2019-04-30 20:38:50 +08:00
|
|
|
/* SPDX-License-Identifier: GPL-2.0 */
|
|
|
|
#ifndef __HEAD_32_H__
|
|
|
|
#define __HEAD_32_H__
|
|
|
|
|
|
|
|
#include <asm/ptrace.h> /* for STACK_FRAME_REGS_MARKER */
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Exception entry code. This code runs with address translation
|
|
|
|
* turned off, i.e. using physical addresses.
|
|
|
|
* We assume sprg3 has the physical address of the current
|
|
|
|
* task's thread_struct.
|
|
|
|
*/
|
2021-03-12 20:50:38 +08:00
|
|
|
.macro EXCEPTION_PROLOG trapno name handle_dar_dsisr=0
|
2019-12-21 16:32:27 +08:00
|
|
|
EXCEPTION_PROLOG_0 handle_dar_dsisr=\handle_dar_dsisr
|
2019-12-21 16:32:23 +08:00
|
|
|
EXCEPTION_PROLOG_1
|
2021-03-12 20:50:38 +08:00
|
|
|
EXCEPTION_PROLOG_2 \trapno \name handle_dar_dsisr=\handle_dar_dsisr
|
2019-12-21 16:32:23 +08:00
|
|
|
.endm
|
|
|
|
|
2019-12-21 16:32:27 +08:00
|
|
|
.macro EXCEPTION_PROLOG_0 handle_dar_dsisr=0
|
2019-04-30 20:38:50 +08:00
|
|
|
mtspr SPRN_SPRG_SCRATCH0,r10
|
|
|
|
mtspr SPRN_SPRG_SCRATCH1,r11
|
2019-12-21 16:32:27 +08:00
|
|
|
mfspr r10, SPRN_SPRG_THREAD
|
|
|
|
.if \handle_dar_dsisr
|
2021-03-12 20:50:16 +08:00
|
|
|
#ifdef CONFIG_40x
|
|
|
|
mfspr r11, SPRN_DEAR
|
|
|
|
#else
|
2019-12-21 16:32:27 +08:00
|
|
|
mfspr r11, SPRN_DAR
|
2021-03-12 20:50:16 +08:00
|
|
|
#endif
|
2019-12-21 16:32:27 +08:00
|
|
|
stw r11, DAR(r10)
|
2021-03-12 20:50:16 +08:00
|
|
|
#ifdef CONFIG_40x
|
|
|
|
mfspr r11, SPRN_ESR
|
|
|
|
#else
|
2019-12-21 16:32:27 +08:00
|
|
|
mfspr r11, SPRN_DSISR
|
2021-03-12 20:50:16 +08:00
|
|
|
#endif
|
2019-12-21 16:32:27 +08:00
|
|
|
stw r11, DSISR(r10)
|
|
|
|
.endif
|
|
|
|
mfspr r11, SPRN_SRR0
|
|
|
|
stw r11, SRR0(r10)
|
2019-12-21 16:32:25 +08:00
|
|
|
mfspr r11, SPRN_SRR1 /* check whether user or kernel */
|
2019-12-21 16:32:27 +08:00
|
|
|
stw r11, SRR1(r10)
|
2019-04-30 20:38:50 +08:00
|
|
|
mfcr r10
|
2019-12-21 16:32:25 +08:00
|
|
|
andi. r11, r11, MSR_PR
|
2019-04-30 20:38:50 +08:00
|
|
|
.endm
|
|
|
|
|
2021-03-12 20:50:22 +08:00
|
|
|
.macro EXCEPTION_PROLOG_1
|
2020-11-25 15:10:53 +08:00
|
|
|
mtspr SPRN_SPRG_SCRATCH2,r1
|
2020-09-07 21:42:10 +08:00
|
|
|
subi r1, r1, INT_FRAME_SIZE /* use r1 if kernel */
|
|
|
|
beq 1f
|
|
|
|
mfspr r1,SPRN_SPRG_THREAD
|
|
|
|
lwz r1,TASK_STACK-THREAD(r1)
|
|
|
|
addi r1, r1, THREAD_SIZE - INT_FRAME_SIZE
|
2020-11-25 15:10:51 +08:00
|
|
|
1:
|
2021-03-12 20:50:22 +08:00
|
|
|
#ifdef CONFIG_VMAP_STACK
|
2021-02-08 15:17:40 +08:00
|
|
|
mtcrf 0x3f, r1
|
2021-03-12 20:50:27 +08:00
|
|
|
bt 32 - THREAD_ALIGN_SHIFT, vmap_stack_overflow
|
powerpc/32: Add early stack overflow detection with VMAP stack.
To avoid recursive faults, stack overflow detection has to be
performed before writing in the stack in exception prologs.
Do it by checking the alignment. If the stack pointer alignment is
wrong, it means it is pointing to the following or preceding page.
Without VMAP stack, a stack overflow is catastrophic. With VMAP
stack, a stack overflow isn't destructive, so don't panic. Kill
the task with SIGSEGV instead.
