<div dir="ltr"><div class="gmail_default" style="font-family:monospace,monospace"><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Mar 9, 2018 at 12:45 AM, Ram Pai <span dir="ltr"><<a href="mailto:linuxram@us.ibm.com" target="_blank">linuxram@us.ibm.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="m_-2718020336272825470gmail-HOEnZb"><div class="m_-2718020336272825470gmail-h5">On Thu, Mar 08, 2018 at 11:19:12PM +1100, Michael Ellerman wrote:<br>
> Li Wang <<a href="mailto:liwang@redhat.com" target="_blank">liwang@redhat.com</a>> writes:<br>
> > Hi,<br>
> ><br>
> > ltp/mprotect04[1] crashed by SEGV_PKUERR on ppc64(LPAR on P730, Power 8<br>
> > 8247-22L) with kernel-v4.16.0-rc4.<br>
> ><br>
> > 10000000-10020000 r-xp 00000000 fd:00 167223 mprotect04<br>
> > 10020000-10030000 r--p 00010000 fd:00 167223 mprotect04<br>
> > 10030000-10040000 rw-p 00020000 fd:00 167223 mprotect04<br>
> > 1001a380000-1001a3b0000 rw-p 00000000 00:00 0 [heap]<br>
> > 7fffa6c60000-7fffa6c80000 --xp 00000000 00:00 0 <br>
> ><br>
> > &exec_func = 0x10030170<br>
> ><br>
> > &func = 0x7fffa6c60170<br>
> ><br>
> > While perform <br>
> > "(*func)();" we get the<br>
> > segmentation fault.<br>
> > <br>
> ><br>
> > strace log:<br>
> ><br>
> > -------------------<br>
> > mprotect(0x7fffaed00000, 131072, PROT_EXEC) = 0<br>
> > rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0<br>
> > --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_PKUERR, si_addr=0x7fffaed00170}<br>
> > ---<br>
><br>
> Looks like a bug to me.<br>
><br>
> Please Cc linuxppc-dev on powerpc bugs.<br>
><br>
> I also can't reproduce this failure on my machine.<br>
> Not sure what's going on?<br>
<br>
</div></div>I could reproduce it on a power7 lpar. But not on a power8 lpar.<br>
<br>
The problem seems to be that the cpu generates a key exception if<br>
the page with Read/Write-disable-but-execute<wbr>-enable key is executed<br>
on power7. If I enable read on that key, the exception disappears.<br></blockquote><div><br><div style="font-family:monospace,monospace" class="gmail_default">After adding read permission on that key, reproducer get PASS on my power8 machine too.</div><div style="font-family:monospace,monospace" class="gmail_default">(mprotect(..,PROT_READ | PROT_EXEC))</div><br> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
BTW: the testcase executes <div style="font-family:monospace,monospace;display:inline" class="gmail_default"></div>mprotect(..,PROT_EXEC).<br>
The mprotect(, PROT_EXEC) system call internally generates a<br>
execute-only key and associates it with the pages in the address-range. </blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
Now since Li Wang claims that he can reproduce it on power8 as well, i<br>
am wondering if the slightly different cpu behavior is dependent on the<br>
version of the firmware/microcode?<br></blockquote><div><br><div style="font-family:monospace,monospace" class="gmail_default">I also run this reproducer on series ppc kvm machines, but none of them get the FAIL.<br></div><div style="font-family:monospace,monospace" class="gmail_default">If you need some more HW info, pls let me know.</div><br> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<span class="m_-2718020336272825470gmail-HOEnZb"><font color="#888888"><br>
<br>
RP<br>
<br>
</font></span></blockquote></div><br><br clear="all"><br>-- <br><div class="m_-2718020336272825470gmail_signature">Li Wang<br><a href="mailto:liwang@redhat.com" target="_blank">liwang@redhat.com</a></div>
</div></div>