From: Greg Kurz <groug@kaod•org>
To: Daniel Axtens <dja@axtens•net>
Cc: Jordan Niethe <jniethe5@gmail•com>,
linuxppc-dev@lists•ozlabs.org, alistair@popple•id.au
Subject: Re: [PATCH 18/18] powerpc/fault: Use analyse_instr() to check for store with updates to sp
Date: Fri, 7 Feb 2020 09:15:55 +0100 [thread overview]
Message-ID: <20200207091555.59442fac@bahia.lan> (raw)
In-Reply-To: <87immdu3je.fsf@dja-thinkpad.axtens.net>
On Thu, 19 Dec 2019 01:11:33 +1100
Daniel Axtens <dja@axtens•net> wrote:
> Jordan Niethe <jniethe5@gmail•com> writes:
>
> > A user-mode access to an address a long way below the stack pointer is
> > only valid if the instruction is one that would update the stack pointer
> > to the address accessed. This is checked by directly looking at the
> > instructions op-code. As a result is does not take into account prefixed
> > instructions. Instead of looking at the instruction our self, use
> > analyse_instr() determine if this a store instruction that will update
> > the stack pointer.
> >
> > Something to note is that there currently are not any store with update
> > prefixed instructions. Actually there is no plan for prefixed
> > update-form loads and stores. So this patch is probably not needed but
> > it might be preferable to use analyse_instr() rather than open coding
> > the test anyway.
>
> Yes please. I was looking through this code recently and was
> horrified. This improves things a lot and I think is justification
> enough as-is.
>
Except it doesn't work... I'm now experiencing a systematic crash of
systemd at boot in my fedora31 guest:
[ 3.322912] systemd[1]: segfault (11) at 7ffff3eaf550 nip 7ce4d42f8d78 lr 9d82c098fc0 code 1 in libsystemd-shared-243.so[7ce4d4150000+2e0000]
[ 3.323112] systemd[1]: code: 00000480 60420000 3c4c001e 3842edb0 7c0802a6 3d81fff0 fb81ffe0 fba1ffe8
[ 3.323244] systemd[1]: code: fbc1fff0 fbe1fff8 f8010010 7c200b78 <f801f001> 7c216000 4082fff8 f801ff71
f801f001 is
0x1a8d78 <serialize_item_format+40>: stdu r0,-4096(r1)
which analyse_instr() is supposed to decode as a STORE that
updates r1 so we should be good... Unfortunately analyse_instr()
forbids partial register sets, since it might return op->val
based on some register content depending on the instruction:
/* Following cases refer to regs->gpr[], so we need all regs */
if (!FULL_REGS(regs))
return -1;
analyse_instr() was introduced with instruction emulation in mind, which
goes far beyond the need we have in store_updates_sp(). Especially the
fault path doesn't care for the register content at all...
Not sure how to cope with that correctly (refactor analyse_instr() ? ) but
until someone comes up with a solution, please don't merge this patch.
Cheers,
--
Greg
> Regards,
> Daniel
> >
> > Signed-off-by: Jordan Niethe <jniethe5@gmail•com>
> > ---
> > arch/powerpc/mm/fault.c | 39 +++++++++++----------------------------
> > 1 file changed, 11 insertions(+), 28 deletions(-)
> >
> > diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c
> > index b5047f9b5dec..cb78b3ca1800 100644
> > --- a/arch/powerpc/mm/fault.c
> > +++ b/arch/powerpc/mm/fault.c
> > @@ -41,37 +41,17 @@
> > #include <asm/siginfo.h>
> > #include <asm/debug.h>
> > #include <asm/kup.h>
> > +#include <asm/sstep.h>
> >
> > /*
> > * Check whether the instruction inst is a store using
> > * an update addressing form which will update r1.
