1. 28 8月, 2017 1 次提交
  2. 23 8月, 2017 1 次提交
  3. 16 8月, 2017 5 次提交
  4. 07 8月, 2017 1 次提交
    • M
      Revert "powerpc/64: Avoid restore_math call if possible in syscall exit" · 44a12806
      Michael Ellerman 提交于
      This reverts commit bc4f65e4.
      
      As reported by Andreas, this commit is causing unrecoverable SLB misses in the
      system call exit path:
      
        Unrecoverable exception 4100 at c00000000000a1ec
        Oops: Unrecoverable exception, sig: 6 [#1]
        SMP NR_CPUS=2 PowerMac
        ...
        CPU: 0 PID: 18626 Comm: rm Not tainted 4.13.0-rc3 #1
        task: c00000018335e080 task.stack: c000000139e50000
        NIP: c00000000000a1ec LR: c00000000000a118 CTR: 0000000000000000
        REGS: c000000139e53bb0 TRAP: 4100   Not tainted  (4.13.0-rc3)
        MSR: 9000000000001030 <SF,HV,ME,IR,DR> CR: 24000044  XER: 20000000 SOFTE: 1
        GPR00: 0000000000000000 c000000139e53e30 c000000000abb500 fffffffffffffffe
        GPR04: c0000001eb866298 0000000000000000 0000000000000000 c00000018335e080
        GPR08: 900000000000d032 0000000000000000 0000000000000002 fffffffffffff001
        GPR12: c000000139e50000 c00000000ffff000 00003fffa8c0dca0 00003fffa8c0dc88
        GPR16: 0000000010000000 0000000000000001 00003fffa8c0eaa0 0000000000000000
        GPR20: 00003fffa8c27528 00003fffa8c27b00 0000000000000000 0000000000000000
        GPR24: 00003fffa8c0d918 00003ffff1b3efa0 00003fffa8c26d68 0000000000000000
        GPR28: 00003fffa8c249e8 00003fffa8c263d0 00003fffa8c27550 00003ffff1b3ef10
        NIP [c00000000000a1ec] system_call_exit+0xc0/0x21c
        LR [c00000000000a118] system_call+0x58/0x6c
        Call Trace:
        [c000000139e53e30] [c00000000000a118] system_call+0x58/0x6c (unreliable)
        Instruction dump:
        64a51000 7c6300d0 f8a101a0 4bffff9c 3c000000 60000006 780007c6 64000000
        60000000 7c004039 4082001c e8ed0170 <88070b78> 88c70b79 7c003214 2c200000
      
      This is caused by us trying to load THREAD_LOAD_FP with MSR_RI=0, and taking an
      SLB miss on the thread struct.
      Reported-by: NAndreas Schwab <schwab@linux-m68k.org>
      Diagnosed-by: NNicholas Piggin <npiggin@gmail.com>
      Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
      44a12806
  5. 15 6月, 2017 3 次提交
    • N
      powerpc/64s: Avoid cpabort in context switch when possible · 07d2a628
      Nicholas Piggin 提交于
      The ISA v3.0B copy-paste facility only requires cpabort when switching
      to a process that has foreign real addresses mapped (direct access to
      accelerators), to clear a potential copy buffer filled by a previous
      thread. There is no accelerator driver implemented yet, so cpabort can
      be removed. It can be be re-added when a driver is implemented.
      
      POWER9 DD1 requires the copy buffer to always be cleared on context
      switch, but if accelerators are not in use, then an unpaired copy from
      a dummy region is sufficient to clear data out of the copy buffer.
      
      This increases context switch performance by about 5% on POWER9.
      Signed-off-by: NNicholas Piggin <npiggin@gmail.com>
      Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
      07d2a628
    • N
      powerpc/64s: Leave interrupts hard enabled in context switch for radix · e4c0fc5f
      Nicholas Piggin 提交于
      Commit 4387e9ff25 ("[POWERPC] Fix PMU + soft interrupt disable bug")
      hard disabled interrupts over the low level context switch, because
      the SLB management can't cope with a PMU interrupt accesing the stack
      in that window.
      
      Radix based kernel mapping does not use the SLB so it does not require
      interrupts hard disabled here.
      
      This is worth 1-2% in context switch performance on POWER9.
      Signed-off-by: NNicholas Piggin <npiggin@gmail.com>
      Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
      e4c0fc5f
    • N
      powerpc/64: Avoid restore_math call if possible in syscall exit · bc4f65e4
      Nicholas Piggin 提交于
      The syscall exit code that branches to restore_math is quite heavy on
      Book3S, consisting of 2 mtmsr instructions. Threads that don't use both
      FP and vector can get caught here if the kernel ever uses FP or vector.
      Lazy-FP/vec context switching also trips this case.
      
      So check for lazy FP and vector before switching RI for restore_math.
      Move most of this case out of line.
      
      For threads that do want to restore math registers, the MSR switches are
      still suboptimal. Future direction may be to use a soft-RI bit to avoid
      MSR switches in kernel (similar to soft-EE), but for now at least the
      no-restore
      
      POWER9 context switch rate increases by about 5% due to sched_yield(2)
      return performance. I haven't constructed a test to measure the syscall
      cost.
      Signed-off-by: NNicholas Piggin <npiggin@gmail.com>
      Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
      bc4f65e4
  6. 06 6月, 2017 1 次提交
  7. 05 6月, 2017 1 次提交
    • B
      powerpc/kernel: Fix FP and vector register restoration · 1195892c
      Breno Leitao 提交于
      Currently tsk->thread->load_vec and load_fp are not initialized during
      task creation, which can lead to garbage values in these variables (non-zero
      values).
      
      These variables will be checked later in restore_math() to validate if the
      FP and vector registers are being utilized. Since these values might be
      non-zero, the restore_math() will continue to save the FP and vectors even if
      they were never utilized by the userspace application. load_fp and load_vec
      counters will then overflow (they wrap at 255) and the FP and Altivec will be
      finally disabled, but before that condition is reached (counter overflow)
      several context switches will have restored FP and vector registers without
      need, causing a performance degradation.
      
      Fixes: 70fe3d98 ("powerpc: Restore FPU/VEC/VSX if previously used")
      Cc: stable@vger.kernel.org # v4.6+
      Signed-off-by: NBreno Leitao <leitao@debian.org>
      Signed-off-by: NGustavo Romero <gusbromero@gmail.com>
      Acked-by: NAnton Blanchard <anton@samba.org>
      Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
      1195892c
  8. 15 5月, 2017 1 次提交
    • M
      powerpc/tm: Fix FP and VMX register corruption · f48e91e8
      Michael Neuling 提交于
      In commit dc310669 ("powerpc: tm: Always use fp_state and vr_state
      to store live registers"), a section of code was removed that copied
      the current state to checkpointed state. That code should not have been
      removed.
      
      When an FP (Floating Point) unavailable is taken inside a transaction,
      we need to abort the transaction. This is because at the time of the
      tbegin, the FP state is bogus so the state stored in the checkpointed
      registers is incorrect. To fix this, we treclaim (to get the
      checkpointed GPRs) and then copy the thread_struct FP live state into
      the checkpointed state. We then trecheckpoint so that the FP state is
      correctly restored into the CPU.
      
      The copying of the FP registers from live to checkpointed is what was
      missing.
      
      This simplifies the logic slightly from the original patch.
      tm_reclaim_thread() will now always write the checkpointed FP
      state. Either the checkpointed FP state will be written as part of
      the actual treclaim (in tm.S), or it'll be a copy of the live
      state. Which one we use is based on MSR[FP] from userspace.
      
      Similarly for VMX.
      
