From: Finn Thain <fthain@linux-m68k.org>
To: Stan Johnson <userm57@yahoo.com>,
Christophe Leroy <christophe.leroy@csgroup.eu>
Cc: linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org,
Nick Piggin <npiggin@gmail.com>,
Michael Ellerman <mpe@ellerman.id.au>,
Paul Mackerras <paulus@samba.org>,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Stan Johnson <userm57@yahoo.com>
Subject: Re: [PATCH v3 31/41] powerpc/32: Dismantle EXC_XFER_STD/LITE/TEMPLATE
Date: Wed, 4 Aug 2021 14:57:48 +1000 (AEST) [thread overview]
Message-ID: <255f92fc-1667-bdd1-fcac-664c8644a96@linux-m68k.org> (raw)
In-Reply-To: <683c8156-97b0-5ba7-ce31-2e8613089836@yahoo.com>
On Tue, 3 Aug 2021, Stan Johnson wrote:
> Attached you will find the following six files:
>
> 1) config-5.13-patched_VMAP.txt
> 2) config-5.13-patched_NO_VMAP.txt
> 3) pb3400c-console-5.13-patched_VMAP.txt (using config 1)
> 4) pb3400c-console-5.13-patched_NO_VMAP.txt (using config 2)
> 5) ws-console-5.13-patched_VMAP.txt (using config 1)
> 6) ws-console-5.13-patched_NO_VMAP.txt (using config 2)
>
Thanks!
> The command lines in BootX were as follows:
>
> PB 3400c:
> root=/dev/sda13 console=ttyS0 video=chips65550:vmode:14,cmode:16
>
> Wallstreet:
> root=/dev/sda12 console=ttyS0 video=ofonly
>
> Notes:
>
> For 3), the patch seems to have fixed the "hang-at-boot" at the Mac
> OS screen for the PB 3400c.
I doubt that. I suspect that this is an unrelated failure that only
affects the Powerbook 3400 and only intermittently. I say that because
you've also observed this failure in v5.11.
So we should probably ignore this early-boot failure for the moment. Stan,
if it happens again, please reboot and retry. That may allow us to make
progress on the other bugs.
> After a successful boot, I didn't see any errors until I accessed the
> system via ssh. In an ssh window, I entered "dmesg" (no errors) followed
> by "ls -Rail /usr/bin", and while that was running, the errors appeared.
Since Stan has a yahoo email address that isn't allowed past the spam
filter, I'll paste that portion of the console log he sent --
Kernel attempted to write user page (78a930) - exploit attempt? (uid: 1000)
------------[ cut here ]------------
Bug: Write fault blocked by KUAP!
WARNING: CPU: 0 PID: 1619 at arch/powerpc/mm/fault.c:230 do_page_fault+0x484/0x720
Modules linked in:
CPU: 0 PID: 1619 Comm: sshd Not tainted 5.13.0-pmac-VMAP #10
NIP: c001b780 LR: c001b780 CTR: 00000000
REGS: cb981bc0 TRAP: 0700 Not tainted (5.13.0-pmac-VMAP)
MSR: 00021032 <ME,IR,DR,RI> CR: 24942424 XER: 00000000
GPR00: c001b780 cb981c80 c151c1e0 00000021 3ffffbff 085b0000 00000027 c8eb644c
GPR08: 00000023 00000000 00000000 00000000 24942424 0076f8c8 00000000 000186a0
GPR16: afab5544 afab5540 afab553c afab5538 afab5534 afab5530 00000004 0078a934
GPR24: 00000000 00000000 0078a970 02000000 c1497b60 0078a930 00000300 cb981cc0
NIP [c001b780] do_page_fault+0x484/0x720
LR [c001b780] do_page_fault+0x484/0x720
Call Trace:
[cb981c80] [c001b780] do_page_fault+0x484/0x720 (unreliable)
[cb981cb0] [c000424c] DataAccess_virt+0xd4/0xe4
--- interrupt: 300 at __copy_tofrom_user+0x110/0x20c
NIP: c001f9bc LR: c0172b04 CTR: 00000001
REGS: cb981cc0 TRAP: 0300 Not tainted (5.13.0-pmac-VMAP)
MSR: 00009032 <EE,ME,IR,DR,RI> CR: 442444e8 XER: 20000000
DAR: 0078a930 DSISR: 0a000000
GPR00: 00000000 cb981d80 c151c1e0 0078a930 cb981db8 00000004 0078a92c 00000100