A dedicated overflow stack is set up for each CPU.
lkdtm: Performing direct entry EXHAUST_STACK
lkdtm: Calling function with 512 frame size to depth 32 ...
lkdtm: loop 32/32 ...
lkdtm: loop 31/32 ...
lkdtm: loop 30/32 ...
lkdtm: loop 29/32 ...
lkdtm: loop 28/32 ...
lkdtm: loop 27/32 ...
lkdtm: loop 26/32 ...
lkdtm: loop 25/32 ...
lkdtm: loop 24/32 ...
lkdtm: loop 23/32 ...
lkdtm: loop 22/32 ...
lkdtm: loop 21/32 ...
lkdtm: loop 20/32 ...
Kernel stack overflow in process test[359], r1=c900c008
Oops: Kernel stack overflow, sig: 6 [#1]
BE PAGE_SIZE=4K MMU=Hash PowerMac
Modules linked in:
CPU: 0 PID: 359 Comm: test Not tainted 5.3.0-rc7+ #2225
NIP: c0622060 LR: c0626710 CTR: 00000000
REGS: c0895f48 TRAP: 0000 Not tainted (5.3.0-rc7+)
MSR: 00001032 <ME,IR,DR,RI> CR: 28004224 XER: 00000000
GPR00: c0626ca4 c900c008 c783c000 c07335cc c900c010 c07335cc c900c0f0 c07335cc
GPR08: c900c0f0 00000001 00000000 00000000 28008222 00000000 00000000 00000000
GPR16: 00000000 00000000 10010128 10010000 b799c245 10010158 c07335cc 00000025
GPR24: c0690000 c08b91d4 c068f688 00000020 c900c0f0 c068f668 c08b95b4 c08b91d4
NIP [c0622060] format_decode+0x0/0x4d4
LR [c0626710] vsnprintf+0x80/0x5fc
Call Trace:
[c900c068] [c0626ca4] vscnprintf+0x18/0x48
[c900c078] [c007b944] vprintk_store+0x40/0x214
[c900c0b8] [c007bf50] vprintk_emit+0x90/0x1dc
[c900c0e8] [c007c5cc] printk+0x50/0x60
[c900c128] [c03da5b0] recursive_loop+0x44/0x6c
[c900c338] [c03da5c4] recursive_loop+0x58/0x6c
[c900c548] [c03da5c4] recursive_loop+0x58/0x6c
[c900c758] [c03da5c4] recursive_loop+0x58/0x6c
[c900c968] [c03da5c4] recursive_loop+0x58/0x6c
[c900cb78] [c03da5c4] recursive_loop+0x58/0x6c
[c900cd88] [c03da5c4] recursive_loop+0x58/0x6c
[c900cf98] [c03da5c4] recursive_loop+0x58/0x6c
[c900d1a8] [c03da5c4] recursive_loop+0x58/0x6c
[c900d3b8] [c03da5c4] recursive_loop+0x58/0x6c
[c900d5c8] [c03da5c4] recursive_loop+0x58/0x6c
[c900d7d8] [c03da5c4] recursive_loop+0x58/0x6c
[c900d9e8] [c03da5c4] recursive_loop+0x58/0x6c
[c900dbf8] [c03da5c4] recursive_loop+0x58/0x6c
[c900de08] [c03da67c] lkdtm_EXHAUST_STACK+0x30/0x4c
[c900de18] [c03da3e8] direct_entry+0xc8/0x140
[c900de48] [c029fb40] full_proxy_write+0x64/0xcc
[c900de68] [c01500f8] __vfs_write+0x30/0x1d0
[c900dee8] [c0152cb8] vfs_write+0xb8/0x1d4
[c900df08] [c0152f7c] ksys_write+0x58/0xe8
[c900df38] [c0014208] ret_from_syscall+0x0/0x34
--- interrupt: c01 at 0xf806664
LR = 0x1000c868
Instruction dump:
4bffff91 80010014 7c832378 7c0803a6 38210010 4e800020 3d20c08a 3ca0c089
8089a0cc 38a58f0c 38600001 4ba2d494 <9421ffe0> 7c0802a6 bfc10018 7c9f2378
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/1b89c121b4070c7ee99e4f22cc178f15a736b07b.1576916812.git.christophe.leroy@c-s.fr
2019-12-21 16:32:29 +08:00
|
|
|
#endif
|
2019-04-30 20:38:50 +08:00
|
|
|
.endm
|
|
|
|
|
2021-03-12 20:50:38 +08:00
|
|
|
.macro EXCEPTION_PROLOG_2 trapno name handle_dar_dsisr=0
|
2021-03-12 20:50:23 +08:00
|
|
|
#ifdef CONFIG_PPC_8xx
|
|
|
|
.if \handle_dar_dsisr
|
|
|
|
li r11, RPN_PATTERN
|
|
|
|
mtspr SPRN_DAR, r11 /* Tag DAR, to be used in DTLB Error */
|
|
|
|
.endif
|
|
|
|
#endif
|
2021-03-12 20:50:24 +08:00
|
|
|
LOAD_REG_IMMEDIATE(r11, MSR_KERNEL & ~MSR_RI) /* re-enable MMU */
|
|
|
|
mtspr SPRN_SRR1, r11
|
|
|
|
lis r11, 1f@h
|
|
|
|
ori r11, r11, 1f@l
|
|
|
|
mtspr SPRN_SRR0, r11
|
2020-11-25 15:10:53 +08:00
|
|
|
mfspr r11, SPRN_SPRG_SCRATCH2
|
2021-03-12 20:50:24 +08:00
|
|
|
rfi
|
2021-03-12 20:50:29 +08:00
|
|
|
|
|
|
|
.text
|
2021-03-12 20:50:30 +08:00
|
|
|
\name\()_virt:
|
2021-03-12 20:50:24 +08:00
|
|
|
1:
|
2020-09-07 21:42:10 +08:00
|
|
|
stw r11,GPR1(r1)
|
|
|
|
stw r11,0(r1)
|
|
|
|
mr r11, r1
|
2020-11-25 15:10:53 +08:00
|
|
|
stw r10,_CCR(r11) /* save registers */
|
2019-04-30 20:38:50 +08:00
|
|
|
stw r12,GPR12(r11)
|
|
|
|
stw r9,GPR9(r11)
|
2020-11-25 15:10:53 +08:00
|
|
|
mfspr r10,SPRN_SPRG_SCRATCH0
|
2019-04-30 20:38:50 +08:00
|
|
|
mfspr r12,SPRN_SPRG_SCRATCH1
|
2020-11-25 15:10:53 +08:00
|
|
|
stw r10,GPR10(r11)
|
2019-04-30 20:38:50 +08:00
|
|
|
stw r12,GPR11(r11)
|
|
|
|
mflr r10
|
|
|
|
stw r10,_LINK(r11)
|
2019-12-21 16:32:27 +08:00
|
|
|
mfspr r12, SPRN_SPRG_THREAD
|
|
|
|
tovirt(r12, r12)
|
|
|
|
.if \handle_dar_dsisr
|
|
|
|
lwz r10, DAR(r12)
|
|
|
|
stw r10, _DAR(r11)
|
|
|
|
lwz r10, DSISR(r12)
|
|
|
|
stw r10, _DSISR(r11)
|
|
|
|
.endif
|
|
|
|
lwz r9, SRR1(r12)
|
|
|
|
lwz r12, SRR0(r12)
|
2019-04-30 20:38:56 +08:00
|
|
|
#ifdef CONFIG_40x
|
|
|
|
rlwinm r9,r9,0,14,12 /* clear MSR_WE (necessary?) */
|
2021-03-12 20:50:20 +08:00
|
|
|
#elif defined(CONFIG_PPC_8xx)
|
|
|
|
mtspr SPRN_EID, r2 /* Set MSR_RI */
|
2019-12-21 16:32:27 +08:00
|
|
|
#else
|
2021-03-12 20:50:24 +08:00
|
|
|
li r10, MSR_KERNEL /* can take exceptions */
|
2019-12-21 16:32:22 +08:00
|
|
|
mtmsr r10 /* (except for mach check in rtas) */
|
2019-04-30 20:38:56 +08:00
|
|
|
#endif
|
2021-03-12 20:50:43 +08:00
|
|
|
COMMON_EXCEPTION_PROLOG_END \trapno
|
|
|
|
_ASM_NOKPROBE_SYMBOL(\name\()_virt)
|
|
|
|
.endm
|
|
|
|
|
|
|
|
.macro COMMON_EXCEPTION_PROLOG_END trapno
|
|
|
|
stw r0,GPR0(r1)
|
2019-04-30 20:38:50 +08:00
|
|
|
lis r10,STACK_FRAME_REGS_MARKER@ha /* exception frame marker */
|
|
|
|
addi r10,r10,STACK_FRAME_REGS_MARKER@l
|
2021-03-12 20:50:43 +08:00
|
|
|
stw r10,8(r1)
|
2021-03-12 20:50:38 +08:00
|
|
|
li r10, \trapno
|
2021-03-12 20:50:43 +08:00
|
|
|
stw r10,_TRAP(r1)
|
2021-10-22 14:13:22 +08:00
|
|
|
SAVE_GPRS(3, 8, r1)
|
2021-03-12 20:50:44 +08:00
|
|
|
SAVE_NVGPRS(r1)
|
|
|
|
stw r2,GPR2(r1)
|
|
|
|
stw r12,_NIP(r1)
|
|
|
|
stw r9,_MSR(r1)
|
|
|
|
mfctr r10
|
|
|
|
mfspr r2,SPRN_SPRG_THREAD
|
|
|
|
stw r10,_CTR(r1)
|
|
|
|
tovirt(r2, r2)
|
|
|
|
mfspr r10,SPRN_XER
|
|
|
|
addi r2, r2, -THREAD
|
|
|
|
stw r10,_XER(r1)
|
|
|
|
addi r3,r1,STACK_FRAME_OVERHEAD
|
2019-04-30 20:38:50 +08:00
|
|
|
.endm
|
|
|
|
|
2021-03-12 20:50:39 +08:00
|
|
|
.macro prepare_transfer_to_handler
|
2021-03-12 20:50:46 +08:00
|
|
|
#ifdef CONFIG_PPC_BOOK3S_32
|
2021-03-12 20:50:47 +08:00
|
|
|
andi. r12,r9,MSR_PR
|
|
|
|
bne 777f
|
2021-03-12 20:50:39 +08:00
|
|
|
bl prepare_transfer_to_handler
|
powerpc/32s: Do kuep_lock() and kuep_unlock() in assembly
When interrupt and syscall entries where converted to C, KUEP locking
and unlocking was also converted. It improved performance by unrolling
the loop, and allowed easily implementing boot time deactivation of
KUEP.
