[RFC PATCH] powerpc/signal: sanitise PT_NIP and sa_handler low bits

Sachin Sant sachinp at linux.vnet.ibm.com
Wed Dec 15 21:49:13 AEDT 2021 

> Reported-by: Sachin Sant <sachinp at linux.vnet.ibm.com>
> Signed-off-by: Nicholas Piggin <npiggin at gmail.com>
> ---
> I'm not entirely sure about the 32-bit / compat part. Or the 64-bit for
> that matter except that it does seem to fix the bug caused by the test
> program.
> 
> Thanks,
> Nick
> 
> arch/powerpc/kernel/signal_32.c | 23 ++++++++++++++++-------
> arch/powerpc/kernel/signal_64.c | 17 ++++++++++++-----
> 2 files changed, 28 insertions(+), 12 deletions(-)

Sorry for the delayed feedback. I was observing confusing test results
so had to be sure. 

Test results are against  5.16.0-rc5-03218-g798527287598 (powerpc/merge)

I ran some extended set of kernel self tests (from powerpc/signal and
powerpc/security) on POWER8, POWER9 and POWER10 configs.

On POWER8 & POWER10 LPAR with this fix tests ran successfully.

on POWER9 PowerNV with the fix and following set of configs

CONFIG_PPC_IRQ_SOFT_MASK_DEBUG=y
CONFIG_PPC_RFI_SRR_DEBUG=y

the tests ran successfully.

But with the fix and following set of configs

CONFIG_PPC_IRQ_SOFT_MASK_DEBUG=y
CONFIG_PPC_RFI_SRR_DEBUG=n

I still a warning and then a crash:

[  550.568588] count-cache-flush: hardware flush enabled.
[  550.568593] link-stack-flush: software flush enabled.
[  550.569604] ------------[ cut here ]------------
[  550.569611] WARNING: CPU: 21 PID: 3784 at arch/powerpc/kernel/irq.c:288 arch_local_irq_restore+0x22c/0x230
[  550.569625] Modules linked in: nft_ct nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables rfkill libcrc32c nfnetlink i2c_dev rpcrdma sunrpc ib_umad rdma_ucm ib_srpt ib_isert iscsi_target_mod target_core_mod ib_ipoib ib_iser rdma_cm iw_cm libiscsi ib_cm scsi_transport_iscsi mlx5_ib ib_uverbs dm_mod ib_core ses enclosure tpm_i2c_nuvoton i2c_opal ipmi_powernv xts ipmi_devintf uio_pdrv_genirq vmx_crypto ipmi_msghandler i2c_core opal_prd uio ibmpowernv leds_powernv powernv_op_panel sch_fq_codel ip_tables ext4 mbcache jbd2 mlx5_core sd_mod t10_pi sg mpt3sas ipr tg3 libata mlxfw psample raid_class ptp scsi_transport_sas pps_core fuse
[  550.569752] CPU: 21 PID: 3784 Comm: NetworkManager Kdump: loaded Not tainted 5.16.0-rc5-03218-g798527287598 #8
[  550.569765] NIP:  c0000000000171dc LR: c000000000033240 CTR: c000000000cf1260
[  550.569774] REGS: c000000ae08bbab0 TRAP: 0700   Not tainted  (5.16.0-rc5-03218-g798527287598)
[  550.569784] MSR:  9000000000021031 <SF,HV,ME,IR,DR,LE>  CR: 28004444  XER: 20040000
[  550.569802] CFAR: c00000000001704c IRQMASK: 1
[  550.569802] GPR00: c000000000033240 c000000ae08bbd50 c000000002a10600 0000000000000000
[  550.569802] GPR04: c000000ae08bbe80 00007fffaea1ece0 0000000000000000 0000000000000000
[  550.569802] GPR08: 0000000000000002 0000000000000000 0000000000000002 0000000001f3fb0c
[  550.569802] GPR12: 0000000000004000 c000005fff7c9080 0000000000000000 0000000000000000
[  550.569802] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[  550.569802] GPR20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[  550.569802] GPR24: 0000000000000002 0000000000000001 0000000002002000 0000000002802000
[  550.569802] GPR28: 0000000000000000 0000000000000800 c000000ae08bbe80 0000000000040080
[  550.569899] NIP [c0000000000171dc] arch_local_irq_restore+0x22c/0x230
[  550.569909] LR [c000000000033240] interrupt_exit_user_prepare_main+0x150/0x260
[  550.569919] Call Trace:
[  550.569925] [c000000ae08bbd80] [c000000000033240] interrupt_exit_user_prepare_main+0x150/0x260
[  550.569937] [c000000ae08bbde0] [c000000000033744] syscall_exit_prepare+0x74/0x150
[  550.569948] [c000000ae08bbe10] [c00000000000c758] system_call_common+0xf8/0x268
[  550.569960] --- interrupt: c00 at 0x7fffaea1ece0
[  550.569968] NIP:  00007fffaea1ece0 LR: 00007fffaea1ecc4 CTR: 0000000000000000
[  550.569977] REGS: c000000ae08bbe80 TRAP: 0c00   Not tainted  (5.16.0-rc5-03218-g798527287598)
[  550.569987] MSR:  900000000280f033 <SF,HV,VEC,VSX,EE,PR,FP,ME,IR,DR,RI,LE>  CR: 24004448  XER: 00000000
[  550.570012] IRQMASK: 0
[  550.570012] GPR00: 00000000000000a7 00007fffeea71ce0 00007fffaeb07300 0000000000000001
[  550.570012] GPR04: 0000000000000007 0000000000013eed 0000000000000000 0000000000000002
[  550.570012] GPR08: 00007fffad6c7ea8 0000000000000000 0000000000000000 0000000000000000
[  550.570012] GPR12: 0000000000000000 00007fffad6cf510 0000000000000000 0000000000000000
[  550.570012] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[  550.570012] GPR20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[  550.570012] GPR24: 0000000000000000 0000000000000001 0000000000013eed 00007fffeea71da4
[  550.570012] GPR28: 0000000000000000 0000000000000007 000000013a1ae810 0000000000013eed
[  550.570105] NIP [00007fffaea1ece0] 0x7fffaea1ece0
[  550.570112] LR [00007fffaea1ecc4] 0x7fffaea1ecc4
[  550.570119] --- interrupt: c00
[  550.570124] Instruction dump:
[  550.570130] f8010040 0fe00000 4bfffff0 60000000 60000000 0fe00000 60000000 60000000
[  550.570148] 60000000 39200002 7d210164 4bfffec4 <0fe00000> 3c4c02a0 38429420 7c0802a6
[  550.570165] ---[ end trace b8833ddd6f9d2d40 ]---
[  550.570174] Unrecoverable exception 700 at c000000000017050 (msr=9000000000021031)
[  550.570184] Oops: Unrecoverable exception, sig: 6 [#1]
[  550.570191] LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA PowerNV
[  550.570200] Modules linked in: nft_ct nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables rfkill libcrc32c nfnetlink i2c_dev rpcrdma sunrpc ib_umad rdma_ucm ib_srpt ib_isert iscsi_target_mod target_core_mod ib_ipoib ib_iser rdma_cm iw_cm libiscsi ib_cm scsi_transport_iscsi mlx5_ib ib_uverbs dm_mod ib_core ses enclosure tpm_i2c_nuvoton i2c_opal ipmi_powernv xts ipmi_devintf uio_pdrv_genirq vmx_crypto ipmi_msghandler i2c_core opal_prd uio ibmpowernv leds_powernv powernv_op_panel sch_fq_codel ip_tables ext4 mbcache jbd2 mlx5_core sd_mod t10_pi sg mpt3sas ipr tg3 libata mlxfw psample raid_class ptp scsi_transport_sas pps_core fuse
[  550.570313] CPU: 21 PID: 3784 Comm: NetworkManager Kdump: loaded Tainted: G        W         5.16.0-rc5-03218-g798527287598 #8
[  550.570326] NIP:  c000000000017050 LR: c000000000033240 CTR: c000000000cf1260
[  550.570335] REGS: c000000ae08bbab0 TRAP: 0700   Tainted: G        W          (5.16.0-rc5-03218-g798527287598)
[  550.570346] MSR:  9000000000021031 <SF,HV,ME,IR,DR,LE>  CR: 28004444  XER: 20040000
[  550.570363] CFAR: c00000000001704c IRQMASK: 1
[  550.570363] GPR00: c000000000033240 c000000ae08bbd50 c000000002a10600 0000000000000000
[  550.570363] GPR04: c000000ae08bbe80 00007fffaea1ece0 0000000000000000 0000000000000000
[  550.570363] GPR08: 0000000000000002 0000000000000000 0000000000000002 0000000001f3fb0c
[  550.570363] GPR12: 0000000000004000 c000005fff7c9080 0000000000000000 0000000000000000
[  550.570363] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[  550.570363] GPR20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[  550.570363] GPR24: 0000000000000002 0000000000000001 0000000002002000 0000000002802000
[  550.570363] GPR28: 0000000000000000 0000000000000800 c000000ae08bbe80 0000000000040080
……..

Not sure if the above problem is related to the previous one I reported
or a different one.

Thanks
-Sachin

More information about the Linuxppc-dev mailing list