> > */
> > -static bool store_updates_sp(unsigned int inst)
> > +static bool store_updates_sp(struct instruction_op *op)
> > {
> > - /* check for 1 in the rA field */
> > - if (((inst >> 16) & 0x1f) != 1)
> > - return false;
> > - /* check major opcode */
> > - switch (inst >> 26) {
> > - case OP_STWU:
> > - case OP_STBU:
> > - case OP_STHU:
> > - case OP_STFSU:
> > - case OP_STFDU:
> > - return true;
> > - case OP_STD: /* std or stdu */
> > - return (inst & 3) == 1;
> > - case OP_31:
> > - /* check minor opcode */
> > - switch ((inst >> 1) & 0x3ff) {
> > - case OP_31_XOP_STDUX:
> > - case OP_31_XOP_STWUX:
> > - case OP_31_XOP_STBUX:
> > - case OP_31_XOP_STHUX:
> > - case OP_31_XOP_STFSUX:
> > - case OP_31_XOP_STFDUX:
> > + if (GETTYPE(op->type) == STORE) {
> > + if ((op->type & UPDATE) && (op->update_reg == 1))
> > return true;
> > - }
> > }
> > return false;
> > }
> > @@ -278,14 +258,17 @@ static bool bad_stack_expansion(struct pt_regs *regs, unsigned long address,
> >
> > if ((flags & FAULT_FLAG_WRITE) && (flags & FAULT_FLAG_USER) &&
> > access_ok(nip, sizeof(*nip))) {
> > - unsigned int inst;
> > + unsigned int inst, sufx;
> > + struct instruction_op op;
> > int res;
> >
> > pagefault_disable();
> > - res = __get_user_inatomic(inst, nip);
> > + res = __get_user_instr_inatomic(inst, sufx, nip);
> > pagefault_enable();
> > - if (!res)
> > - return !store_updates_sp(inst);
> > + if (!res) {
> > + analyse_instr(&op, uregs, inst, sufx);
> > + return !store_updates_sp(&op);
> > + }
> > *must_retry = true;
> > }
> > return true;
> > --
> > 2.20.1
next prev parent reply other threads:[~2020-02-07 10:43 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-26 5:21 [PATCH 00/18] Initial Prefixed Instruction support Jordan Niethe
2019-11-26 5:21 ` [PATCH 01/18] powerpc: Enable Prefixed Instructions Jordan Niethe
2019-11-26 5:21 ` [PATCH 02/18] powerpc: Add BOUNDARY SRR1 bit for future ISA version Jordan Niethe
2019-11-26 5:21 ` [PATCH 03/18] powerpc: Add PREFIXED " Jordan Niethe
2019-12-18 8:23 ` Daniel Axtens
2019-12-20 5:09 ` Jordan Niethe
2019-11-26 5:21 ` [PATCH 04/18] powerpc: Rename Bit 35 of SRR1 to indicate new purpose Jordan Niethe
2019-11-26 5:21 ` [PATCH 05/18] powerpc sstep: Prepare to support prefixed instructions Jordan Niethe
2019-12-18 8:35 ` Daniel Axtens
2019-12-20 5:11 ` Jordan Niethe
2019-12-20 5:40 ` Christophe Leroy
2019-12-18 14:15 ` Daniel Axtens
2019-12-20 5:17 ` Jordan Niethe
2020-01-07 3:01 ` Jordan Niethe
2020-01-13 6:18 ` Balamuruhan S
2020-02-06 23:12 ` Jordan Niethe
2019-11-26 5:21 ` [PATCH 06/18] powerpc sstep: Add support for prefixed integer load/stores Jordan Niethe
2020-01-10 10:38 ` Balamuruhan S
2020-02-07 0:18 ` Jordan Niethe
2020-01-10 15:13 ` Balamuruhan S
2020-02-07 0:20 ` Jordan Niethe
2019-11-26 5:21 ` [PATCH 07/18] powerpc sstep: Add support for prefixed floating-point load/stores Jordan Niethe
2019-11-26 5:21 ` [PATCH 08/18] powerpc sstep: Add support for prefixed VSX load/stores Jordan Niethe
2019-12-18 14:05 ` Daniel Axtens
2019-11-26 5:21 ` [PATCH 09/18] powerpc sstep: Add support for prefixed fixed-point arithmetic Jordan Niethe
2019-11-26 5:21 ` [PATCH 10/18] powerpc: Support prefixed instructions in alignment handler Jordan Niethe
2019-11-26 5:21 ` [PATCH 11/18] powerpc/traps: Check for prefixed instructions in facility_unavailable_exception() Jordan Niethe
2019-11-26 5:21 ` [PATCH 12/18] powerpc/xmon: Add initial support for prefixed instructions Jordan Niethe
2019-11-26 5:21 ` [PATCH 13/18] powerpc/xmon: Dump " Jordan Niethe
2019-11-26 5:21 ` [PATCH 14/18] powerpc/kprobes: Support kprobes on " Jordan Niethe
2020-01-14 7:19 ` Balamuruhan S
2020-01-16 6:09 ` Michael Ellerman
2019-11-26 5:21 ` [PATCH 15/18] powerpc/uprobes: Add support for " Jordan Niethe
2020-01-13 11:30 ` Balamuruhan S
2020-02-06 23:09 ` Jordan Niethe
2019-11-26 5:21 ` [PATCH 16/18] powerpc/hw_breakpoints: Initial " Jordan Niethe
2019-11-26 5:21 ` [PATCH 17/18] powerpc: Add prefix support to mce_find_instr_ea_and_pfn() Jordan Niethe
2019-11-26 5:21 ` [PATCH 18/18] powerpc/fault: Use analyse_instr() to check for store with updates to sp Jordan Niethe
2019-12-18 14:11 ` Daniel Axtens
2020-02-07 8:15 ` Greg Kurz [this message]
2020-02-08 0:28 ` Jordan Niethe
2019-12-03 4:31 ` [PATCH 00/18] Initial Prefixed Instruction support Andrew Donnellan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200207091555.59442fac@bahia.lan \
--to=groug@kaod$(echo .)org \
--cc=alistair@popple$(echo .)id.au \
--cc=dja@axtens$(echo .)net \
--cc=jniethe5@gmail$(echo .)com \
--cc=linuxppc-dev@lists$(echo .)ozlabs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox