f0 1017fa50 1017f740 1017f630 
00000000 0000
0000 1017f4f0
[    1.044101] NIP [b7ee2000] 0xb7ee2000
[    1.044153] LR [8c008000] 0x8c008000
[    1.044204] Call Trace:
[    1.044238] Instruction dump:
[    1.044279] XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX 
XXXXXXXX XX
XXXXXX
[    1.044392] XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX 
XXXXXXXX XX
XXXXXX
[    1.044506] ---[ end trace 0000000000000000 ]---
[    1.044568]
[    1.044590] note: mount[61] exited with irqs disabled

Re: KUEP broken on FSP2?

[Christophe Leroy]

Hi,

Le 05/10/2023 à 21:06, Eddie James a écrit :
> Hi,
> 
> I'm attempting to run linux 6.1 on my FSP2, but my kernel crashes 
> attempting to get into userspace. The init script works, but the first 
> binary (mount) I run results in oops. Can anyone help me to debug this 
> further or suggest anything?

I can't see anything in your dump suggesting that KUEP is broken, can you ?

What I see is that kernel tries to execute user memory, which is wrong. 
And KUEP perfectly works by blocking that access. There is no call 
trace, suggesting that the kernel has jumped in the weed.

Christophe

> 
> 
> Thanks,
> 
> Eddie
> 
> 
> [    1.042743] kernel tried to execute user page (b7ee2000) - exploit 
> attempt? (
> uid: 0)
> [    1.042846] BUG: Unable to handle kernel instruction fetch
> [    1.042919] Faulting instruction address: 0xb7ee2000
> [    1.042986] Oops: Kernel access of bad area, sig: 11 [#1]
> [    1.043059] BE PAGE_SIZE=4K FSP-2
> [    1.043106] Modules linked in:
> [    1.043149] CPU: 0 PID: 61 Comm: mount Not tainted 
> 6.1.55-d23900f.ppcnf-fsp2
> #1
> [    1.043249] Hardware name: ibm,fsp2 476fpe 0x7ff520c0 FSP-2
> [    1.043323] NIP:  b7ee2000 LR: 8c008000 CTR: 00000000
> [    1.043392] REGS: bffebd83 TRAP: 0400   Not tainted 
> (6.1.55-d23900f.ppcnf-fs
> p2)
> [    1.043491] MSR:  00000030 <IR,DR>  CR: 00001000  XER: 20000000
> [    1.043579]
> [    1.043579] GPR00: c00110ac bffebe63 bffebe7e bffebe88 8c008000 
> 00001000 0000
> 0d12 b7ee2000
> [    1.043579] GPR08: 00000033 00000000 00000000 c139df10 48224824 
> 1016c314 1016
> 0000 00000000
> [    1.043579] GPR16: 10160000 10160000 00000008 00000000 10160000 
> 00000000 1016
> 0000 1017f5b0
> [    1.043579] GPR24: 1017fa50 1017f4f0 1017fa50 1017f740 1017f630 
> 00000000 0000
> 0000 1017f4f0
> [    1.044101] NIP [b7ee2000] 0xb7ee2000
> [    1.044153] LR [8c008000] 0x8c008000
> [    1.044204] Call Trace:
> [    1.044238] Instruction dump:
> [    1.044279] XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX 
> XXXXXXXX XX
> XXXXXX
> [    1.044392] XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX 
> XXXXXXXX XX
> XXXXXX
> [    1.044506] ---[ end trace 0000000000000000 ]---
> [    1.044568]
> [    1.044590] note: mount[61] exited with irqs disabled
> 

Re: KUEP broken on FSP2?

[Eddie James]

On 10/6/23 00:21, Christophe Leroy wrote:
> Hi,
>
> Le 05/10/2023 à 21:06, Eddie James a écrit :
>> Hi,
>>
>> I'm attempting to run linux 6.1 on my FSP2, but my kernel crashes
>> attempting to get into userspace. The init script works, but the first
>> binary (mount) I run results in oops. Can anyone help me to debug this
>> further or suggest anything?
> I can't see anything in your dump suggesting that KUEP is broken, can you ?
>
> What I see is that kernel tries to execute user memory, which is wrong.
> And KUEP perfectly works by blocking that access. There is no call
> trace, suggesting that the kernel has jumped in the weed.