      Fixes: dc310669 ("powerpc: tm: Always use fp_state and vr_state to store live registers")
      Cc: stable@vger.kernel.org # 4.9+
      Signed-off-by: NMichael Neuling <mikey@neuling.org>
      Reviewed-by: cyrilbur@gmail.com
      Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
      f48e91e8
  9. 02 3月, 2017 3 次提交
  10. 25 1月, 2017 1 次提交
    • C
      powerpc/8xx: Implement hw_breakpoint · 4ad8622d
      Christophe Leroy 提交于
      This patch implements HW breakpoint on the 8xx. The 8xx has
      capability to manage HW breakpoints, which is slightly different
      than BOOK3S:
      1/ The breakpoint match doesn't trigger a DSI exception but a
      dedicated data breakpoint exception.
      2/ The breakpoint happens after the instruction has completed,
      no need to single step or emulate the instruction,
      3/ Matched address is not set in DAR but in BAR,
      4/ DABR register doesn't exist, instead we have registers
      LCTRL1, LCTRL2 and CMPx registers,
      5/ The match on one comparator is not on a double word but
      on a single word.
      
      The patch does:
      1/ Prepare the dedicated registers in call to __set_dabr(). In order
      to emulate the double word handling of BOOK3S, comparator E is set to
      DABR address value and comparator F to address + 4. Then breakpoint 1
      is set to match comparator E or F,
      2/ Skip the singlestepping stage when compiled for CONFIG_PPC_8xx,
      3/ Implement the exception. In that exception, the matched address
      is taken from SPRN_BAR and manage as if it was from SPRN_DAR.
      4/ I/D TLB error exception routines perform a tlbie on bad TLBs. That
      tlbie triggers the breakpoint exception when performed on the
      breakpoint address. For this reason, the routine returns if the match
      is from one of those two tlbie.
      Signed-off-by: NChristophe Leroy <christophe.leroy@c-s.fr>
      Signed-off-by: NScott Wood <oss@buserror.net>
      4ad8622d
  11. 24 1月, 2017 1 次提交
    • M
      powerpc: Revert the initial stack protector support · f2574030
      Michael Ellerman 提交于
      Unfortunately the stack protector support we merged recently only works
      on some toolchains. If the toolchain is built without glibc support
      everything works fine, but if glibc is built then it leads to a panic
      at boot.
      
      The solution is not rc5 material, so revert the support for now. This
      reverts commits:
      
      6533b7c1 ("powerpc: Initial stack protector (-fstack-protector) support")
      902e06eb ("powerpc/32: Change the stack protector canary value per task")
      
      Fixes: 6533b7c1 ("powerpc: Initial stack protector (-fstack-protector) support")
      Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
      f2574030
  12. 23 11月, 2016 1 次提交
  13. 14 11月, 2016 1 次提交
  14. 12 11月, 2016 4 次提交
  15. 27 10月, 2016 1 次提交
    • V
      powerpc/process: Fix CONFIG_ALIVEC typo in restore_tm_state() · 39715bf9
      Valentin Rothberg 提交于
      It should be ALTIVEC, not ALIVEC.
      
      Cyril explains: If a thread performs a transaction with altivec and then
      gets preempted for whatever reason, this bug may cause the kernel to not
      re-enable altivec when that thread runs again. This will result in an
      altivec unavailable fault, when that fault happens inside a user
      transaction the kernel has no choice but to enable altivec and doom the
      transaction.
      
      The result is that transactions using altivec may get aborted more often
      than they should.
      
      The difficulty in catching this with a selftest is my deliberate use of
      the word may above. Optimisations to avoid FPU/altivec/VSX faults mean
      that the kernel will always leave them on for 255 switches. This code
      prevents the kernel turning it off if it got to the 256th switch (and
      userspace was transactional).
      
      Fixes: dc16b553 ("powerpc: Always restore FPU/VEC/VSX if hardware transactional memory in use")
      Reviewed-by: NCyril Bur <cyrilbur@gmail.com>
      Signed-off-by: NValentin Rothberg <valentinrothberg@gmail.com>
      Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
      39715bf9
  16. 04 10月, 2016 7 次提交
    • C
      powerpc: tm: Enable transactional memory (TM) lazily for userspace · 5d176f75
      Cyril Bur 提交于
      Currently the MSR TM bit is always set if the hardware is TM capable.
      This adds extra overhead as it means the TM SPRS (TFHAR, TEXASR and
      TFAIR) must be swapped for each process regardless of if they use TM.
      
      For processes that don't use TM the TM MSR bit can be turned off
      allowing the kernel to avoid the expensive swap of the TM registers.
      
      A TM unavailable exception will occur if a thread does use TM and the
      kernel will enable MSR_TM and leave it so for some time afterwards.
      Signed-off-by: NCyril Bur <cyrilbur@gmail.com>
      Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
      5d176f75
    • C
      powerpc: tm: Rename transct_(*) to ck(\1)_state · 000ec280
      Cyril Bur 提交于
      Make the structures being used for checkpointed state named
      consistently with the pt_regs/ckpt_regs.
      Signed-off-by: NCyril Bur <cyrilbur@gmail.com>
      Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
      000ec280
    • C
      powerpc: tm: Always use fp_state and vr_state to store live registers · dc310669
      Cyril Bur 提交于
      There is currently an inconsistency as to how the entire CPU register
      state is saved and restored when a thread uses transactional memory
      (TM).
      
      Using transactional memory results in the CPU having duplicated
      (almost) all of its register state. This duplication results in a set
      of registers which can be considered 'live', those being currently
      modified by the instructions being executed and another set that is
      frozen at a point in time.
      
      On context switch, both sets of state have to be saved and (later)
      restored. These two states are often called a variety of different
      things. Common terms for the state which only exists after the CPU has
      entered a transaction (performed a TBEGIN instruction) in hardware are
      'transactional' or 'speculative'.
      
      Between a TBEGIN and a TEND or TABORT (or an event that causes the
      hardware to abort), regardless of the use of TSUSPEND the
      transactional state can be referred to as the live state.
      
      The second state is often to referred to as the 'checkpointed' state
      and is a duplication of the live state when the TBEGIN instruction is
      executed. This state is kept in the hardware and will be rolled back
      to on transaction failure.
      
      Currently all the registers stored in pt_regs are ALWAYS the live
      registers, that is, when a thread has transactional registers their
      values are stored in pt_regs and the checkpointed state is in
      ckpt_regs. A strange opposite is true for fp_state/vr_state. When a
      thread is non transactional fp_state/vr_state holds the live
      registers. When a thread has initiated a transaction fp_state/vr_state
      holds the checkpointed state and transact_fp/transact_vr become the
      structure which holds the live state (at this point it is a
      transactional state).
      
      This method creates confusion as to where the live state is, in some
      circumstances it requires extra work to determine where to put the
      live state and prevents the use of common functions designed (probably
      before TM) to save the live state.
      
      With this patch pt_regs, fp_state and vr_state all represent the
      same thing and the other structures [pending rename] are for
      checkpointed state.
      Acked-by: NSimon Guo <wei.guo.simon@gmail.com>
      Signed-off-by: NCyril Bur <cyrilbur@gmail.com>
      Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
      dc310669
    • C
      powerpc: Never giveup a reclaimed thread when enabling kernel {fp, altivec, vsx} · e909fb83
      Cyril Bur 提交于
      After a thread is reclaimed from its active or suspended transactional
      state the checkpointed state exists on CPU, this state (along with the
      live/transactional state) has been saved in its entirety by the
      reclaiming process.
      
      There exists a sequence of events that would cause the kernel to call
      one of enable_kernel_fp(), enable_kernel_altivec() or
      enable_kernel_vsx() after a thread has been reclaimed. These functions
      save away any user state on the CPU so that the kernel can use the
      registers. Not only is this saving away unnecessary at this point, it
      is actually incorrect. It causes a save of the checkpointed state to
      the live structures within the thread struct thus destroying the true
      live state for that thread.
      Signed-off-by: NCyril Bur <cyrilbur@gmail.com>
      Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
      e909fb83
    • C
      powerpc: Return the new MSR from msr_check_and_set() · 3cee070a
      Cyril Bur 提交于
      msr_check_and_set() always performs a mfmsr() to determine if it needs
      to perform an mtmsr(), as mfmsr() can be a costly operation
      msr_check_and_set() could return the MSR now on the CPU to avoid
      callers of msr_check_and_set having to make their own mfmsr() call.
      Signed-off-by: NCyril Bur <cyrilbur@gmail.com>
      Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
      3cee070a
    • C
      powerpc: Add check_if_tm_restore_required() to giveup_all() · b0f16b46
      Cyril Bur 提交于
      giveup_all() causes FPU/VMX/VSX facilities to be disabled in a threads
      MSR. If the thread performing the giveup was transactional, the kernel
      must record which facilities were in use before the giveup as the
      thread must have these facilities re-enabled on return to userspace.
      