GPR08: 00000122 10c279a1 10000000 c1800034 242444e2 0076f8c8 00000000 000186a0
GPR16: afab5544 afab5540 afab553c afab5538 afab5534 afab5530 00000004 0078a934
GPR24: 00000000 00000000 0078a970 0078a930 cb981dac cb981dac 00000001 00000004
NIP [c001f9bc] __copy_tofrom_user+0x110/0x20c
LR [c0172b04] core_sys_select+0x3e8/0x594
--- interrupt: 300
[cb981d80] [c0172960] core_sys_select+0x244/0x594 (unreliable)
[cb981ee0] [c0172d98] kern_select+0xe8/0x158
[cb981f30] [c001604c] ret_from_syscall+0x0/0x28
--- interrupt: c00 at 0xa7a4f388
NIP: a7a4f388 LR: a7a4f35c CTR: 00000000
REGS: cb981f40 TRAP: 0c00 Not tainted (5.13.0-pmac-VMAP)
MSR: 0000d032 <EE,PR,ME,IR,DR,RI> CR: 240044e2 XER: 20000000
GPR00: 0000008e afab54e0 a73cc7d0 0000000c 0078a930 0078a970 00000000 00000000
GPR08: 00000004 00000000 00000000 a79e45b0 28004462 0076f8c8 00000000 000186a0
GPR16: afab5544 afab5540 afab553c afab5538 afab5534 afab5530 00000004 00770490
GPR24: afab552f 00000004 00000000 0078a930 00000000 00771734 a7b2fff4 00798cb0
NIP [a7a4f388] 0xa7a4f388
LR [a7a4f35c] 0xa7a4f35c
--- interrupt: c00
Instruction dump:
3884aa30 3863012c 4807685d 807f0080 48042e41 2f830000 419e0148 3c80c079
3c60c076 38841b6c 38630174 4801f701 <0fe00000> 3860000b 4bfffe30 3c80c06b
---[ end trace c6ec12d4725e6f89 ]---
> I'll enter the same commands for the other three boots. It may be
> important that I didn't see errors until there was significant network
> access.
>
> For 4), the PB 3400c also booted normally. Errors started after
> logging in via ssh when I entered "dmesg". To be consistent with the
> first test, I followed that with "ls -Rail /usr/bin" and saw more
> errors. A normal reboot ("shutdown -r now") caused even more errors.
>
Here's the relevant portion of that log:
Kernel attempted to write user page (ba3bc0) - exploit attempt? (uid: 1000)
------------[ cut here ]------------
Bug: Write fault blocked by KUAP!
WARNING: CPU: 0 PID: 1609 at arch/powerpc/mm/fault.c:230 do_page_fault+0x484/0x720
Modules linked in:
CPU: 0 PID: 1609 Comm: bash Not tainted 5.13.0-pmac-NO_VMAP #11
NIP: c001b780 LR: c001b780 CTR: 00000000
REGS: c3c5bba0 TRAP: 0700 Not tainted (5.13.0-pmac-NO_VMAP)
MSR: 00021032 <ME,IR,DR,RI> CR: 24442424 XER: 00000000
GPR00: c001b780 c3c5bc60 c3842ca0 00000021 3ffffbff 085ac000 00000027 c8eb2444
GPR08: 00000023 00000000 00000000 00000000 24442424 00b6fff4 00180008 00000000
GPR16: c18ac148 c3c5beb0 c8fc3e00 00000000 c7a70000 00ba4260 00000000 00000000
GPR24: c3c5be90 00001000 c7a70000 02000000 c1f43900 00ba3bc0 00000300 c3c5bca0
NIP [c001b780] do_page_fault+0x484/0x720
LR [c001b780] do_page_fault+0x484/0x720
Call Trace:
[c3c5bc60] [c001b780] do_page_fault+0x484/0x720 (unreliable)
[c3c5bc90] [c000424c] DataAccess_virt+0xd4/0xe4
--- interrupt: 300 at __copy_tofrom_user+0xbc/0x20c
NIP: c001f968 LR: c03258c4 CTR: 00000031
REGS: c3c5bca0 TRAP: 0300 Not tainted (5.13.0-pmac-NO_VMAP)
MSR: 00009032 <EE,ME,IR,DR,RI> CR: 42424288 XER: 20000000
DAR: 00ba3bc0 DSISR: 0a000000
GPR00: 00000004 c3c5bd60 c3842ca0 00000084 c7a7096c 00000000 00ba3bbc 20776974
GPR08: 68207469 6c646520 287e290a 00000004 22422282 00b6fff4 00180008 00000000
GPR16: c18ac148 c3c5beb0 c8fc3e00 00000000 c7a70000 00ba4260 00000000 00000000
GPR24: c3c5be90 00001000 c7a70000 c8fc3e00 00001000 c3c5be98 00008000 00ba3260
NIP [c001f968] __copy_tofrom_user+0xbc/0x20c
LR [c03258c4] copy_page_to_iter+0x2c0/0xab8
--- interrupt: 300
[c3c5bd60] [00000000] 0x0 (unreliable)
[c3c5bdb0] [c00f5bb4] filemap_read+0x424/0xa2c
[c3c5be80] [c0156910] vfs_read+0x274/0x340
[c3c5bf00] [c0156ec4] ksys_read+0x70/0x118
[c3c5bf30] [c001604c] ret_from_syscall+0x0/0x28
--- interrupt: c00 at 0x86bc88
NIP: 0086bc88 LR: 0086bc5c CTR: 00000000
REGS: c3c5bf40 TRAP: 0c00 Not tainted (5.13.0-pmac-NO_VMAP)
MSR: 0000d032 <EE,PR,ME,IR,DR,RI> CR: 20422224 XER: 20000000
GPR00: 00000003 afa710a0 a799a8c0 00000003 00b9b260 00012b22 00badd88 00000000
GPR08: 0000e279 00012b31 00b9b258 00b9b178 00002564 00b6fff4 00b8b4c0 00000000
GPR16: 00000002 00012b22 00aa2ad0 00000000 00b85730 00b85680 00b87900 00b85620
GPR24: 00b856d0 00b9aa80 00000003 00b85520 00b855d0 00b878a0 00959ff4 0000000e
NIP [0086bc88] 0x86bc88
LR [0086bc5c] 0x86bc5c
--- interrupt: c00
Instruction dump:
3884a9e0 386300f0 48076575 807f0080 48042b59 2f830000 419e0148 3c80c079
3c60c076 38841b24 38630138 4801f419 <0fe00000> 3860000b 4bfffe30 3c80c06b
---[ end trace c6966f6cf6736566 ]---
So the PowerBook 3400 and the PowerBook G3 Series "Wallstreet" may have one
failure mode in common (?) The "Wallstreet" (stock v5.13), in the log
sent a few days ago, showed:
Kernel attempted to write user page (c6207c) - exploit attempt? (uid: 0)
BUG: Unable to handle kernel data access on write at 0x00c6207c
Faulting instruction address: 0xa77ad1dc
Oops: Kernel access of bad area, sig: 11 [#1]
...
> For 5), login at the Wallstreet X console failed, with errors. After
> logging in via ssh, entering "dmesg" and "ls -Rail /usr/bin" generated
> more errors.
>
Here's the relevant portion of the log:
------------[ cut here ]------------
kernel BUG at arch/powerpc/kernel/interrupt.c:49!
Oops: Exception in kernel mode, sig: 5 [#1]
BE PAGE_SIZE=4K MMU=Hash SMP NR_CPUS=2 PowerMac
Modules linked in:
CPU: 0 PID: 1859 Comm: xfce4-session Not tainted 5.13.0-pmac-VMAP #10
NIP: c0011474 LR: c0011464 CTR: 00000000
REGS: e2f75e40 TRAP: 0700 Not tainted (5.13.0-pmac-VMAP)
MSR: 00021032 <ME,IR,DR,RI> CR: 2400446c XER: 20000000
GPR00: c001604c e2f75f00 ca284a60 00000000 00000000 a5205eb0 00000008 00000020
GPR08: ffffffc0 00000001 501200d9 ce030005 ca285010 00c1f778 00000000 00000000
GPR16: 00945b20 009402f8 00000001 a6b87550 a51fd000 afb73220 a6b22c78 a6a6aecc
GPR24: 00000000 ffffffc0 00000020 00000008 a5205eb0 00000000 e2f75f40 000000ae
NIP [c0011474] system_call_exception+0x60/0x164
LR [c0011464] system_call_exception+0x50/0x164
Call Trace:
[e2f75f00] [00009000] 0x9000 (unreliable)
[e2f75f30] [c001604c] ret_from_syscall+0x0/0x28
--- interrupt: c00 at 0xa69d6cb0
NIP: a69d6cb0 LR: a69d6c3c CTR: 00000000
REGS: e2f75f40 TRAP: 0c00 Not tainted (5.13.0-pmac-VMAP)
MSR: 0000d032 <EE,PR,ME,IR,DR,RI> CR: 2400446c XER: 20000000
GPR00: 000000ae a5205de0 a5687ca0 00000000 00000000 a5205eb0 00000008 00000020
GPR08: ffffffc0 401201ea 401200d9 ffffffff c158f230 00c1f778 00000000 00000000
GPR16: 00945b20 009402f8 00000001 a6b87550 a51fd000 afb73220 a6b22c78 a6a6aecc
GPR24: afb72fc8 00000000 00000001 a5205f30 afb733dc 00000000 a6b85ff4 a5205eb0
NIP [a69d6cb0] 0xa69d6cb0
LR [a69d6c3c] 0xa69d6c3c
--- interrupt: c00
Instruction dump:
7cdb3378 93810020 7cbc2b78 93a10024 7c9d2378 93e1002c 7d3f4b78 4800d629
817e0084 931e0088 69690002 5529fffe <0f090000> 69694000 552997fe 0f090000
---[ end trace c66c6c3c44806276 ]---
> For 6), login at the Wallstreet X console worked, with no errors.
> There were also no errors from entering "dmesg" or "ls -Rail /usr/bin"
> in an ssh window. Everything seems stable.
>
I think that's consistent with results from a previous test with this
machine with v5.13 with CONFIG_VMAP_STACK disabled.
next prev parent reply other threads:[~2021-08-04 5:06 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-12 12:50 [PATCH v3 00/41] powerpc/32: Switch to interrupt entry/exit in C Christophe Leroy
2021-03-12 12:50 ` [PATCH v3 01/41] powerpc/traps: Declare unrecoverable_exception() as __noreturn Christophe Leroy
2021-03-12 12:50 ` [PATCH v3 02/41] powerpc/40x: Don't use SPRN_SPRG_SCRATCH0/1 in TLB miss handlers Christophe Leroy
2021-03-12 12:50 ` [PATCH v3 03/41] powerpc/40x: Change CRITICAL_EXCEPTION_PROLOG macro to a gas macro Christophe Leroy
2021-03-12 12:50 ` [PATCH v3 04/41] powerpc/40x: Save SRR0/SRR1 and r10/r11 earlier in critical exception Christophe Leroy
2021-03-12 12:50 ` [PATCH v3 05/41] powerpc/40x: Reorder a few instructions in critical exception prolog Christophe Leroy
2021-03-12 12:50 ` [PATCH v3 06/41] powerpc/40x: Prepare for enabling MMU " Christophe Leroy
2021-03-12 12:50 ` [PATCH v3 07/41] powerpc/40x: Prepare normal exception handler for enabling MMU early Christophe Leroy
2021-03-12 12:50 ` [PATCH v3 08/41] powerpc/32: Reconcile interrupts in C Christophe Leroy
2021-03-12 12:50 ` [PATCH v3 09/41] powerpc/32: Entry cpu time accounting " Christophe Leroy
2021-03-12 12:50 ` [PATCH v3 10/41] powerpc/32: Handle bookE debugging in C in exception entry Christophe Leroy
2021-03-12 12:50 ` [PATCH v3 11/41] powerpc/32: Use fast instruction to set MSR RI in exception prolog on 8xx Christophe Leroy
2021-03-12 12:50 ` [PATCH v3 12/41] powerpc/32: Remove ksp_limit Christophe Leroy
2021-03-12 12:50 ` [PATCH v3 13/41] powerpc/32: Always enable data translation in exception prolog Christophe Leroy
2021-03-12 12:50 ` [PATCH v3 14/41] powerpc/32: Tag DAR in EXCEPTION_PROLOG_2 for the 8xx Christophe Leroy
2021-03-12 12:50 ` [PATCH v3 15/41] powerpc/32: Enable instruction translation at the same time as data translation Christophe Leroy
2021-03-12 12:50 ` [PATCH v3 16/41] powerpc/32: Statically initialise first emergency context Christophe Leroy
2021-03-12 12:50 ` [PATCH v3 17/41] powerpc/32: Add vmap_stack_overflow label inside the macro Christophe Leroy
2021-03-12 12:50 ` [PATCH v3 18/41] powerpc/32: Use START_EXCEPTION() as much as possible Christophe Leroy
2021-03-12 12:50 ` [PATCH v3 19/41] powerpc/32: Move exception prolog code into .text once MMU is back on Christophe Leroy
2021-03-12 12:50 ` [PATCH v3 20/41] powerpc/32: Provide a name to exception prolog continuation in virtual mode Christophe Leroy
2021-03-12 12:50 ` [PATCH v3 21/41] powerpc/32: Refactor booke critical registers saving Christophe Leroy
2021-03-12 12:50 ` [PATCH v3 22/41] powerpc/32: Perform normal function call in exception entry Christophe Leroy
2021-03-12 12:50 ` [PATCH v3 23/41] powerpc/32: Always save non volatile registers on " Christophe Leroy
