# git rev-parse -q --verify 5d2e5dd5849b4ef5e8ec35e812cdb732c13cd27e^{commit} # git fetch -q -n -f git://gitlab.ozlabs.ibm.com/linuxppc/linux.git fixes-test warning: The last gc run reported the following. Please correct the root cause and remove .git/gc.log. Automatic cleanup will not be performed until the file is removed. warning: There are too many unreachable loose objects; run 'git prune' to remove them. # git rev-parse -q --verify 5d2e5dd5849b4ef5e8ec35e812cdb732c13cd27e^{commit} 5d2e5dd5849b4ef5e8ec35e812cdb732c13cd27e # git checkout -q -f -B kisskb 5d2e5dd5849b4ef5e8ec35e812cdb732c13cd27e # git clean -qxdf # < git log -1 # commit 5d2e5dd5849b4ef5e8ec35e812cdb732c13cd27e # Author: Aneesh Kumar K.V # Date: Wed Jan 8 11:14:22 2020 +0530 # # powerpc/mm/hash: Fix sharing context ids between kernel & userspace # # Commit 0034d395f89d ("powerpc/mm/hash64: Map all the kernel regions in # the same 0xc range") has a bug in the definition of MIN_USER_CONTEXT. # # The result is that the context id used for the vmemmap and the lowest # context id handed out to userspace are the same. The context id is # essentially the process identifier as far as the first stage of the # MMU translation is concerned. # # This can result in multiple SLB entries with the same VSID (Virtual # Segment ID), accessible to the kernel and some random userspace # process that happens to get the overlapping id, which is not expected # eg: # # 07 c00c000008000000 40066bdea7000500 1T ESID= c00c00 VSID= 66bdea7 LLP:100 # 12 0002000008000000 40066bdea7000d80 1T ESID= 200 VSID= 66bdea7 LLP:100 # # Even though the user process and the kernel use the same VSID, the # permissions in the hash page table prevent the user process from # reading or writing to any kernel mappings. # # It can also lead to SLB entries with different base page size # encodings (LLP), eg: # # 05 c00c000008000000 00006bde0053b500 256M ESID=c00c00000 VSID= 6bde0053b LLP:100 # 09 0000000008000000 00006bde0053bc80 256M ESID= 0 VSID= 6bde0053b LLP: 0 # # Such SLB entries can result in machine checks, eg. as seen on a G5: # # Oops: Machine check, sig: 7 [#1] # BE PAGE SIZE=64K MU-Hash SMP NR_CPUS=4 NUMA Power Mac # NIP: c00000000026f248 LR: c000000000295e58 CTR: 0000000000000000 # REGS: c0000000erfd3d70 TRAP: 0200 Tainted: G M (5.5.0-rcl-gcc-8.2.0-00010-g228b667d8ea1) # MSR: 9000000000109032 CR: 24282048 XER: 00000000 # DAR: c00c000000612c80 DSISR: 00000400 IRQMASK: 0 # ... # NIP [c00000000026f248] .kmem_cache_free+0x58/0x140 # LR [c088000008295e58] .putname 8x88/0xa # Call Trace: # .putname+0xB8/0xa # .filename_lookup.part.76+0xbe/0x160 # .do_faccessat+0xe0/0x380 # system_call+0x5c/ex68 # # This happens with 256MB segments and 64K pages, as the duplicate VSID # is hit with the first vmemmap segment and the first user segment, and # older 32-bit userspace maps things in the first user segment. # # On other CPUs a machine check is not seen. Instead the userspace # process can get stuck continuously faulting, with the fault never # properly serviced, due to the kernel not understanding that there is # already a HPTE for the address but with inaccessible permissions. # # On machines with 1T segments we've not seen the bug hit other than by # deliberately exercising it. That seems to be just a matter of luck # though, due to the typical layout of the user virtual address space # and the ranges of vmemmap that are typically populated. # # To fix it we add 2 to MIN_USER_CONTEXT. This ensures the lowest # context given to userspace doesn't overlap with the VMEMMAP context, # or with the context for INVALID_REGION_ID. # # Fixes: 0034d395f89d ("powerpc/mm/hash64: Map all the kernel regions in the same 0xc range") # Cc: stable@vger.kernel.org # v5.2+ # Reported-by: Christian Marillat # Reported-by: Romain Dolbeau # Signed-off-by: Aneesh Kumar K.V # [mpe: Account for INVALID_REGION_ID, mostly rewrite change log] # Signed-off-by: Michael Ellerman # Link: https://lore.kernel.org/r/20200123102547.11623-1-mpe@ellerman.id.au # < /opt/cross/kisskb/korg/gcc-8.1.0-nolibc/m68k-linux/bin/m68k-linux-gcc --version # < /opt/cross/kisskb/korg/gcc-8.1.0-nolibc/m68k-linux/bin/m68k-linux-ld --version # < git log --format=%s --max-count=1 5d2e5dd5849b4ef5e8ec35e812cdb732c13cd27e # < make -s -j 32 ARCH=m68k O=/kisskb/build/powerpc-fixes_m68k-defconfig_m68k CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-8.1.0-nolibc/m68k-linux/bin/m68k-linux- defconfig # make -s -j 32 ARCH=m68k O=/kisskb/build/powerpc-fixes_m68k-defconfig_m68k CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-8.1.0-nolibc/m68k-linux/bin/m68k-linux- :1511:2: warning: #warning syscall clone3 not implemented [-Wcpp] In file included from /kisskb/src/arch/m68k/include/asm/amigayle.h:21, from /kisskb/src/arch/m68k/include/asm/io_mm.h:59, from /kisskb/src/arch/m68k/include/asm/io.h:8, from /kisskb/src/include/linux/clocksource.h:21, from /kisskb/src/arch/m68k/amiga/config.c:20: /kisskb/src/arch/m68k/amiga/config.c: In function 'amiga_identify': /kisskb/src/arch/m68k/include/asm/amigahw.h:42:50: warning: this statement may fall through [-Wimplicit-fallthrough=] #define AMIGAHW_SET(name) (amiga_hw_present.name = 1) ~~~~~~~~~~~~~~~~~~~~~~~^~~~ /kisskb/src/arch/m68k/amiga/config.c:223:3: note: in expansion of macro 'AMIGAHW_SET' AMIGAHW_SET(PCMCIA); ^~~~~~~~~~~ /kisskb/src/arch/m68k/amiga/config.c:224:2: note: here case AMI_500: ^~~~ /kisskb/src/arch/m68k/mvme147/config.c: In function 'mvme147_hwclk': /kisskb/src/arch/m68k/mvme147/config.c:175:2: warning: #warning check me! [-Wcpp] #warning check me! ^~~~~~~ /kisskb/src/arch/m68k/mvme16x/config.c: In function 'mvme16x_hwclk': /kisskb/src/arch/m68k/mvme16x/config.c:440:2: warning: #warning check me! [-Wcpp] #warning check me! ^~~~~~~ In file included from /kisskb/src/arch/m68k/include/asm/atomic.h:7, from /kisskb/src/include/linux/atomic.h:7, from /kisskb/src/include/linux/spinlock.h:445, from /kisskb/src/include/linux/seqlock.h:36, from /kisskb/src/include/linux/time.h:6, from /kisskb/src/include/linux/stat.h:19, from /kisskb/src/include/linux/module.h:13, from /kisskb/src/net/core/filter.c:20: /kisskb/src/net/core/filter.c: In function 'bpf_clear_redirect_map': /kisskb/src/arch/m68k/include/asm/cmpxchg.h:137:3: warning: value computed is not used [-Wunused-value] ((__typeof__(*(ptr)))__cmpxchg_local_generic((ptr), (unsigned long)(o),\ ~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ (unsigned long)(n), sizeof(*(ptr)))) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ /kisskb/src/include/asm-generic/cmpxchg.h:106:28: note: in expansion of macro 'cmpxchg_local' #define cmpxchg(ptr, o, n) cmpxchg_local((ptr), (o), (n)) ^~~~~~~~~~~~~ /kisskb/src/net/core/filter.c:3604:4: note: in expansion of macro 'cmpxchg' cmpxchg(&ri->map, map, NULL); ^~~~~~~ In file included from /kisskb/src/arch/m68k/include/asm/atomic.h:7, from /kisskb/src/include/linux/atomic.h:7, from /kisskb/src/include/linux/spinlock.h:445, from /kisskb/src/include/linux/mmzone.h:8, from /kisskb/src/include/linux/gfp.h:6, from /kisskb/src/include/linux/mm.h:10, from /kisskb/src/kernel/acct.c:47: /kisskb/src/kernel/acct.c: In function 'acct_pin_kill': /kisskb/src/arch/m68k/include/asm/cmpxchg.h:137:3: warning: value computed is not used [-Wunused-value] ((__typeof__(*(ptr)))__cmpxchg_local_generic((ptr), (unsigned long)(o),\ ~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ (unsigned long)(n), sizeof(*(ptr)))) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ /kisskb/src/include/asm-generic/cmpxchg.h:106:28: note: in expansion of macro 'cmpxchg_local' #define cmpxchg(ptr, o, n) cmpxchg_local((ptr), (o), (n)) ^~~~~~~~~~~~~ /kisskb/src/kernel/acct.c:177:2: note: in expansion of macro 'cmpxchg' cmpxchg(&acct->ns->bacct, pin, NULL); ^~~~~~~ In file included from /kisskb/src/drivers/net/ethernet/8390/xsurf100.c:48: /kisskb/src/drivers/net/ethernet/8390/lib8390.c:988:27: warning: '____alloc_ei_netdev' defined but not used [-Wunused-function] static struct net_device *____alloc_ei_netdev(int size) ^~~~~~~~~~~~~~~~~~~ /kisskb/src/drivers/net/ethernet/8390/lib8390.c:950:13: warning: '__ei_set_multicast_list' defined but not used [-Wunused-function] static void __ei_set_multicast_list(struct net_device *dev) ^~~~~~~~~~~~~~~~~~~~~~~ /kisskb/src/drivers/net/ethernet/8390/lib8390.c:850:33: warning: '__ei_get_stats' defined but not used [-Wunused-function] static struct net_device_stats *__ei_get_stats(struct net_device *dev) ^~~~~~~~~~~~~~ /kisskb/src/drivers/net/ethernet/8390/lib8390.c:509:13: warning: '__ei_poll' defined but not used [-Wunused-function] static void __ei_poll(struct net_device *dev) ^~~~~~~~~ /kisskb/src/drivers/net/ethernet/8390/lib8390.c:300:20: warning: '__ei_start_xmit' defined but not used [-Wunused-function] static netdev_tx_t __ei_start_xmit(struct sk_buff *skb, ^~~~~~~~~~~~~~~ /kisskb/src/drivers/net/ethernet/8390/lib8390.c:254:13: warning: '__ei_tx_timeout' defined but not used [-Wunused-function] static void __ei_tx_timeout(struct net_device *dev) ^~~~~~~~~~~~~~~ /kisskb/src/drivers/net/ethernet/8390/lib8390.c:230:12: warning: '__ei_close' defined but not used [-Wunused-function] static int __ei_close(struct net_device *dev) ^~~~~~~~~~ /kisskb/src/drivers/net/ethernet/8390/lib8390.c:201:12: warning: '__ei_open' defined but not used [-Wunused-function] static int __ei_open(struct net_device *dev) ^~~~~~~~~ In file included from /kisskb/src/drivers/net/phy/mdio_bus.c:23: /kisskb/src/include/linux/of_mdio.h:58:13: warning: 'of_mdiobus_child_is_phy' defined but not used [-Wunused-function] static bool of_mdiobus_child_is_phy(struct device_node *child) ^~~~~~~~~~~~~~~~~~~~~~~ In file included from /kisskb/src/arch/m68k/include/asm/atomic.h:7, from /kisskb/src/include/linux/atomic.h:7, from /kisskb/src/include/linux/spinlock.h:445, from /kisskb/src/include/linux/wait.h:9, from /kisskb/src/include/linux/wait_bit.h:8, from /kisskb/src/include/linux/fs.h:6, from /kisskb/src/fs/ocfs2/file.c:13: /kisskb/src/fs/ocfs2/file.c: In function 'ocfs2_file_write_iter': /kisskb/src/arch/m68k/include/asm/cmpxchg.h:79:22: warning: value computed is not used [-Wunused-value] #define xchg(ptr,x) ((__typeof__(*(ptr)))__xchg((unsigned long)(x),(ptr),sizeof(*(ptr)))) ~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ /kisskb/src/fs/ocfs2/file.c:2421:3: note: in expansion of macro 'xchg' xchg(&iocb->ki_complete, saved_ki_complete); ^~~~ /kisskb/src/net/netfilter/nf_flow_table_offload.c: In function 'nf_flow_rule_match': /kisskb/src/net/netfilter/nf_flow_table_offload.c:91:21: warning: unsigned conversion from 'int' to '__be16' {aka 'short unsigned int'} changes value from '327680' to '0' [-Woverflow] mask->tcp.flags = TCP_FLAG_RST | TCP_FLAG_FIN; ^~~~~~~~~~~~ In file included from /kisskb/src/arch/m68k/include/asm/atomic.h:7, from /kisskb/src/include/linux/atomic.h:7, from /kisskb/src/include/linux/spinlock.h:445, from /kisskb/src/include/linux/mmzone.h:8, from /kisskb/src/include/linux/gfp.h:6, from /kisskb/src/include/linux/slab.h:15, from /kisskb/src/fs/posix_acl.c:15: /kisskb/src/fs/posix_acl.c: In function 'get_acl': /kisskb/src/arch/m68k/include/asm/cmpxchg.h:137:3: warning: value computed is not used [-Wunused-value] ((__typeof__(*(ptr)))__cmpxchg_local_generic((ptr), (unsigned long)(o),\ ~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ (unsigned long)(n), sizeof(*(ptr)))) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ /kisskb/src/include/asm-generic/cmpxchg.h:106:28: note: in expansion of macro 'cmpxchg_local' #define cmpxchg(ptr, o, n) cmpxchg_local((ptr), (o), (n)) ^~~~~~~~~~~~~ /kisskb/src/fs/posix_acl.c:148:3: note: in expansion of macro 'cmpxchg' cmpxchg(p, sentinel, ACL_NOT_CACHED); ^~~~~~~ Completed OK # rm -rf /kisskb/build/powerpc-fixes_m68k-defconfig_m68k # Build took: 0:02:40.711804