However, null_syscall selftest shows that KUEP is still heavy
(361 cycles with KUEP, 212 cycles without).
A way to improve more is to group 'mtsr's together, instead of
repeating 'addi' + 'mtsr' several times.
In order to do that, more registers need to be available. In C, GCC
will always be able to provide the requested number of registers, but
at the cost of saving some data on the stack, which is counter
performant here.
So let's do it in assembly, when we have full control of which
register can be used. It also has the advantage of locking earlier
and unlocking later and it helps GCC generating less tricky code.
The only drawback is to make boot time deactivation less straight
forward and require 'hand' instruction patching.
Group 'mtsr's by 4.
With this change, null_syscall selftest reports 336 cycles. Without
the change it was 361 cycles, that's a 7% reduction.
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/115cb279e9b9948dfd93a065e047081c59e3a2a6.1634627931.git.christophe.leroy@csgroup.eu
2021-10-19 15:29:17 +08:00
|
|
|
#ifdef CONFIG_PPC_KUEP
|
|
|
|
b 778f
|
|
|
|
777:
|
|
|
|
bl __kuep_lock
|
|
|
|
778:
|
|
|
|
#endif
|
2021-03-12 20:50:47 +08:00
|
|
|
777:
|
2021-03-12 20:50:46 +08:00
|
|
|
#endif
|
2021-03-12 20:50:39 +08:00
|
|
|
.endm
|
|
|
|
|
2019-04-30 20:39:02 +08:00
|
|
|
.macro SYSCALL_ENTRY trapno
|
2020-01-31 19:34:54 +08:00
|
|
|
mfspr r9, SPRN_SRR1
|
2021-06-04 22:54:12 +08:00
|
|
|
mfspr r12, SPRN_SRR0
|
2021-02-08 23:10:23 +08:00
|
|
|
LOAD_REG_IMMEDIATE(r11, MSR_KERNEL) /* can take exceptions */
|
2021-06-04 22:54:12 +08:00
|
|
|
lis r10, 1f@h
|
|
|
|
ori r10, r10, 1f@l
|
2021-02-08 23:10:23 +08:00
|
|
|
mtspr SPRN_SRR1, r11
|
2021-06-04 22:54:12 +08:00
|
|
|
mtspr SPRN_SRR0, r10
|
|
|
|
mfspr r10,SPRN_SPRG_THREAD
|
2020-12-21 14:18:03 +08:00
|
|
|
mr r11, r1
|
2021-06-04 22:54:12 +08:00
|
|
|
lwz r1,TASK_STACK-THREAD(r10)
|
|
|
|
tovirt(r10, r10)
|
2020-12-21 14:18:03 +08:00
|
|
|
addi r1, r1, THREAD_SIZE - INT_FRAME_SIZE
|
2021-02-08 23:10:22 +08:00
|
|
|
rfi
|
|
|
|
1:
|
2021-06-04 22:54:13 +08:00
|
|
|
stw r12,_NIP(r1)
|
2021-06-04 22:54:12 +08:00
|
|
|
mfcr r12
|
|
|
|
rlwinm r12,r12,0,4,2 /* Clear SO bit in CR */
|
2021-06-04 22:54:13 +08:00
|
|
|
stw r12,_CCR(r1)
|
2021-02-08 23:10:22 +08:00
|
|
|
b transfer_to_syscall /* jump to handler */
|
2019-04-30 20:39:02 +08:00
|
|
|
.endm
|
|
|
|
|
2019-04-30 20:38:50 +08:00
|
|
|
/*
|
|
|
|
* Note: code which follows this uses cr0.eq (set if from kernel),
|
|
|
|
* r11, r12 (SRR0), and r9 (SRR1).
|
|
|
|
*
|
|
|
|
* Note2: once we have set r1 we are in a position to take exceptions
|
|
|
|
* again, and we could thus set MSR:RI at that point.
|
|
|
|
*/
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Exception vectors.
|
|
|
|
*/
|
|
|
|
#ifdef CONFIG_PPC_BOOK3S
|
|
|
|
#define START_EXCEPTION(n, label) \
|
2021-03-12 20:50:29 +08:00
|
|
|
__HEAD; \
|
2019-04-30 20:38:50 +08:00
|
|
|
. = n; \
|
|
|
|
DO_KVM n; \
|
|
|
|
label:
|
|
|
|
|
|
|
|
#else
|
|
|
|
#define START_EXCEPTION(n, label) \
|
2021-03-12 20:50:29 +08:00
|
|
|
__HEAD; \
|
2019-04-30 20:38:50 +08:00
|
|
|
. = n; \
|
|
|
|
label:
|
|
|
|
|
|
|
|
#endif
|
|
|
|
|
2021-03-12 20:50:42 +08:00
|
|
|
#define EXCEPTION(n, label, hdlr) \
|
2019-04-30 20:38:50 +08:00
|
|
|
START_EXCEPTION(n, label) \
|
2021-03-12 20:50:38 +08:00
|
|
|
EXCEPTION_PROLOG n label; \
|
2021-03-12 20:50:41 +08:00
|
|
|
prepare_transfer_to_handler; \
|
|
|
|
bl hdlr; \
|
|
|
|
b interrupt_return
|
2019-04-30 20:38:50 +08:00
|
|
|
|
powerpc/32: Add early stack overflow detection with VMAP stack.
To avoid recursive faults, stack overflow detection has to be
performed before writing in the stack in exception prologs.
Do it by checking the alignment. If the stack pointer alignment is
wrong, it means it is pointing to the following or preceding page.
Without VMAP stack, a stack overflow is catastrophic. With VMAP
stack, a stack overflow isn't destructive, so don't panic. Kill
the task with SIGSEGV instead.
A dedicated overflow stack is set up for each CPU.
lkdtm: Performing direct entry EXHAUST_STACK
lkdtm: Calling function with 512 frame size to depth 32 ...
lkdtm: loop 32/32 ...
lkdtm: loop 31/32 ...
lkdtm: loop 30/32 ...
lkdtm: loop 29/32 ...
lkdtm: loop 28/32 ...
lkdtm: loop 27/32 ...
lkdtm: loop 26/32 ...
lkdtm: loop 25/32 ...
lkdtm: loop 24/32 ...
lkdtm: loop 23/32 ...
lkdtm: loop 22/32 ...
lkdtm: loop 21/32 ...
lkdtm: loop 20/32 ...
Kernel stack overflow in process test[359], r1=c900c008
Oops: Kernel stack overflow, sig: 6 [#1]
BE PAGE_SIZE=4K MMU=Hash PowerMac
Modules linked in:
CPU: 0 PID: 359 Comm: test Not tainted 5.3.0-rc7+ #2225
NIP: c0622060 LR: c0626710 CTR: 00000000
REGS: c0895f48 TRAP: 0000 Not tainted (5.3.0-rc7+)
MSR: 00001032 <ME,IR,DR,RI> CR: 28004224 XER: 00000000
GPR00: c0626ca4 c900c008 c783c000 c07335cc c900c010 c07335cc c900c0f0 c07335cc
GPR08: c900c0f0 00000001 00000000 00000000 28008222 00000000 00000000 00000000
GPR16: 00000000 00000000 10010128 10010000 b799c245 10010158 c07335cc 00000025
GPR24: c0690000 c08b91d4 c068f688 00000020 c900c0f0 c068f668 c08b95b4 c08b91d4
NIP [c0622060] format_decode+0x0/0x4d4
LR [c0626710] vsnprintf+0x80/0x5fc
Call Trace:
[c900c068] [c0626ca4] vscnprintf+0x18/0x48
[c900c078] [c007b944] vprintk_store+0x40/0x214
[c900c0b8] [c007bf50] vprintk_emit+0x90/0x1dc
[c900c0e8] [c007c5cc] printk+0x50/0x60
[c900c128] [c03da5b0] recursive_loop+0x44/0x6c
[c900c338] [c03da5c4] recursive_loop+0x58/0x6c
[c900c548] [c03da5c4] recursive_loop+0x58/0x6c
[c900c758] [c03da5c4] recursive_loop+0x58/0x6c
[c900c968] [c03da5c4] recursive_loop+0x58/0x6c
[c900cb78] [c03da5c4] recursive_loop+0x58/0x6c
[c900cd88] [c03da5c4] recursive_loop+0x58/0x6c
[c900cf98] [c03da5c4] recursive_loop+0x58/0x6c
[c900d1a8] [c03da5c4] recursive_loop+0x58/0x6c
[c900d3b8] [c03da5c4] recursive_loop+0x58/0x6c
[c900d5c8] [c03da5c4] recursive_loop+0x58/0x6c
[c900d7d8] [c03da5c4] recursive_loop+0x58/0x6c
[c900d9e8] [c03da5c4] recursive_loop+0x58/0x6c
[c900dbf8] [c03da5c4] recursive_loop+0x58/0x6c
[c900de08] [c03da67c] lkdtm_EXHAUST_STACK+0x30/0x4c
[c900de18] [c03da3e8] direct_entry+0xc8/0x140
[c900de48] [c029fb40] full_proxy_write+0x64/0xcc
[c900de68] [c01500f8] __vfs_write+0x30/0x1d0
[c900dee8] [c0152cb8] vfs_write+0xb8/0x1d4
[c900df08] [c0152f7c] ksys_write+0x58/0xe8
[c900df38] [c0014208] ret_from_syscall+0x0/0x34
--- interrupt: c01 at 0xf806664
LR = 0x1000c868
Instruction dump:
4bffff91 80010014 7c832378 7c0803a6 38210010 4e800020 3d20c08a 3ca0c089
8089a0cc 38a58f0c 38600001 4ba2d494 <9421ffe0> 7c0802a6 bfc10018 7c9f2378
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/1b89c121b4070c7ee99e4f22cc178f15a736b07b.1576916812.git.christophe.leroy@c-s.fr
2019-12-21 16:32:29 +08:00
|
|
|
.macro vmap_stack_overflow_exception
|
2021-03-12 20:50:29 +08:00
|
|
|
__HEAD
|
2021-03-12 20:50:27 +08:00
|
|
|
vmap_stack_overflow:
|
powerpc/32: Add early stack overflow detection with VMAP stack.
To avoid recursive faults, stack overflow detection has to be
performed before writing in the stack in exception prologs.
Do it by checking the alignment. If the stack pointer alignment is
wrong, it means it is pointing to the following or preceding page.
Without VMAP stack, a stack overflow is catastrophic. With VMAP
stack, a stack overflow isn't destructive, so don't panic. Kill
the task with SIGSEGV instead.
A dedicated overflow stack is set up for each CPU.
lkdtm: Performing direct entry EXHAUST_STACK
lkdtm: Calling function with 512 frame size to depth 32 ...
lkdtm: loop 32/32 ...
lkdtm: loop 31/32 ...
lkdtm: loop 30/32 ...
lkdtm: loop 29/32 ...
lkdtm: loop 28/32 ...
lkdtm: loop 27/32 ...
lkdtm: loop 26/32 ...
lkdtm: loop 25/32 ...
lkdtm: loop 24/32 ...
lkdtm: loop 23/32 ...
lkdtm: loop 22/32 ...
lkdtm: loop 21/32 ...
lkdtm: loop 20/32 ...
Kernel stack overflow in process test[359], r1=c900c008
Oops: Kernel stack overflow, sig: 6 [#1]
BE PAGE_SIZE=4K MMU=Hash PowerMac
Modules linked in:
CPU: 0 PID: 359 Comm: test Not tainted 5.3.0-rc7+ #2225
NIP: c0622060 LR: c0626710 CTR: 00000000
REGS: c0895f48 TRAP: 0000 Not tainted (5.3.0-rc7+)
MSR: 00001032 <ME,IR,DR,RI> CR: 28004224 XER: 00000000
GPR00: c0626ca4 c900c008 c783c000 c07335cc c900c010 c07335cc c900c0f0 c07335cc
GPR08: c900c0f0 00000001 00000000 00000000 28008222 00000000 00000000 00000000
GPR16: 00000000 00000000 10010128 10010000 b799c245 10010158 c07335cc 00000025
GPR24: c0690000 c08b91d4 c068f688 00000020 c900c0f0 c068f668 c08b95b4 c08b91d4
NIP [c0622060] format_decode+0x0/0x4d4
LR [c0626710] vsnprintf+0x80/0x5fc
Call Trace:
[c900c068] [c0626ca4] vscnprintf+0x18/0x48
[c900c078] [c007b944] vprintk_store+0x40/0x214
[c900c0b8] [c007bf50] vprintk_emit+0x90/0x1dc
[c900c0e8] [c007c5cc] printk+0x50/0x60
[c900c128] [c03da5b0] recursive_loop+0x44/0x6c
[c900c338] [c03da5c4] recursive_loop+0x58/0x6c
[c900c548] [c03da5c4] recursive_loop+0x58/0x6c
[c900c758] [c03da5c4] recursive_loop+0x58/0x6c
[c900c968] [c03da5c4] recursive_loop+0x58/0x6c
[c900cb78] [c03da5c4] recursive_loop+0x58/0x6c
[c900cd88] [c03da5c4] recursive_loop+0x58/0x6c
[c900cf98] [c03da5c4] recursive_loop+0x58/0x6c
[c900d1a8] [c03da5c4] recursive_loop+0x58/0x6c
[c900d3b8] [c03da5c4] recursive_loop+0x58/0x6c
[c900d5c8] [c03da5c4] recursive_loop+0x58/0x6c