Right, the function works as intended, but the fact remains that I can't 
call anything in userspace (except init) without the kernel trying to 
execute that memory. I saw KUEP in the commit history and it seemed 
relevant, but I could certainly be mistaken. Can anyone think of 
anything else that might cause this? Or how I can debug further?


I went ahead and removed the couple of lines of assembly that enabled 
KUEP on 44x and tried again. Now I get a crash in load_elf_binary. NIP 
is the kfree(elf_phdata) and LR is garbage, so not entirely sure where 
it actually crashed...


Thanks,

Eddie


>
> Christophe
>
>>
>> Thanks,
>>
>> Eddie
>>
>>
>> [    1.042743] kernel tried to execute user page (b7ee2000) - exploit
>> attempt? (
>> uid: 0)
>> [    1.042846] BUG: Unable to handle kernel instruction fetch
>> [    1.042919] Faulting instruction address: 0xb7ee2000
>> [    1.042986] Oops: Kernel access of bad area, sig: 11 [#1]
>> [    1.043059] BE PAGE_SIZE=4K FSP-2
>> [    1.043106] Modules linked in:
>> [    1.043149] CPU: 0 PID: 61 Comm: mount Not tainted
>> 6.1.55-d23900f.ppcnf-fsp2
>> #1
>> [    1.043249] Hardware name: ibm,fsp2 476fpe 0x7ff520c0 FSP-2
>> [    1.043323] NIP:  b7ee2000 LR: 8c008000 CTR: 00000000
>> [    1.043392] REGS: bffebd83 TRAP: 0400   Not tainted
>> (6.1.55-d23900f.ppcnf-fs
>> p2)
>> [    1.043491] MSR:  00000030 <IR,DR>  CR: 00001000  XER: 20000000
>> [    1.043579]
>> [    1.043579] GPR00: c00110ac bffebe63 bffebe7e bffebe88 8c008000
>> 00001000 0000
>> 0d12 b7ee2000
>> [    1.043579] GPR08: 00000033 00000000 00000000 c139df10 48224824
>> 1016c314 1016
>> 0000 00000000
>> [    1.043579] GPR16: 10160000 10160000 00000008 00000000 10160000
>> 00000000 1016
>> 0000 1017f5b0
>> [    1.043579] GPR24: 1017fa50 1017f4f0 1017fa50 1017f740 1017f630
>> 00000000 0000
>> 0000 1017f4f0
>> [    1.044101] NIP [b7ee2000] 0xb7ee2000
>> [    1.044153] LR [8c008000] 0x8c008000
>> [    1.044204] Call Trace:
>> [    1.044238] Instruction dump:
>> [    1.044279] XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
>> XXXXXXXX XX
>> XXXXXX
>> [    1.044392] XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
>> XXXXXXXX XX
>> XXXXXX
>> [    1.044506] ---[ end trace 0000000000000000 ]---
>> [    1.044568]
>> [    1.044590] note: mount[61] exited with irqs disabled
>>

Re: KUEP broken on FSP2?

[Christophe Leroy]

Hi,

Le 06/10/2023 à 17:43, Eddie James a écrit :
> 
> On 10/6/23 00:21, Christophe Leroy wrote:
>> Hi,
>>
>> Le 05/10/2023 à 21:06, Eddie James a écrit :
>>> Hi,
>>>
>>> I'm attempting to run linux 6.1 on my FSP2, but my kernel crashes
>>> attempting to get into userspace. The init script works, but the first
>>> binary (mount) I run results in oops. Can anyone help me to debug this
>>> further or suggest anything?
>> I can't see anything in your dump suggesting that KUEP is broken, can 
>> you ?
>>
>> What I see is that kernel tries to execute user memory, which is wrong.
>> And KUEP perfectly works by blocking that access. There is no call
>> trace, suggesting that the kernel has jumped in the weed.
> 
> 
> Right, the function works as intended, but the fact remains that I can't 
> call anything in userspace (except init) without the kernel trying to 
> execute that memory. I saw KUEP in the commit history and it seemed 
> relevant, but I could certainly be mistaken. Can anyone think of 
> anything else that might cause this? Or how I can debug further?
> 
> 
> I went ahead and removed the couple of lines of assembly that enabled 
> KUEP on 44x and tried again. Now I get a crash in load_elf_binary. NIP 
> is the kfree(elf_phdata) and LR is garbage, so not entirely sure where 
> it actually crashed...

