From: Nicholas Piggin <npiggin@gmail•com>
To: linuxppc-dev@lists•ozlabs.org, Michael Ellerman <mpe@ellerman•id.au>
Cc: aneesh.kumar@linux•ibm.com
Subject: Re: [PATCH 5/6] powerpc/mm/64s/hash: Add real-mode change_memory_range() for hash LPAR
Date: Mon, 22 Mar 2021 13:09:03 +1000 [thread overview]
Message-ID: <1616382012.2m85hefs07.astroid@bobo.none> (raw)
In-Reply-To: <87czvz4n47.fsf@mpe.ellerman.id.au>
Excerpts from Michael Ellerman's message of March 16, 2021 4:40 pm:
> Nicholas Piggin <npiggin@gmail•com> writes:
>> Excerpts from Michael Ellerman's message of February 11, 2021 11:51 pm:
>>> When we enabled STRICT_KERNEL_RWX we received some reports of boot
>>> failures when using the Hash MMU and running under phyp. The crashes
>>> are intermittent, and often exhibit as a completely unresponsive
>>> system, or possibly an oops.
> ...
>>>
>>> diff --git a/arch/powerpc/mm/book3s64/hash_pgtable.c b/arch/powerpc/mm/book3s64/hash_pgtable.c
>>> index 3663d3cdffac..01de985df2c4 100644
>>> --- a/arch/powerpc/mm/book3s64/hash_pgtable.c
>>> +++ b/arch/powerpc/mm/book3s64/hash_pgtable.c
>>> @@ -414,6 +428,73 @@ static void change_memory_range(unsigned long start, unsigned long end,
>>> mmu_kernel_ssize);
>>> }
>>>
>>> +static int notrace chmem_secondary_loop(struct change_memory_parms *parms)
>>> +{
>>> + unsigned long msr, tmp, flags;
>>> + int *p;
>>> +
>>> + p = &parms->cpu_counter.counter;
>>> +
>>> + local_irq_save(flags);
>>> + __hard_EE_RI_disable();
>>> +
>>> + asm volatile (
>>> + // Switch to real mode and leave interrupts off
>>> + "mfmsr %[msr] ;"
>>> + "li %[tmp], %[MSR_IR_DR] ;"
>>> + "andc %[tmp], %[msr], %[tmp] ;"
>>> + "mtmsrd %[tmp] ;"
>>> +
>>> + // Tell the master we are in real mode
>>> + "1: "
>>> + "lwarx %[tmp], 0, %[p] ;"
>>> + "addic %[tmp], %[tmp], -1 ;"
>>> + "stwcx. %[tmp], 0, %[p] ;"
>>> + "bne- 1b ;"
>>> +
>>> + // Spin until the counter goes to zero
>>> + "2: ;"
>>> + "lwz %[tmp], 0(%[p]) ;"
>>> + "cmpwi %[tmp], 0 ;"
>>> + "bne- 2b ;"
>>> +
>>> + // Switch back to virtual mode
>>> + "mtmsrd %[msr] ;"
>>
>> Pity we don't have something that can switch to emergency stack and
>> so we can write this stuff in C.
>>
>> How's something like this suit you?
>
> It looks like it would be really good for writing exploits :)
Hmm. In that case maybe the callee function could be inlined into it
like the interrupt wrappers, and the asm real-mode entry/exit gets
added around it rather than have this little exploit stub. So similar to
yours but with a stack switch as well so you can come back up in real
mode.
> I think at the very least we would want the asm part to load the SP
> from the paca itself, rather than taking it as a parameter.
>
> But I'm not sure writing these type of things in C is a big win, because
> you have to be so careful about what you call anyway. It's almost better
> in asm because it's so restrictive.
>
> Obviously having said that, my first attempt got the IRQ save/restore
> wrong, so maybe we should at least have some macros to help with it.
>
> Did you have another user for this in mind? The only one that I can
> think of at the moment is the subcore stuff.
Possibly rtas entry/exit (although that has other issues). But I guess
it's not a huge amount of asm compared with what I'm dealing with.
I'm okay if you just put your thing in at the moment, we might or might
not get keen and c-ify it later.
Thanks,
Nick
next prev parent reply other threads:[~2021-03-22 3:09 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-11 13:51 [PATCH 1/6] powerpc/mm/64s: Add _PAGE_KERNEL_ROX Michael Ellerman
2021-02-11 13:51 ` [PATCH 2/6] powerpc/pseries: Add key to flags in pSeries_lpar_hpte_updateboltedpp() Michael Ellerman
2021-02-16 5:39 ` Daniel Axtens
2021-02-18 23:25 ` Michael Ellerman
2021-02-11 13:51 ` [PATCH 3/6] powerpc/64s: Use htab_convert_pte_flags() in hash__mark_rodata_ro() Michael Ellerman
2021-02-16 5:50 ` Daniel Axtens
2021-02-11 13:51 ` [PATCH 4/6] powerpc/mm/64s/hash: Factor out change_memory_range() Michael Ellerman
2021-02-19 2:08 ` Daniel Axtens
2021-03-16 6:30 ` Michael Ellerman
2021-02-11 13:51 ` [PATCH 5/6] powerpc/mm/64s/hash: Add real-mode change_memory_range() for hash LPAR Michael Ellerman
2021-02-11 23:16 ` Nicholas Piggin
2021-03-20 13:04 ` Michael Ellerman
2021-03-22 2:56 ` Nicholas Piggin
2021-02-12 0:36 ` Nicholas Piggin
2021-03-16 6:40 ` Michael Ellerman
2021-03-22 3:09 ` Nicholas Piggin [this message]
2021-03-22 9:07 ` Michael Ellerman
2021-02-19 2:43 ` Daniel Axtens
2021-03-19 11:56 ` Michael Ellerman
2021-02-11 13:51 ` [PATCH 6/6] powerpc/mm/64s: Allow STRICT_KERNEL_RWX again Michael Ellerman
2021-04-10 14:28 ` [PATCH 1/6] powerpc/mm/64s: Add _PAGE_KERNEL_ROX Michael Ellerman
2021-04-19 5:17 ` Michael Ellerman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1616382012.2m85hefs07.astroid@bobo.none \
--to=npiggin@gmail$(echo .)com \
--cc=aneesh.kumar@linux$(echo .)ibm.com \
--cc=linuxppc-dev@lists$(echo .)ozlabs.org \
--cc=mpe@ellerman$(echo .)id.au \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox