[PATCH v2] powerpc/64s/radix: Fix radix segment exception handling

Aneesh Kumar K.V aneesh.kumar at linux.ibm.com
Tue Apr 9 18:15:46 AEST 2019 

Nicholas Piggin <npiggin at gmail.com> writes:

> Commit 48e7b76957 ("powerpc/64s/hash: Convert SLB miss handlers to C")
> broke the radix-mode segment exception handler. In radix mode, this is
> exception is not an SLB miss, rather it signals that the EA is outside
> the range translated by any page table.
>
> The commit lost the radix feature alternate code patch, which can
> cause faults to some EAs to kernel BUG at arch/powerpc/mm/slb.c:639!
>
> The original radix code would send faults to slb_miss_large_addr,
> which would end up faulting due to slb_addr_limit being 0. This patch
> sends radix directly to do_bad_slb_fault, which is a bit clearer.
>

Reviewed-by: Aneesh Kumar K.V <aneesh.kumar at linux.ibm.com>

> Fixes: 48e7b76957 ("powerpc/64s/hash: Convert SLB miss handlers to C")
> Cc: Aneesh Kumar K.V <aneesh.kumar at linux.vnet.ibm.com>
> Reported-by: Anton Blanchard <anton at samba.org>
> Signed-off-by: Nicholas Piggin <npiggin at gmail.com>
> ---
> - Add a selftests that triggers the crash
>
>  arch/powerpc/kernel/exceptions-64s.S          | 12 +++
>  tools/testing/selftests/powerpc/mm/Makefile   |  3 +-
>  .../selftests/powerpc/mm/access_tests.c       | 94 +++++++++++++++++++
>  3 files changed, 108 insertions(+), 1 deletion(-)
>  create mode 100644 tools/testing/selftests/powerpc/mm/access_tests.c
>
> diff --git a/arch/powerpc/kernel/exceptions-64s.S b/arch/powerpc/kernel/exceptions-64s.S
> index a5b8fbae56a0..9481a117e242 100644
> --- a/arch/powerpc/kernel/exceptions-64s.S
> +++ b/arch/powerpc/kernel/exceptions-64s.S
> @@ -656,11 +656,17 @@ EXC_COMMON_BEGIN(data_access_slb_common)
>  	ld	r4,PACA_EXSLB+EX_DAR(r13)
>  	std	r4,_DAR(r1)
>  	addi	r3,r1,STACK_FRAME_OVERHEAD
> +BEGIN_MMU_FTR_SECTION
> +	/* HPT case, do SLB fault */
>  	bl	do_slb_fault
>  	cmpdi	r3,0
>  	bne-	1f
>  	b	fast_exception_return
>  1:	/* Error case */
> +MMU_FTR_SECTION_ELSE
> +	/* Radix case, access is outside page table range */
> +	li	r3,-EFAULT
> +ALT_MMU_FTR_SECTION_END_IFCLR(MMU_FTR_TYPE_RADIX)
>  	std	r3,RESULT(r1)
>  	bl	save_nvgprs
>  	RECONCILE_IRQ_STATE(r10, r11)
> @@ -705,11 +711,17 @@ EXC_COMMON_BEGIN(instruction_access_slb_common)
>  	EXCEPTION_PROLOG_COMMON(0x480, PACA_EXSLB)
>  	ld	r4,_NIP(r1)
>  	addi	r3,r1,STACK_FRAME_OVERHEAD
> +BEGIN_MMU_FTR_SECTION
> +	/* HPT case, do SLB fault */
>  	bl	do_slb_fault
>  	cmpdi	r3,0
>  	bne-	1f
>  	b	fast_exception_return
>  1:	/* Error case */
> +MMU_FTR_SECTION_ELSE
> +	/* Radix case, access is outside page table range */
> +	li	r3,-EFAULT
> +ALT_MMU_FTR_SECTION_END_IFCLR(MMU_FTR_TYPE_RADIX)
>  	std	r3,RESULT(r1)
>  	bl	save_nvgprs
>  	RECONCILE_IRQ_STATE(r10, r11)
> diff --git a/tools/testing/selftests/powerpc/mm/Makefile b/tools/testing/selftests/powerpc/mm/Makefile
> index 43d68420e363..68b7add5086d 100644
> --- a/tools/testing/selftests/powerpc/mm/Makefile
> +++ b/tools/testing/selftests/powerpc/mm/Makefile
> @@ -2,7 +2,7 @@
>  noarg:
>  	$(MAKE) -C ../
>  
> -TEST_GEN_PROGS := hugetlb_vs_thp_test subpage_prot prot_sao segv_errors wild_bctr
> +TEST_GEN_PROGS := hugetlb_vs_thp_test subpage_prot prot_sao segv_errors wild_bctr access_tests