2021-03-12 12:50 ` [PATCH v3 24/41] powerpc/32: Replace ASM exception exit by C exception exit from ppc64 Christophe Leroy
2021-03-12 12:50 ` [PATCH v3 25/41] powerpc/32: Don't save thread.regs on interrupt entry Christophe Leroy
2021-03-12 12:50 ` [PATCH v3 26/41] powerpc/32: Set regs parameter in r3 in transfer_to_handler Christophe Leroy
2021-03-12 12:50 ` [PATCH v3 27/41] powerpc/32: Call bad_page_fault() from do_page_fault() Christophe Leroy
2021-03-12 12:50 ` [PATCH v3 28/41] powerpc/32: Save trap number on stack in exception prolog Christophe Leroy
2021-03-12 12:50 ` [PATCH v3 29/41] powerpc/32: Add a prepare_transfer_to_handler macro for exception prologs Christophe Leroy
2021-03-12 12:50 ` [PATCH v3 30/41] powerpc/32: Only restore non volatile registers when required Christophe Leroy
2021-03-12 12:50 ` [PATCH v3 31/41] powerpc/32: Dismantle EXC_XFER_STD/LITE/TEMPLATE Christophe Leroy
2021-07-31 10:12 ` Finn Thain
2021-07-31 15:39 ` Christophe Leroy
2021-08-01 1:21 ` Finn Thain
[not found] ` <34e52975-4ab9-4eb4-3501-02376e38a27c@yahoo.com>
2021-08-01 23:48 ` Finn Thain
2021-08-02 15:19 ` LEROY Christophe
2021-08-03 0:43 ` Finn Thain
[not found] ` <62d36dbb-4b39-f5bd-7962-4dcfbea729b3@linux-m68k.org>
[not found] ` <683c8156-97b0-5ba7-ce31-2e8613089836@yahoo.com>
2021-08-04 4:57 ` Finn Thain [this message]
2021-07-31 16:40 ` Christophe Leroy
2021-08-01 1:39 ` Finn Thain
2021-03-12 12:50 ` [PATCH v3 32/41] powerpc/32: Remove the xfer parameter in EXCEPTION() macro Christophe Leroy
2021-03-12 12:50 ` [PATCH v3 33/41] powerpc/32: Refactor saving of volatile registers in exception prologs Christophe Leroy
2021-03-12 12:50 ` [PATCH v3 34/41] powerpc/32: Save remaining registers in exception prolog Christophe Leroy
2021-03-12 12:50 ` [PATCH v3 35/41] powerpc/32: Return directly from power_save_ppc32_restore() Christophe Leroy
2021-03-12 12:50 ` [PATCH v3 36/41] powerpc/32: Only use prepare_transfer_to_handler function on book3s/32 and e500 Christophe Leroy
2021-03-12 12:50 ` [PATCH v3 37/41] powerpc/32s: Move KUEP locking/unlocking in C Christophe Leroy
2021-03-27 17:24 ` Christophe Leroy
2021-03-12 12:50 ` [PATCH v3 38/41] powerpc/64s: Make kuap_check_amr() and kuap_get_and_check_amr() generic Christophe Leroy
2021-03-12 12:50 ` [PATCH v3 39/41] powerpc/32s: Create C version of kuap save/restore/check helpers Christophe Leroy
2021-03-12 12:50 ` [PATCH v3 40/41] powerpc/8xx: " Christophe Leroy
2021-03-12 12:50 ` [PATCH v3 41/41] powerpc/32: Manage KUAP in C Christophe Leroy
2021-03-31 1:09 ` [PATCH v3 00/41] powerpc/32: Switch to interrupt entry/exit " Michael Ellerman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=255f92fc-1667-bdd1-fcac-664c8644a96@linux-m68k.org \
--to=fthain@linux-m68k.org \
--cc=benh@kernel.crashing.org \
--cc=christophe.leroy@csgroup.eu \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mpe@ellerman.id.au \
--cc=npiggin@gmail.com \
--cc=paulus@samba.org \
--cc=userm57@yahoo.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).