      >From process.c:
       /*
        * This is called if we are on the way out to userspace and the
        * TIF_RESTORE_TM flag is set.  It checks if we need to reload
        * FP and/or vector state and does so if necessary.
        * If userspace is inside a transaction (whether active or
        * suspended) and FP/VMX/VSX instructions have ever been enabled
        * inside that transaction, then we have to keep them enabled
        * and keep the FP/VMX/VSX state loaded while ever the transaction
        * continues.  The reason is that if we didn't, and subsequently
        * got a FP/VMX/VSX unavailable interrupt inside a transaction,
        * we don't know whether it's the same transaction, and thus we
        * don't know which of the checkpointed state and the transactional
        * state to use.
        */
      
      Calling check_if_tm_restore_required() will set TIF_RESTORE_TM and
      save the MSR if needed.
      
      Fixes: c2085059 ("powerpc: create giveup_all()")
      Signed-off-by: NCyril Bur <cyrilbur@gmail.com>
      Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
      b0f16b46
    • C
      powerpc: Always restore FPU/VEC/VSX if hardware transactional memory in use · dc16b553
      Cyril Bur 提交于
      Comment from arch/powerpc/kernel/process.c:967:
       If userspace is inside a transaction (whether active or
       suspended) and FP/VMX/VSX instructions have ever been enabled
       inside that transaction, then we have to keep them enabled
       and keep the FP/VMX/VSX state loaded while ever the transaction
       continues.  The reason is that if we didn't, and subsequently
       got a FP/VMX/VSX unavailable interrupt inside a transaction,
       we don't know whether it's the same transaction, and thus we
       don't know which of the checkpointed state and the ransactional
       state to use.
      
      restore_math() restore_fp() and restore_altivec() currently may not
      restore the registers. It doesn't appear that this is more serious
      than a performance penalty. If the math registers aren't restored the
      userspace thread will still be run with the facility disabled.
      Userspace will not be able to read invalid values. On the first access
      it will take an facility unavailable exception and the kernel will
      detected an active transaction, at which point it will abort the
      transaction. There is the possibility for a pathological case
      preventing any progress by transactions, however, transactions
      are never guaranteed to make progress.
      
      Fixes: 70fe3d98 ("powerpc: Restore FPU/VEC/VSX if previously used")
      Signed-off-by: NCyril Bur <cyrilbur@gmail.com>
      Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
      dc16b553
  17. 13 9月, 2016 1 次提交
  18. 10 8月, 2016 1 次提交
    • C
      powerpc/ptrace: Fix coredump since ptrace TM changes · c7a318ba
      Cyril Bur 提交于
      Commit 8d460f61 ("powerpc/process: Add the function
      flush_tmregs_to_thread") added flush_tmregs_to_thread() and included
      the assumption that it would only be called for a task which is not
      current.
      
      Although this is correct for ptrace, when generating a core dump, some
      of the routines which call flush_tmregs_to_thread() are called. This
      leads to a WARNing such as:
      
