<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<div class="moz-cite-prefix">
<pre>On 8/17/22 11:28, Michael Ellerman wrote:</pre>
</div>
<blockquote type="cite" cite="mid:87wnb7v2b3.fsf@mpe.ellerman.id.au">
<pre class="moz-quote-pre" wrap="">Sachin Sant <a class="moz-txt-link-rfc2396E" href="mailto:sachinp@linux.ibm.com"><sachinp@linux.ibm.com></a> writes:
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">Following crash is seen while running powerpc/mce subtest on
a Power10 LPAR.
1..1
# selftests: powerpc/mce: inject-ra-err
[ 155.240591] BUG: Unable to handle kernel data access on read at 0xc00e00022d55b503
[ 155.240618] Faulting instruction address: 0xc0000000006f1f0c
[ 155.240627] Oops: Kernel access of bad area, sig: 11 [#1]
[ 155.240633] LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries
[ 155.240642] Modules linked in: dm_mod mptcp_diag xsk_diag tcp_diag udp_diag raw_diag inet_diag unix_diag af_packet_diag netlink_diag nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 bonding rfkill tls ip_set nf_tables nfnetlink sunrpc binfmt_misc pseries_rng drm drm_panel_orientation_quirks xfs libcrc32c sd_mod t10_pi sr_mod crc64_rocksoft_generic cdrom crc64_rocksoft crc64 sg ibmvscsi ibmveth scsi_transport_srp xts vmx_crypto fuse
[ 155.240750] CPU: 4 PID: 3645 Comm: inject-ra-err Not tainted 6.0.0-rc1 #2
[ 155.240761] NIP: c0000000006f1f0c LR: c0000000000630d0 CTR: 0000000000000000
[ 155.240768] REGS: c0000000ff887890 TRAP: 0300 Not tainted (6.0.0-rc1)
[ 155.240776] MSR: 8000000000001003 <SF,ME,RI,LE> CR: 48002828 XER: 00000000
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap=""> ^^^^^^^^^^^^^
MMU is off, aka. real mode.
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">[ 155.240792] CFAR: c0000000000630cc DAR: c00e00022d55b503 DSISR: 40000000 IRQMASK: 3
[ 155.240792] GPR00: c0000000000630d0 c0000000ff887b30 c0000000044afe00 c00000116aada818
[ 155.240792] GPR04: 0000000000004d43 0000000000000008 c0000000000630d0 004d424900000000
[ 155.240792] GPR08: 0000000000000001 180000022d55b503 a80e000000000000 0000000003000048
[ 155.240792] GPR12: 0000000000000000 c0000000ffffb700 0000000000000000 0000000000000000
[ 155.240792] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[ 155.240792] GPR20: 0000000000000000 0000000000000000 0000000000000000 0000000010000b30
[ 155.240792] GPR24: 00007fff8dad0000 00007fff8dacf6d8 00007fffd1551e98 000000001001fce8
[ 155.240792] GPR28: c00000116aada888 c00000116aada800 0000000000004d43 c00000116aada818
[ 155.240885] NIP [c0000000006f1f0c] __asan_load2+0x5c/0xe0
[ 155.240898] LR [c0000000000630d0] pseries_errorlog_id+0x20/0x40
[ 155.240910] Call Trace:
[ 155.240914] [c0000000ff887b50] [c0000000000630d0] pseries_errorlog_id+0x20/0x40
[ 155.240925] [c0000000ff887b80] [c0000000015595c8] get_pseries_errorlog+0xa8/0x110
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
get_pseries_errorlog() is marked noinstr.
And pseries_errorlog_id() is:
static
inline uint16_t pseries_errorlog_id(struct pseries_errorlog *sect)
{
return be16_to_cpu(sect->id);
}
So I guess the compiler has decided not to inline it (why?!), and it is
not marked noinstr, so it gets KASAN instrumentation which crashes in
real mode.
We'll have to make sure everything get_pseries_errorlog() is either
forced inline, or marked noinstr.
</pre>
</blockquote>
<pre>Making the following functions always_inline and noinstr is fixing the issue.
__always_inline pseries_errorlog_id()
__always_inline pseries_errorlog_length()
__always_inline do_enter_rtas()
__always_inline srr_regs_clobbered()
noinstr va_rtas_call_unlocked()
Shall I post the patch?
</pre>
</body>
</html>