>  TEST_GEN_FILES := tempfile
>  
>  top_srcdir = ../../../../..
> @@ -13,6 +13,7 @@ $(TEST_GEN_PROGS): ../harness.c
>  $(OUTPUT)/prot_sao: ../utils.c
>  
>  $(OUTPUT)/wild_bctr: CFLAGS += -m64
> +$(OUTPUT)/access_tests: CFLAGS += -m64
>  
>  $(OUTPUT)/tempfile:
>  	dd if=/dev/zero of=$@ bs=64k count=1
> diff --git a/tools/testing/selftests/powerpc/mm/access_tests.c b/tools/testing/selftests/powerpc/mm/access_tests.c
> new file mode 100644
> index 000000000000..ad300d7d9d43
> --- /dev/null
> +++ b/tools/testing/selftests/powerpc/mm/access_tests.c
> @@ -0,0 +1,94 @@
> +// SPDX-License-Identifier: GPL-2.0
> +
> +/*
> + * Copyright 2017 John Sperbeck
> + *
> + * Test faults to "interesting" locations.
> + */
> +
> +#include <stdbool.h>
> +#include <stdio.h>
> +#include <stdlib.h>
> +#include <string.h>
> +#include <unistd.h>
> +#include <signal.h>
> +#include <sys/mman.h>
> +#include <assert.h>
> +#include <ucontext.h>
> +
> +#include "utils.h"
> +
> +#define PAGE_SIZE	(64*1024)
> +#define TB		(1024ULL*1024*1024*1024)
> +static volatile bool faulted;
> +static volatile int si_code;
> +
> +static void segv_handler(int n, siginfo_t *info, void *ctxt_v)
> +{
> +	ucontext_t *ctxt = (ucontext_t *)ctxt_v;
> +	struct pt_regs *regs = ctxt->uc_mcontext.regs;
> +
> +	faulted = true;
> +	si_code = info->si_code;
> +	regs->nip += 4;
> +}
> +
> +int test_segv_errors(void)
> +{
> +	struct sigaction act = {
> +		.sa_sigaction = segv_handler,
> +		.sa_flags = SA_SIGINFO,
> +	};
> +	static unsigned long ptrs[] = {
> +		0x0f00000000000000ULL, /* Radix Q0 out of pgtable range */
> +		0x4000000000000000ULL, /* Radix Q1 */
> +		0x4f00000000000000ULL, /* Radix Q1 out of pgtable range */
> +		0x8000000000000000ULL, /* Radix Q2 */
> +		0x8f00000000000000ULL, /* Radix Q2 out of pgtable range */
> +		0xc000000000000000ULL, /* Radix Q3 */
> +		0xcf00000000000000ULL, /* Radix Q3 out of pgtable range */
> +		0xc000000000000000ULL, /* Hash kernel region */
> +		0xc000000000000000ULL + TB, /* Hash kernel region + 1 segment */
> +		0xc000000000000000ULL + TB - 1,
> +		0xd000000000000000ULL, /* Hash vmalloc region */
> +		0xd000000000000000ULL + TB,
> +		0xd000000000000000ULL + TB - 1,
> +		0xe000000000000000ULL,
> +		0xe000000000000000ULL + TB,
> +		0xe000000000000000ULL + TB - 1,
> +		0xf000000000000000ULL, /* Hash vmemmap region */
> +		0xf000000000000000ULL + TB,
> +		0xf000000000000000ULL + TB - 1,
> +	};
> +	size_t i;
> +
> +	FAIL_IF(sigaction(SIGSEGV, &act, NULL) != 0);
> +
> +	for (i = 0; i < sizeof(ptrs)/sizeof(ptrs[0]); i++) {
> +		volatile char *p = (void *)ptrs[i];
> +
> +		/*
> +		 * We just need a compiler barrier, but mb() works and has the
> +		 * nice property of being easy to spot in the disassembly.
> +		 */
> +		printf("testing %p...\n", p);
> +		faulted = false;
> +		si_code = 0;
> +		mb();
> +		(void)*p;
> +		mb();
> +		FAIL_IF(!faulted);
> +		FAIL_IF(si_code != SEGV_MAPERR && si_code != SEGV_BNDERR);
> +		/*
> +		 * Some accesses throw MAPERR, others BNDERR. Possibly all
> +		 * Q>0 accesses should cause BNDERR.
> +		 */
> +	}
> +
> +	return 0;
> +}
> +
> +int main(void)
> +{
> +	return test_harness(test_segv_errors, "segv_errors");
> +}
> -- 
> 2.20.1

More information about the Linuxppc-dev mailing list