        Not expecting ptrace on self: TM regs may be incorrect
        ------------[ cut here ]------------
        WARNING: CPU: 123 PID: 7727 at arch/powerpc/kernel/process.c:1088 flush_tmregs_to_thread+0x78/0x80
        CPU: 123 PID: 7727 Comm: libvirtd Not tainted 4.8.0-rc1-gcc6x-g61e8a0d5 #1
        task: c000000fe631b600 task.stack: c000000fe63b0000
        NIP: c00000000001a1a8 LR: c00000000001a1a4 CTR: c000000000717780
        REGS: c000000fe63b3420 TRAP: 0700   Not tainted  (4.8.0-rc1-gcc6x-g61e8a0d5)
        MSR: 900000010282b033 <SF,HV,VEC,VSX,EE,FP,ME,IR,DR,RI,LE,TM[E]>  CR: 28004222  XER: 20000000
        ...
        NIP [c00000000001a1a8] flush_tmregs_to_thread+0x78/0x80
        LR [c00000000001a1a4] flush_tmregs_to_thread+0x74/0x80
        Call Trace:
         flush_tmregs_to_thread+0x74/0x80 (unreliable)
         vsr_get+0x64/0x1a0
         elf_core_dump+0x604/0x1430
         do_coredump+0x5fc/0x1200
         get_signal+0x398/0x740
         do_signal+0x54/0x2b0
         do_notify_resume+0x98/0xb0
         ret_from_except_lite+0x70/0x74
      
      So fix flush_tmregs_to_thread() to detect the case where it is called on
      current, and a transaction is active, and in that case flush the TM regs
      to the thread_struct.
      
      This patch also moves flush_tmregs_to_thread() into ptrace.c as it is
      only called from that file.
      
      Fixes: 8d460f61 ("powerpc/process: Add the function flush_tmregs_to_thread")
      Signed-off-by: NCyril Bur <cyrilbur@gmail.com>
      [mpe: Flesh out change log]
      Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
      c7a318ba
  19. 01 8月, 2016 2 次提交
  20. 27 6月, 2016 1 次提交
    • C
      powerpc/tm: Always reclaim in start_thread() for exec() class syscalls · 8e96a87c
      Cyril Bur 提交于
      Userspace can quite legitimately perform an exec() syscall with a
      suspended transaction. exec() does not return to the old process, rather
      it load a new one and starts that, the expectation therefore is that the
      new process starts not in a transaction. Currently exec() is not treated
      any differently to any other syscall which creates problems.
      
      Firstly it could allow a new process to start with a suspended
      transaction for a binary that no longer exists. This means that the
      checkpointed state won't be valid and if the suspended transaction were
      ever to be resumed and subsequently aborted (a possibility which is
      exceedingly likely as exec()ing will likely doom the transaction) the
      new process will jump to invalid state.
      
      Secondly the incorrect attempt to keep the transactional state while
      still zeroing state for the new process creates at least two TM Bad
      Things. The first triggers on the rfid to return to userspace as
      start_thread() has given the new process a 'clean' MSR but the suspend
      will still be set in the hardware MSR. The second TM Bad Thing triggers
      in __switch_to() as the processor is still transactionally suspended but
      __switch_to() wants to zero the TM sprs for the new process.
      
      This is an example of the outcome of calling exec() with a suspended
      transaction. Note the first 700 is likely the first TM bad thing
      decsribed earlier only the kernel can't report it as we've loaded
      userspace registers. c000000000009980 is the rfid in
      fast_exception_return()
      
        Bad kernel stack pointer 3fffcfa1a370 at c000000000009980
        Oops: Bad kernel stack pointer, sig: 6 [#1]
        CPU: 0 PID: 2006 Comm: tm-execed Not tainted
        NIP: c000000000009980 LR: 0000000000000000 CTR: 0000000000000000
        REGS: c00000003ffefd40 TRAP: 0700   Not tainted
        MSR: 8000000300201031 <SF,ME,IR,DR,LE,TM[SE]>  CR: 00000000  XER: 00000000
        CFAR: c0000000000098b4 SOFTE: 0
        PACATMSCRATCH: b00000010000d033
        GPR00: 0000000000000000 00003fffcfa1a370 0000000000000000 0000000000000000
        GPR04: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
        GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
        GPR12: 00003fff966611c0 0000000000000000 0000000000000000 0000000000000000
        NIP [c000000000009980] fast_exception_return+0xb0/0xb8
        LR [0000000000000000]           (null)
        Call Trace:
        Instruction dump:
        f84d0278 e9a100d8 7c7b03a6 e84101a0 7c4ff120 e8410170 7c5a03a6 e8010070
        e8410080 e8610088 e8810090 e8210078 <4c000024> 48000000 e8610178 88ed023b
      
