# git rev-parse -q --verify cc43634c11b8ced6d99562d1e188e100c9e76e61^{commit} cc43634c11b8ced6d99562d1e188e100c9e76e61 already have revision, skipping fetch # git checkout -q -f -B kisskb cc43634c11b8ced6d99562d1e188e100c9e76e61 # git clean -qxdf # < git log -1 # commit cc43634c11b8ced6d99562d1e188e100c9e76e61 # Author: Gustavo Luiz Duarte # Date: Tue Feb 11 00:38:29 2020 -0300 # # powerpc/tm: Fix clearing MSR[TS] in current when reclaiming on signal delivery # # After a treclaim, we expect to be in non-transactional state. If we # don't clear the current thread's MSR[TS] before we get preempted, then # tm_recheckpoint_new_task() will recheckpoint and we get rescheduled in # suspended transaction state. # # When handling a signal caught in transactional state, # handle_rt_signal64() calls get_tm_stackpointer() that treclaims the # transaction using tm_reclaim_current() but without clearing the # thread's MSR[TS]. This can cause the TM Bad Thing exception below if # later we pagefault and get preempted trying to access the user's # sigframe, using __put_user(). Afterwards, when we are rescheduled back # into do_page_fault() (but now in suspended state since the thread's # MSR[TS] was not cleared), upon executing 'rfid' after completion of # the page fault handling, the exception is raised because a transition # from suspended to non-transactional state is invalid. # # Unexpected TM Bad Thing exception at c00000000000de44 (msr 0x8000000302a03031) tm_scratch=800000010280b033 # Oops: Unrecoverable exception, sig: 6 [#1] # LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries # Modules linked in: nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip6_tables ip_tables nft_compat ip_set nf_tables nfnetlink xts vmx_crypto sg virtio_balloon # r_mod cdrom virtio_net net_failover virtio_blk virtio_scsi failover dm_mirror dm_region_hash dm_log dm_mod # CPU: 25 PID: 15547 Comm: a.out Not tainted 5.4.0-rc2 #32 # NIP: c00000000000de44 LR: c000000000034728 CTR: 0000000000000000 # REGS: c00000003fe7bd70 TRAP: 0700 Not tainted (5.4.0-rc2) # MSR: 8000000302a03031 CR: 44000884 XER: 00000000 # CFAR: c00000000000dda4 IRQMASK: 0 # PACATMSCRATCH: 800000010280b033 # GPR00: c000000000034728 c000000f65a17c80 c000000001662800 00007fffacf3fd78 # GPR04: 0000000000001000 0000000000001000 0000000000000000 c000000f611f8af0 # GPR08: 0000000000000000 0000000078006001 0000000000000000 000c000000000000 # GPR12: c000000f611f84b0 c00000003ffcb200 0000000000000000 0000000000000000 # GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 # GPR20: 0000000000000000 0000000000000000 0000000000000000 c000000f611f8140 # GPR24: 0000000000000000 00007fffacf3fd68 c000000f65a17d90 c000000f611f7800 # GPR28: c000000f65a17e90 c000000f65a17e90 c000000001685e18 00007fffacf3f000 # NIP [c00000000000de44] fast_exception_return+0xf4/0x1b0 # LR [c000000000034728] handle_rt_signal64+0x78/0xc50 # Call Trace: # [c000000f65a17c80] [c000000000034710] handle_rt_signal64+0x60/0xc50 (unreliable) # [c000000f65a17d30] [c000000000023640] do_notify_resume+0x330/0x460 # [c000000f65a17e20] [c00000000000dcc4] ret_from_except_lite+0x70/0x74 # Instruction dump: # 7c4ff120 e8410170 7c5a03a6 38400000 f8410060 e8010070 e8410080 e8610088 # 60000000 60000000 e8810090 e8210078 <4c000024> 48000000 e8610178 88ed0989 # ---[ end trace 93094aa44b442f87 ]--- # # The simplified sequence of events that triggers the above exception is: # # ... # userspace in NON-TRANSACTIONAL state # tbegin # userspace in TRANSACTIONAL state # signal delivery # kernelspace in SUSPENDED state # handle_rt_signal64() # get_tm_stackpointer() # treclaim # kernelspace in NON-TRANSACTIONAL state # __put_user() # page fault happens. We will never get back here because of the TM Bad Thing exception. # # page fault handling kicks in and we voluntarily preempt ourselves # do_page_fault() # __schedule() # __switch_to(other_task) # # our task is rescheduled and we recheckpoint because the thread's MSR[TS] was not cleared # __switch_to(our_task) # switch_to_tm() # tm_recheckpoint_new_task() # trechkpt # kernelspace in SUSPENDED state # # The page fault handling resumes, but now we are in suspended transaction state # do_page_fault() completes # rfid <----- trying to get back where the page fault happened (we were non-transactional back then) # TM Bad Thing # illegal transition from suspended to non-transactional # # This patch fixes that issue by clearing the current thread's MSR[TS] # just after treclaim in get_tm_stackpointer() so that we stay in # non-transactional state in case we are preempted. In order to make # treclaim and clearing the thread's MSR[TS] atomic from a preemption # perspective when CONFIG_PREEMPT is set, preempt_disable/enable() is # used. It's also necessary to save the previous value of the thread's # MSR before get_tm_stackpointer() is called so that it can be exposed # to the signal handler later in setup_tm_sigcontexts() to inform the # userspace MSR at the moment of the signal delivery. # # Found with tm-signal-context-force-tm kernel selftest. # # Fixes: 2b0a576d15e0 ("powerpc: Add new transactional memory state to the signal context") # Cc: stable@vger.kernel.org # v3.9 # Signed-off-by: Gustavo Luiz Duarte # Acked-by: Michael Neuling # Signed-off-by: Michael Ellerman # Link: https://lore.kernel.org/r/20200211033831.11165-1-gustavold@linux.ibm.com # < /opt/cross/kisskb/korg/gcc-8.1.0-nolibc/powerpc64-linux/bin/powerpc64-linux-gcc --version # < /opt/cross/kisskb/korg/gcc-8.1.0-nolibc/powerpc64-linux/bin/powerpc64-linux-ld --version # < git log --format=%s --max-count=1 cc43634c11b8ced6d99562d1e188e100c9e76e61 # < make -s -j 80 ARCH=powerpc O=/kisskb/build/powerpc-fixes_mpc85xx_defconfig+KVM_powerpc-gcc8 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-8.1.0-nolibc/powerpc64-linux/bin/powerpc64-linux- mpc85xx_defconfig # Added to kconfig CONFIG_PPC_E500MC=y # Added to kconfig CONFIG_VIRTUALIZATION=y # Added to kconfig CONFIG_KVM_E500MC=y # Added to kconfig # yes \n | make -s -j 80 ARCH=powerpc O=/kisskb/build/powerpc-fixes_mpc85xx_defconfig+KVM_powerpc-gcc8 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-8.1.0-nolibc/powerpc64-linux/bin/powerpc64-linux- oldconfig yes: standard output: Broken pipe # make -s -j 80 ARCH=powerpc O=/kisskb/build/powerpc-fixes_mpc85xx_defconfig+KVM_powerpc-gcc8 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-8.1.0-nolibc/powerpc64-linux/bin/powerpc64-linux- In file included from /kisskb/src/include/linux/kernel.h:11, from /kisskb/src/include/linux/list.h:9, from /kisskb/src/include/linux/module.h:12, from /kisskb/src/drivers/net/ethernet/freescale/fs_enet/mac-scc.c:15: /kisskb/src/drivers/net/ethernet/freescale/fs_enet/mac-scc.c: In function 'allocate_bd': /kisskb/src/include/linux/err.h:22:49: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast] #define IS_ERR_VALUE(x) unlikely((unsigned long)(void *)(x) >= (unsigned long)-MAX_ERRNO) ^ /kisskb/src/include/linux/compiler.h:78:42: note: in definition of macro 'unlikely' # define unlikely(x) __builtin_expect(!!(x), 0) ^ /kisskb/src/drivers/net/ethernet/freescale/fs_enet/mac-scc.c:139:6: note: in expansion of macro 'IS_ERR_VALUE' if (IS_ERR_VALUE(fep->ring_mem_addr)) ^~~~~~~~~~~~ /kisskb/src/arch/powerpc/boot/dts/fsl/mpc8541cds.dts:330.3-21: Warning (pci_device_bus_num): /pci@e0008000/i8259@19000:bus-range: PCI bus number 1 out of range, expected (0 - 0) /kisskb/src/arch/powerpc/boot/dts/fsl/mpc8555cds.dts:330.3-21: Warning (pci_device_bus_num): /pci@e0008000/i8259@19000:bus-range: PCI bus number 1 out of range, expected (0 - 0) INFO: Uncompressed kernel (size 0xe5d900) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0xf00000) INFO: Uncompressed kernel (size 0xe5d900) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0xf00000) INFO: Uncompressed kernel (size 0xe5d900) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0xf00000) INFO: Uncompressed kernel (size 0xe5d900) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0xf00000) INFO: Uncompressed kernel (size 0xe5d900) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0xf00000) INFO: Uncompressed kernel (size 0xe5d900) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0xf00000) INFO: Uncompressed kernel (size 0xe5d900) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0xf00000) INFO: Uncompressed kernel (size 0xe5d900) overlaps the address of the wrapper(0x400000) INFO: Uncompressed kernel (size 0xe5d900) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0xf00000) INFO: Fixing the link_address of wrapper to (0xf00000) INFO: Uncompressed kernel (size 0xe5d900) overlaps the address of the wrapper(0x400000) INFO: Uncompressed kernel (size 0xe5d900) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0xf00000) INFO: Fixing the link_address of wrapper to (0xf00000) INFO: Uncompressed kernel (size 0xe5d900) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0xf00000) INFO: Uncompressed kernel (size 0xe5d900) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0xf00000) INFO: Uncompressed kernel (size 0xe5d900) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0xf00000) INFO: Uncompressed kernel (size 0xe5d900) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0xf00000) INFO: Uncompressed kernel (size 0xe4d0fc) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0xf00000) Image Name: Linux-5.5.0-gcc43634c11b8 Created: Thu Feb 13 23:48:50 2020 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 6715877 Bytes = 6558.47 KiB = 6.40 MiB Load Address: 00000000 Entry Point: 00000000 Image Name: Linux-5.5.0-gcc43634c11b8 Created: Thu Feb 13 23:48:50 2020 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 6753120 Bytes = 6594.84 KiB = 6.44 MiB Load Address: 00f00000 Entry Point: 00f002b4 Image Name: Linux-5.5.0-gcc43634c11b8 Created: Thu Feb 13 23:48:50 2020 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 6752083 Bytes = 6593.83 KiB = 6.44 MiB Load Address: 00f00000 Entry Point: 00f002b4 Image Name: Linux-5.5.0-gcc43634c11b8 Created: Thu Feb 13 23:48:50 2020 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 6753055 Bytes = 6594.78 KiB = 6.44 MiB Load Address: 00f00000 Entry Point: 00f002b4 Image Name: Linux-5.5.0-gcc43634c11b8 Created: Thu Feb 13 23:48:50 2020 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 6750174 Bytes = 6591.97 KiB = 6.44 MiB Load Address: 00f00000 Entry Point: 00f002b4 Image Name: Linux-5.5.0-gcc43634c11b8 Created: Thu Feb 13 23:48:50 2020 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 6750502 Bytes = 6592.29 KiB = 6.44 MiB Load Address: 00f00000 Entry Point: 00f002b4 Image Name: Linux-5.5.0-gcc43634c11b8 Created: Thu Feb 13 23:48:50 2020 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 6750987 Bytes = 6592.76 KiB = 6.44 MiB Load Address: 00f00000 Entry Point: 00f00314 Image Name: Linux-5.5.0-gcc43634c11b8 Created: Thu Feb 13 23:48:51 2020 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 6749497 Bytes = 6591.31 KiB = 6.44 MiB Load Address: 00f00000 Entry Point: 00f002b4 Image Name: Linux-5.5.0-gcc43634c11b8 Created: Thu Feb 13 23:48:51 2020 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 6750409 Bytes = 6592.20 KiB = 6.44 MiB Load Address: 00f00000 Entry Point: 00f002b4 Image Name: Linux-5.5.0-gcc43634c11b8 Created: Thu Feb 13 23:48:51 2020 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 6751117 Bytes = 6592.89 KiB = 6.44 MiB Load Address: 00f00000 Entry Point: 00f00314 Image Name: Linux-5.5.0-gcc43634c11b8 Created: Thu Feb 13 23:48:51 2020 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 6750985 Bytes = 6592.76 KiB = 6.44 MiB Load Address: 00f00000 Entry Point: 00f00314 Image Name: Linux-5.5.0-gcc43634c11b8 Created: Thu Feb 13 23:48:51 2020 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 6752160 Bytes = 6593.91 KiB = 6.44 MiB Load Address: 00f00000 Entry Point: 00f00314 Image Name: Linux-5.5.0-gcc43634c11b8 Created: Thu Feb 13 23:48:51 2020 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 6753035 Bytes = 6594.76 KiB = 6.44 MiB Load Address: 00f00000 Entry Point: 00f00314 Image Name: Linux-5.5.0-gcc43634c11b8 Created: Thu Feb 13 23:48:51 2020 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 6749059 Bytes = 6590.88 KiB = 6.44 MiB Load Address: 00f00000 Entry Point: 00f002b4 Image Name: Linux-5.5.0-gcc43634c11b8 Created: Thu Feb 13 23:48:51 2020 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 6751242 Bytes = 6593.01 KiB = 6.44 MiB Load Address: 00f00000 Entry Point: 00f002b4 Image Name: Linux-5.5.0-gcc43634c11b8 Created: Thu Feb 13 23:48:51 2020 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 6750772 Bytes = 6592.55 KiB = 6.44 MiB Load Address: 00f00000 Entry Point: 00f002b4 Completed OK # rm -rf /kisskb/build/powerpc-fixes_mpc85xx_defconfig+KVM_powerpc-gcc8 # Build took: 0:02:43.749095