[c900d7d8] [c03da5c4] recursive_loop+0x58/0x6c
[c900d9e8] [c03da5c4] recursive_loop+0x58/0x6c
[c900dbf8] [c03da5c4] recursive_loop+0x58/0x6c
[c900de08] [c03da67c] lkdtm_EXHAUST_STACK+0x30/0x4c
[c900de18] [c03da3e8] direct_entry+0xc8/0x140
[c900de48] [c029fb40] full_proxy_write+0x64/0xcc
[c900de68] [c01500f8] __vfs_write+0x30/0x1d0
[c900dee8] [c0152cb8] vfs_write+0xb8/0x1d4
[c900df08] [c0152f7c] ksys_write+0x58/0xe8
[c900df38] [c0014208] ret_from_syscall+0x0/0x34
--- interrupt: c01 at 0xf806664
LR = 0x1000c868
Instruction dump:
4bffff91 80010014 7c832378 7c0803a6 38210010 4e800020 3d20c08a 3ca0c089
8089a0cc 38a58f0c 38600001 4ba2d494 <9421ffe0> 7c0802a6 bfc10018 7c9f2378
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/1b89c121b4070c7ee99e4f22cc178f15a736b07b.1576916812.git.christophe.leroy@c-s.fr
2019-12-21 16:32:29 +08:00
|
|
|
#ifdef CONFIG_SMP
|
2020-09-07 21:42:10 +08:00
|
|
|
mfspr r1, SPRN_SPRG_THREAD
|
|
|
|
lwz r1, TASK_CPU - THREAD(r1)
|
|
|
|
slwi r1, r1, 3
|
2021-11-18 17:39:53 +08:00
|
|
|
addis r1, r1, emergency_ctx-PAGE_OFFSET@ha
|
powerpc/32: Add early stack overflow detection with VMAP stack.
To avoid recursive faults, stack overflow detection has to be
performed before writing in the stack in exception prologs.
Do it by checking the alignment. If the stack pointer alignment is
wrong, it means it is pointing to the following or preceding page.
Without VMAP stack, a stack overflow is catastrophic. With VMAP
stack, a stack overflow isn't destructive, so don't panic. Kill
the task with SIGSEGV instead.
A dedicated overflow stack is set up for each CPU.
lkdtm: Performing direct entry EXHAUST_STACK
lkdtm: Calling function with 512 frame size to depth 32 ...
lkdtm: loop 32/32 ...
lkdtm: loop 31/32 ...
lkdtm: loop 30/32 ...
lkdtm: loop 29/32 ...
lkdtm: loop 28/32 ...
lkdtm: loop 27/32 ...
lkdtm: loop 26/32 ...
lkdtm: loop 25/32 ...
lkdtm: loop 24/32 ...
lkdtm: loop 23/32 ...
lkdtm: loop 22/32 ...
lkdtm: loop 21/32 ...
lkdtm: loop 20/32 ...
Kernel stack overflow in process test[359], r1=c900c008
Oops: Kernel stack overflow, sig: 6 [#1]
BE PAGE_SIZE=4K MMU=Hash PowerMac
Modules linked in:
CPU: 0 PID: 359 Comm: test Not tainted 5.3.0-rc7+ #2225
NIP: c0622060 LR: c0626710 CTR: 00000000
REGS: c0895f48 TRAP: 0000 Not tainted (5.3.0-rc7+)
MSR: 00001032 <ME,IR,DR,RI> CR: 28004224 XER: 00000000
GPR00: c0626ca4 c900c008 c783c000 c07335cc c900c010 c07335cc c900c0f0 c07335cc
GPR08: c900c0f0 00000001 00000000 00000000 28008222 00000000 00000000 00000000
GPR16: 00000000 00000000 10010128 10010000 b799c245 10010158 c07335cc 00000025
GPR24: c0690000 c08b91d4 c068f688 00000020 c900c0f0 c068f668 c08b95b4 c08b91d4
NIP [c0622060] format_decode+0x0/0x4d4
LR [c0626710] vsnprintf+0x80/0x5fc
Call Trace:
[c900c068] [c0626ca4] vscnprintf+0x18/0x48
[c900c078] [c007b944] vprintk_store+0x40/0x214
[c900c0b8] [c007bf50] vprintk_emit+0x90/0x1dc
[c900c0e8] [c007c5cc] printk+0x50/0x60
[c900c128] [c03da5b0] recursive_loop+0x44/0x6c
[c900c338] [c03da5c4] recursive_loop+0x58/0x6c
[c900c548] [c03da5c4] recursive_loop+0x58/0x6c
[c900c758] [c03da5c4] recursive_loop+0x58/0x6c
[c900c968] [c03da5c4] recursive_loop+0x58/0x6c
[c900cb78] [c03da5c4] recursive_loop+0x58/0x6c
[c900cd88] [c03da5c4] recursive_loop+0x58/0x6c
[c900cf98] [c03da5c4] recursive_loop+0x58/0x6c