        Kernel BUG at c000000000043e80 [verbose debug info unavailable]
        Unexpected TM Bad Thing exception at c000000000043e80 (msr 0x201033)
        Oops: Unrecoverable exception, sig: 6 [#2]
        CPU: 0 PID: 2006 Comm: tm-execed Tainted: G      D
        task: c0000000fbea6d80 ti: c00000003ffec000 task.ti: c0000000fb7ec000
        NIP: c000000000043e80 LR: c000000000015a24 CTR: 0000000000000000
        REGS: c00000003ffef7e0 TRAP: 0700   Tainted: G      D
        MSR: 8000000300201033 <SF,ME,IR,DR,RI,LE,TM[SE]>  CR: 28002828  XER: 00000000
        CFAR: c000000000015a20 SOFTE: 0
        PACATMSCRATCH: b00000010000d033
        GPR00: 0000000000000000 c00000003ffefa60 c000000000db5500 c0000000fbead000
        GPR04: 8000000300001033 2222222222222222 2222222222222222 00000000ff160000
        GPR08: 0000000000000000 800000010000d033 c0000000fb7e3ea0 c00000000fe00004
        GPR12: 0000000000002200 c00000000fe00000 0000000000000000 0000000000000000
        GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
        GPR20: 0000000000000000 0000000000000000 c0000000fbea7410 00000000ff160000
        GPR24: c0000000ffe1f600 c0000000fbea8700 c0000000fbea8700 c0000000fbead000
        GPR28: c000000000e20198 c0000000fbea6d80 c0000000fbeab680 c0000000fbea6d80
        NIP [c000000000043e80] tm_restore_sprs+0xc/0x1c
        LR [c000000000015a24] __switch_to+0x1f4/0x420
        Call Trace:
        Instruction dump:
        7c800164 4e800020 7c0022a6 f80304a8 7c0222a6 f80304b0 7c0122a6 f80304b8
        4e800020 e80304a8 7c0023a6 e80304b0 <7c0223a6> e80304b8 7c0123a6 4e800020
      
      This fixes CVE-2016-5828.
      
      Fixes: bc2a9408 ("powerpc: Hook in new transactional memory code")
      Cc: stable@vger.kernel.org # v3.9+
      Signed-off-by: NCyril Bur <cyrilbur@gmail.com>
      Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
      8e96a87c
  21. 21 6月, 2016 2 次提交
    • J
      powerpc: Load Monitor Register Support · bd3ea317
      Jack Miller 提交于
      This enables new registers, LMRR and LMSER, that can trigger an EBB in
      userspace code when a monitored load (via the new ldmx instruction)
      loads memory from a monitored space. This facility is controlled by a
      new FSCR bit, LM.
      
      This patch disables the FSCR LM control bit on task init and enables
      that bit when a load monitor facility unavailable exception is taken
      for using it. On context switch, this bit is then used to determine
      whether the two relevant registers are saved and restored. This is
      done lazily for performance reasons.
      Signed-off-by: NJack Miller <jack@codezen.org>
      Signed-off-by: NMichael Neuling <mikey@neuling.org>
      Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
      bd3ea317
    • M
      powerpc: Improve FSCR init and context switching · b57bd2de
      Michael Neuling 提交于
      This fixes a few issues with FSCR init and switching.
      
      In commit 152d523e ("powerpc: Create context switch helpers
      save_sprs() and restore_sprs()") we moved the setting of the FSCR
      register from inside an CPU_FTR_ARCH_207S section to inside just a
      CPU_FTR_ARCH_DSCR section. Hence we are setting FSCR on POWER6/7 where
      the FSCR doesn't exist. This is harmless but we shouldn't do it.
      
      Also, we can simplify the FSCR context switch. We don't need to go
      through the calculation involving dscr_inherit. We can just restore
      what we saved last time.
      
      We also set an initial value in INIT_THREAD, so that pid 1 which is
      cloned from that gets a sane value.
      
      Based on patch by Jack Miller.
      Signed-off-by: NMichael Neuling <mikey@neuling.org>
      Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
      b57bd2de