Kernel v6.17-rc4 with STATIC_CALL_SELFTEST=y enabled fails to boot at early stage (PowerMac G4 DP)

Christophe Leroy christophe.leroy at csgroup.eu
Thu Sep 4 20:05:30 AEST 2025 


Le 04/09/2025 à 11:57, Andrew Donnellan a écrit :
> On Thu, 2025-09-04 at 14:33 +0530, Madhavan Srinivasan wrote:
>>>> I am using qemu with -M mac99 and it boots
>>>>
>>>> Hardware name: PowerMac3,1 7400 0xc0209 PowerMac
>>>> printk: legacy bootconsole [udbg0] enabled
>>>> -----------------------------------------------------
>>>> phys_mem_size     = 0x8000000
>>>> dcache_bsize      = 0x20
>>>>
>>>> I am missing something here. Digging some more
>>>
>>>
>>> Did you use the .config provided by Erhard ?
>>>
>>
>> Oops. sorry for the noise
> 
> I noticed that I don't hit this using defconfigs (with JUMP_LABEL and
> STATIC_CALL_SELFTEST manually enabled), so I did some config bisection with
> Erhard's config.
> 
> It looks like you need CONFIG_KFENCE=y, and CONFIG_XMON=n.
> 
> Attached is a minimal config for current mainline, allnoconfig + CONFIG_PPC_PMAC
> (so I can get console output in qemu) + CONFIG_KFENCE + CONFIG_JUMP_LABEL +
> CONFIG_STATIC_CALL_SELFTEST.
> 
> Running with qemu-system-ppc -M mac99, we get the below.
> 
> Christophe: I'm not exactly sure what changes when you enable/disable KFENCE on
> book3s32, but it looks to me like it affects whether .init.text is mapped using
> BATs or not?

As I said in previous response, the problem seems to come from here:

arch/powerpc/include/asm/pgtable.h :

/*
  * Protection used for kernel text. We want the debuggers to be able to
  * set breakpoints anywhere, so don't write protect the kernel text
  * on platforms where such control is possible.
  */
#if defined(CONFIG_KGDB) || defined(CONFIG_XMON) || 
defined(CONFIG_BDI_SWITCH) || \
     defined(CONFIG_KPROBES) || defined(CONFIG_DYNAMIC_FTRACE)
#define PAGE_KERNEL_TEXT    PAGE_KERNEL_X
#else
#define PAGE_KERNEL_TEXT    PAGE_KERNEL_ROX
#endif

If you have neither CONFIG_KGDB nor CONFIG_XMON nor CONFIG_BDI_SWITCH 
nor CONFIG_KPROBES or CONFIG_DYNAMIC_FTRACE, kernel text is mapped 
Read-Only.

Using BATs or not shouldn't make any difference because:

With BATs we do:
arch/powerpc/mm/book3s32/mmu.c:         setibat(i++, PAGE_OFFSET + base, 
base, size, PAGE_KERNEL_TEXT);
arch/powerpc/mm/book3s32/mmu.c:         setibat(i++, PAGE_OFFSET + base, 
base, size, PAGE_KERNEL_TEXT);

Without BATs we do:
arch/powerpc/mm/pgtable_32.c:           map_kernel_page(v, p, ktext ? 
PAGE_KERNEL_TEXT : PAGE_KERNEL);



> 
> Andrew
> 
> ---------------------------------
> 
>>> =============================================================
>>> OpenBIOS 1.1 [Feb 12 2025 13:02]
>>> Configuration device id QEMU version 1 machine id 1
>>> CPUs: 1
>>> Memory: 128M
>>> UUID: 00000000-0000-0000-0000-000000000000
>>> CPU type PowerPC,G4
> milliseconds isn't unique.
> Welcome to OpenBIOS v1.1 built on Feb 12 2025 13:02
>>> [ppc] Kernel already loaded (0x01000000 + 0x004fcb28) (initrd 0x00000000 +
> 0x00000000)
>>> [ppc] Kernel command line: console=serial
>>> switching to new context:
> OF stdout device is: /pci at f2000000/mac-io at c/escc at 13000/ch-a at 13020
> Preparing to boot Linux version 6.17.0-rc4+ (ajd at jarvis.ozlabs.ibm.com)
> (powerpc64-linux-gnu-gcc (GCC) 15.2.1 20250808 (Red Hat Cross 15.2.1-1), GNU ld
> version 2.44-1.fc42) #2 Thu Sep  4 16:21:41 AEST 2025
> Detected machine type: 00000400
> command line:
> memory layout at init:
>    memory_limit : 00000000 (16 MB aligned)
>    alloc_bottom : 01501000
>    alloc_top    : 08000000
>    alloc_top_hi : 08000000
>    rmo_top      : 08000000
>    ram_top      : 08000000
> found display   : /pci at f2000000/QEMU,VGA at e, opening... done
> copying OF device tree...
> Building dt strings...
> Building dt structure...
> Device tree strings 0x01502000 -> 0x015010a4
> Device tree struct  0x01503000 -> 0x07de7eb0
> Quiescing Open Firmware ...
> Booting Linux via __start() @ 0x01000000 ...
> Hello World !
> Total memory = 128MB; using 256kB for hash table
> Linux version 6.17.0-rc4+ (ajd at jarvis.ozlabs.ibm.com) (powerpc64-linux-gnu-gcc
> (GCC) 15.2.1 20250808 (Red Hat Cross 15.2.1-1), GNU ld version 2.44-1.fc42) #2
> Thu Sep  4 16:21:41 AEST 2025
> OF: reserved mem: Reserved memory: No reserved-memory node in the DT
> ioremap() called early from pmac_feature_init+0xe0/0xb00. Use early_ioremap()
> instead
> Found UniNorth memory controller & host bridge @ 0xf8000000 revision: 0x07
> Mapped at 0xffb9e000
> ioremap() called early from probe_one_macio+0x134/0x24c. Use early_ioremap()
> instead
> Found a Keylargo mac-io controller, rev: 0, mapped at 0x(ptrval)
> PowerMac motherboard: PowerMac G4 AGP Graphics
> ioremap() called early from udbg_scc_init+0x190/0x398. Use early_ioremap()
> instead
> Hardware name: PowerMac3,1 7400 0xc0209 PowerMac
> printk: legacy bootconsole [udbg0] enabled
> -----------------------------------------------------
> phys_mem_size     = 0x8000000
> dcache_bsize      = 0x20
> icache_bsize      = 0x20
> cpu_features      = 0x000000000401a008
>    possible        = 0x00000000277de008
>    always          = 0x0000000000000000
> cpu_user_features = 0x8c000001 0x00000000
> mmu_features      = 0x00000001
> Hash_size         = 0x40000
> Hash_mask         = 0xfff
> -----------------------------------------------------
> ioremap() called early from pmac_setup_arch+0x110/0x224. Use early_ioremap()
> instead
> WARNING ! Your machine is CUDA-based but your kernel
>            wasn't compiled with CONFIG_ADB_CUDA option !
> Zone ranges:
>    DMA      [mem 0x0000000000000000-0x0000000007ffffff]
>    Normal   empty
> Movable zone start for each node
> Early memory node ranges
>    node   0: [mem 0x0000000000000000-0x0000000007ffffff]
> Initmem setup node 0 [mem 0x0000000000000000-0x0000000007ffffff]
> Kernel panic - not syncing: arch_static_call_transform: patching failed
> func_a+0x0/0x8 at 0x0
> CPU: 0 UID: 0 PID: 0 Comm: swapper Not tainted 6.17.0-rc4+ #2 NONE
> Hardware name: PowerMac3,1 7400 0xc0209 PowerMac
> Call Trace:
> [c04b9eb0] [c0292e00] dump_stack_lvl+0x50/0x78 (unreliable)
> [c04b9ed0] [c002d19c] vpanic+0xfc/0x2b4
> [c04b9f00] [c002d3b0] cpu_mitigations_off+0x0/0x14
> [c04b9f40] [c00127ac] fixup_cpc710_pci64+0x0/0x20
> [c04b9f70] [c035082c] static_call_init+0x108/0x140
> [c04b9fa0] [c0342ed0] start_kernel+0x78/0x4a8
> [c04b9ff0] [00003500] 0x3500
> Rebooting in 180 seconds..

More information about the Linuxppc-dev mailing list