Which confirms that KUEP is not the culprit.

By the way when booting a bamboo defconfig on QEMU I have to problem.

Apparently KUEP for 4xx appears in Kernel 5.14.

Do you know of a kernel version that works ?

Can you check 5.14 (you have to explicitely select KUEP in that version, 
it is not forced yet) ?

Once you have a good version, then what about a bisect ?

Christophe

> 
> 
> Thanks,
> 
> Eddie
> 
> 
>>
>> Christophe
>>
>>>
>>> Thanks,
>>>
>>> Eddie
>>>
>>>
>>> [    1.042743] kernel tried to execute user page (b7ee2000) - exploit
>>> attempt? (
>>> uid: 0)
>>> [    1.042846] BUG: Unable to handle kernel instruction fetch
>>> [    1.042919] Faulting instruction address: 0xb7ee2000
>>> [    1.042986] Oops: Kernel access of bad area, sig: 11 [#1]
>>> [    1.043059] BE PAGE_SIZE=4K FSP-2
>>> [    1.043106] Modules linked in:
>>> [    1.043149] CPU: 0 PID: 61 Comm: mount Not tainted
>>> 6.1.55-d23900f.ppcnf-fsp2
>>> #1
>>> [    1.043249] Hardware name: ibm,fsp2 476fpe 0x7ff520c0 FSP-2
>>> [    1.043323] NIP:  b7ee2000 LR: 8c008000 CTR: 00000000
>>> [    1.043392] REGS: bffebd83 TRAP: 0400   Not tainted
>>> (6.1.55-d23900f.ppcnf-fs
>>> p2)
>>> [    1.043491] MSR:  00000030 <IR,DR>  CR: 00001000  XER: 20000000
>>> [    1.043579]
>>> [    1.043579] GPR00: c00110ac bffebe63 bffebe7e bffebe88 8c008000
>>> 00001000 0000
>>> 0d12 b7ee2000
>>> [    1.043579] GPR08: 00000033 00000000 00000000 c139df10 48224824
>>> 1016c314 1016
>>> 0000 00000000
>>> [    1.043579] GPR16: 10160000 10160000 00000008 00000000 10160000
>>> 00000000 1016
>>> 0000 1017f5b0
>>> [    1.043579] GPR24: 1017fa50 1017f4f0 1017fa50 1017f740 1017f630
>>> 00000000 0000
>>> 0000 1017f4f0
>>> [    1.044101] NIP [b7ee2000] 0xb7ee2000
>>> [    1.044153] LR [8c008000] 0x8c008000
>>> [    1.044204] Call Trace:
>>> [    1.044238] Instruction dump:
>>> [    1.044279] XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
>>> XXXXXXXX XX
>>> XXXXXX
>>> [    1.044392] XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
>>> XXXXXXXX XX
>>> XXXXXX
>>> [    1.044506] ---[ end trace 0000000000000000 ]---
>>> [    1.044568]
>>> [    1.044590] note: mount[61] exited with irqs disabled
>>>

Re: KUEP broken on FSP2?

[Eddie James]

On 10/6/23 10:55, Christophe Leroy wrote:
> Hi,
>
> Le 06/10/2023 à 17:43, Eddie James a écrit :
>> On 10/6/23 00:21, Christophe Leroy wrote:
>>> Hi,
>>>
>>> Le 05/10/2023 à 21:06, Eddie James a écrit :
>>>> Hi,
>>>>
>>>> I'm attempting to run linux 6.1 on my FSP2, but my kernel crashes
>>>> attempting to get into userspace. The init script works, but the first
>>>> binary (mount) I run results in oops. Can anyone help me to debug this
>>>> further or suggest anything?
>>> I can't see anything in your dump suggesting that KUEP is broken, can
>>> you ?
>>>
>>> What I see is that kernel tries to execute user memory, which is wrong.
>>> And KUEP perfectly works by blocking that access. There is no call
>>> trace, suggesting that the kernel has jumped in the weed.
>>
>> Right, the function works as intended, but the fact remains that I can't
>> call anything in userspace (except init) without the kernel trying to
>> execute that memory. I saw KUEP in the commit history and it seemed
>> relevant, but I could certainly be mistaken. Can anyone think of
>> anything else that might cause this? Or how I can debug further?
>>
>>
>> I went ahead and removed the couple of lines of assembly that enabled
>> KUEP on 44x and tried again. Now I get a crash in load_elf_binary. NIP
>> is the kfree(elf_phdata) and LR is garbage, so not entirely sure where
>> it actually crashed...
> Which confirms that KUEP is not the culprit.


Right.


>
> By the way when booting a bamboo defconfig on QEMU I have to problem.


Yes FSP2 is a bit "special"...


>
> Apparently KUEP for 4xx appears in Kernel 5.14.
>
> Do you know of a kernel version that works ?
>
> Can you check 5.14 (you have to explicitely select KUEP in that version,
> it is not forced yet) ?
>
> Once you have a good version, then what about a bisect ?


Yea 5.10 works. I'll try 5.14. I was hoping to avoid a bisect as my 
build and test process for this platform is quite time consuming.


Thanks,

Eddie


>
> Christophe
>
>>
>> Thanks,
>>
>> Eddie
>>
>>
>>> Christophe
>>>
>>>> Thanks,
>>>>
>>>> Eddie
>>>>
>>>>
>>>> [    1.042743] kernel tried to execute user page (b7ee2000) - exploit
>>>> attempt? (
>>>> uid: 0)
>>>> [    1.042846] BUG: Unable to handle kernel instruction fetch
>>>> [    1.042919] Faulting instruction address: 0xb7ee2000
>>>> [    1.042986] Oops: Kernel access of bad area, sig: 11 [#1]
>>>> [    1.043059] BE PAGE_SIZE=4K FSP-2
>>>> [    1.043106] Modules linked in:
>>>> [    1.043149] CPU: 0 PID: 61 Comm: mount Not tainted
>>>> 6.1.55-d23900f.ppcnf-fsp2
>>>> #1
>>>> [    1.043249] Hardware name: ibm,fsp2 476fpe 0x7ff520c0 FSP-2
>>>> [    1.043323] NIP:  b7ee2000 LR: 8c008000 CTR: 00000000
>>>> [    1.043392] REGS: bffebd83 TRAP: 0400   Not tainted
>>>> (6.1.55-d23900f.ppcnf-fs
>>>> p2)
>>>> [    1.043491] MSR:  00000030 <IR,DR>  CR: 00001000  XER: 20000000
>>>> [    1.043579]
>>>> [    1.043579] GPR00: c00110ac bffebe63 bffebe7e bffebe88 8c008000
>>>> 00001000 0000
>>>> 0d12 b7ee2000
>>>> [    1.043579] GPR08: 00000033 00000000 00000000 c139df10 48224824
>>>> 1016c314 1016
>>>> 0000 00000000
>>>> [    1.043579] GPR16: 10160000 10160000 00000008 00000000 10160000
>>>> 00000000 1016
>>>> 0000 1017f5b0
>>>> [    1.043579] GPR24: 1017fa50 1017f4f0 1017fa50 1017f740 1017f630
>>>> 00000000 0000
>>>> 0000 1017f4f0
>>>> [    1.044101] NIP [b7ee2000] 0xb7ee2000
>>>> [    1.044153] LR [8c008000] 0x8c008000
>>>> [    1.044204] Call Trace:
>>>> [    1.044238] Instruction dump:
>>>> [    1.044279] XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
>>>> XXXXXXXX XX
>>>> XXXXXX
>>>> [    1.044392] XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
>>>> XXXXXXXX XX
>>>> XXXXXX
>>>> [    1.044506] ---[ end trace 0000000000000000 ]---
>>>> [    1.044568]
>>>> [    1.044590] note: mount[61] exited with irqs disabled
>>>>

Re: KUEP broken on FSP2?

[Michael Ellerman]

Eddie James <eajames@linux.ibm.com> writes:
> Hi,
>
> I'm attempting to run linux 6.1 on my FSP2, but my kernel crashes 
> attempting to get into userspace. The init script works, but the first 
> binary (mount) I run results in oops. Can anyone help me to debug this 
> further or suggest anything?

Hi Eddie,

It looks like breakage in syscall_exit_finish.

Can you test this? Patch is against v6.1.

cheers


diff --git a/arch/powerpc/kernel/entry_32.S b/arch/powerpc/kernel/entry_32.S
index 3fc7c9886bb7..decd2594fb9c 100644
--- a/arch/powerpc/kernel/entry_32.S
+++ b/arch/powerpc/kernel/entry_32.S
@@ -135,7 +135,8 @@ ret_from_syscall:
 	lis	r4,icache_44x_need_flush@ha
 	lwz	r5,icache_44x_need_flush@l(r4)
 	cmplwi	cr0,r5,0
-	bne-	2f
+	bne-	.L44x_icache_flush
+.L44x_icache_flush_return:
 #endif /* CONFIG_PPC_47x */
 	kuep_unlock
 	lwz	r4,_LINK(r1)
@@ -170,10 +171,11 @@ syscall_exit_finish:
 	b	1b
 
 #ifdef CONFIG_44x
-2:	li	r7,0
+.L44x_icache_flush:
+	li	r7,0
 	iccci	r0,r0
 	stw	r7,icache_44x_need_flush@l(r4)
-	b	1b
+	b	.L44x_icache_flush_return
 #endif  /* CONFIG_44x */
 
 	.globl	ret_from_fork

Re: KUEP broken on FSP2?

[Eddie James]

On 10/9/23 08:14, Michael Ellerman wrote:
> Eddie James <eajames@linux.ibm.com> writes:
>> Hi,
>>
>> I'm attempting to run linux 6.1 on my FSP2, but my kernel crashes
>> attempting to get into userspace. The init script works, but the first
>> binary (mount) I run results in oops. Can anyone help me to debug this
>> further or suggest anything?
> Hi Eddie,
>
> It looks like breakage in syscall_exit_finish.
> Can you test this? Patch is against v6.1.


That worked! Perfect. Thank you very much! Will you send it upstream?


Thanks,

Eddie


>
> cheers
>
>
> diff --git a/arch/powerpc/kernel/entry_32.S b/arch/powerpc/kernel/entry_32.S
> index 3fc7c9886bb7..decd2594fb9c 100644
> --- a/arch/powerpc/kernel/entry_32.S
> +++ b/arch/powerpc/kernel/entry_32.S
> @@ -135,7 +135,8 @@ ret_from_syscall:
>   	lis	r4,icache_44x_need_flush@ha
>   	lwz	r5,icache_44x_need_flush@l(r4)
>   	cmplwi	cr0,r5,0
> -	bne-	2f
> +	bne-	.L44x_icache_flush
> +.L44x_icache_flush_return:
>   #endif /* CONFIG_PPC_47x */
>   	kuep_unlock
>   	lwz	r4,_LINK(r1)
> @@ -170,10 +171,11 @@ syscall_exit_finish:
>   	b	1b
>   
>   #ifdef CONFIG_44x
> -2:	li	r7,0
> +.L44x_icache_flush:
> +	li	r7,0
>   	iccci	r0,r0
>   	stw	r7,icache_44x_need_flush@l(r4)
> -	b	1b
> +	b	.L44x_icache_flush_return
>   #endif  /* CONFIG_44x */
>   
>   	.globl	ret_from_fork

Re: KUEP broken on FSP2?

[Christophe Leroy]

Le 09/10/2023 à 17:12, Eddie James a écrit :
> 
> On 10/9/23 08:14, Michael Ellerman wrote:
>> Eddie James <eajames@linux.ibm.com> writes:
>>> Hi,
>>>
>>> I'm attempting to run linux 6.1 on my FSP2, but my kernel crashes
>>> attempting to get into userspace. The init script works, but the first
>>> binary (mount) I run results in oops. Can anyone help me to debug this
>>> further or suggest anything?
>> Hi Eddie,
>>
>> It looks like breakage in syscall_exit_finish.
>> Can you test this? Patch is against v6.1.
> 
> 
> That worked! Perfect. Thank you very much! Will you send it upstream?

Well spotted Michael. Looks like I messed it up with commit 6f76a01173cc 
("powerpc/syscall: implement system call entry/exit logic in C for PPC32")

Thanks for fixing.

Christophe

> 
> 
> Thanks,
> 
> Eddie
> 
> 
>>
>> cheers
>>
>>
>> diff --git a/arch/powerpc/kernel/entry_32.S 
>> b/arch/powerpc/kernel/entry_32.S
>> index 3fc7c9886bb7..decd2594fb9c 100644
>> --- a/arch/powerpc/kernel/entry_32.S
>> +++ b/arch/powerpc/kernel/entry_32.S
>> @@ -135,7 +135,8 @@ ret_from_syscall:
>>       lis    r4,icache_44x_need_flush@ha
>>       lwz    r5,icache_44x_need_flush@l(r4)
>>       cmplwi    cr0,r5,0
>> -    bne-    2f
>> +    bne-    .L44x_icache_flush
>> +.L44x_icache_flush_return:
>>   #endif /* CONFIG_PPC_47x */
>>       kuep_unlock
>>       lwz    r4,_LINK(r1)
>> @@ -170,10 +171,11 @@ syscall_exit_finish:
>>       b    1b
>>   #ifdef CONFIG_44x
>> -2:    li    r7,0
>> +.L44x_icache_flush:
>> +    li    r7,0
>>       iccci    r0,r0
>>       stw    r7,icache_44x_need_flush@l(r4)
>> -    b    1b
>> +    b    .L44x_icache_flush_return
>>   #endif  /* CONFIG_44x */
>>       .globl    ret_from_fork

Re: KUEP broken on FSP2?

[Michael Ellerman]

Eddie James <eajames@linux.ibm.com> writes:
> On 10/9/23 08:14, Michael Ellerman wrote:
>> Eddie James <eajames@linux.ibm.com> writes:
>>> Hi,
>>>
>>> I'm attempting to run linux 6.1 on my FSP2, but my kernel crashes
>>> attempting to get into userspace. The init script works, but the first
>>> binary (mount) I run results in oops. Can anyone help me to debug this
>>> further or suggest anything?
>> Hi Eddie,
>>
>> It looks like breakage in syscall_exit_finish.
>> Can you test this? Patch is against v6.1.
>
>
> That worked! Perfect. Thank you very much! Will you send it upstream?

Great, thanks for testing. Yeah I'll send a patch.

cheers

Re: KUEP broken on FSP2?

[Michael Ellerman]

Christophe Leroy <christophe.leroy@csgroup.eu> writes:
> Le 09/10/2023 à 17:12, Eddie James a écrit :
>> 
>> On 10/9/23 08:14, Michael Ellerman wrote:
>>> Eddie James <eajames@linux.ibm.com> writes:
>>>> Hi,
>>>>
>>>> I'm attempting to run linux 6.1 on my FSP2, but my kernel crashes
>>>> attempting to get into userspace. The init script works, but the first
>>>> binary (mount) I run results in oops. Can anyone help me to debug this
>>>> further or suggest anything?
>>> Hi Eddie,
>>>
>>> It looks like breakage in syscall_exit_finish.
>>> Can you test this? Patch is against v6.1.
>> 
>> 
>> That worked! Perfect. Thank you very much! Will you send it upstream?
>
> Well spotted Michael. Looks like I messed it up with commit 6f76a01173cc 
> ("powerpc/syscall: implement system call entry/exit logic in C for PPC32")

I should have spotted it when applying ;)

That old asm code with all those unnamed labels was super fragile.

> Thanks for fixing.

No worries.

cheers