[c900d1a8] [c03da5c4] recursive_loop+0x58/0x6c
[c900d3b8] [c03da5c4] recursive_loop+0x58/0x6c
[c900d5c8] [c03da5c4] recursive_loop+0x58/0x6c
[c900d7d8] [c03da5c4] recursive_loop+0x58/0x6c
[c900d9e8] [c03da5c4] recursive_loop+0x58/0x6c
[c900dbf8] [c03da5c4] recursive_loop+0x58/0x6c
[c900de08] [c03da67c] lkdtm_EXHAUST_STACK+0x30/0x4c
[c900de18] [c03da3e8] direct_entry+0xc8/0x140
[c900de48] [c029fb40] full_proxy_write+0x64/0xcc
[c900de68] [c01500f8] __vfs_write+0x30/0x1d0
[c900dee8] [c0152cb8] vfs_write+0xb8/0x1d4
[c900df08] [c0152f7c] ksys_write+0x58/0xe8
[c900df38] [c0014208] ret_from_syscall+0x0/0x34
--- interrupt: c01 at 0xf806664
LR = 0x1000c868
Instruction dump:
4bffff91 80010014 7c832378 7c0803a6 38210010 4e800020 3d20c08a 3ca0c089
8089a0cc 38a58f0c 38600001 4ba2d494 <9421ffe0> 7c0802a6 bfc10018 7c9f2378
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/1b89c121b4070c7ee99e4f22cc178f15a736b07b.1576916812.git.christophe.leroy@c-s.fr
2019-12-21 16:32:29 +08:00
|
|
|
#else
|
2021-11-18 17:39:53 +08:00
|
|
|
lis r1, emergency_ctx-PAGE_OFFSET@ha
|
powerpc/32: Add early stack overflow detection with VMAP stack.
To avoid recursive faults, stack overflow detection has to be
performed before writing in the stack in exception prologs.
Do it by checking the alignment. If the stack pointer alignment is
wrong, it means it is pointing to the following or preceding page.
Without VMAP stack, a stack overflow is catastrophic. With VMAP
stack, a stack overflow isn't destructive, so don't panic. Kill
the task with SIGSEGV instead.
A dedicated overflow stack is set up for each CPU.
lkdtm: Performing direct entry EXHAUST_STACK
lkdtm: Calling function with 512 frame size to depth 32 ...
lkdtm: loop 32/32 ...
lkdtm: loop 31/32 ...
lkdtm: loop 30/32 ...
lkdtm: loop 29/32 ...
lkdtm: loop 28/32 ...
lkdtm: loop 27/32 ...
lkdtm: loop 26/32 ...
lkdtm: loop 25/32 ...
lkdtm: loop 24/32 ...
lkdtm: loop 23/32 ...
lkdtm: loop 22/32 ...
lkdtm: loop 21/32 ...
lkdtm: loop 20/32 ...
Kernel stack overflow in process test[359], r1=c900c008
Oops: Kernel stack overflow, sig: 6 [#1]
BE PAGE_SIZE=4K MMU=Hash PowerMac
Modules linked in:
CPU: 0 PID: 359 Comm: test Not tainted 5.3.0-rc7+ #2225
NIP: c0622060 LR: c0626710 CTR: 00000000
REGS: c0895f48 TRAP: 0000 Not tainted (5.3.0-rc7+)
MSR: 00001032 <ME,IR,DR,RI> CR: 28004224 XER: 00000000
GPR00: c0626ca4 c900c008 c783c000 c07335cc c900c010 c07335cc c900c0f0 c07335cc
GPR08: c900c0f0 00000001 00000000 00000000 28008222 00000000 00000000 00000000
GPR16: 00000000 00000000 10010128 10010000 b799c245 10010158 c07335cc 00000025
GPR24: c0690000 c08b91d4 c068f688 00000020 c900c0f0 c068f668 c08b95b4 c08b91d4
NIP [c0622060] format_decode+0x0/0x4d4
LR [c0626710] vsnprintf+0x80/0x5fc
Call Trace:
[c900c068] [c0626ca4] vscnprintf+0x18/0x48
[c900c078] [c007b944] vprintk_store+0x40/0x214
[c900c0b8] [c007bf50] vprintk_emit+0x90/0x1dc
[c900c0e8] [c007c5cc] printk+0x50/0x60
[c900c128] [c03da5b0] recursive_loop+0x44/0x6c
[c900c338] [c03da5c4] recursive_loop+0x58/0x6c
[c900c548] [c03da5c4] recursive_loop+0x58/0x6c
[c900c758] [c03da5c4] recursive_loop+0x58/0x6c
[c900c968] [c03da5c4] recursive_loop+0x58/0x6c
[c900cb78] [c03da5c4] recursive_loop+0x58/0x6c
[c900cd88] [c03da5c4] recursive_loop+0x58/0x6c
[c900cf98] [c03da5c4] recursive_loop+0x58/0x6c
[c900d1a8] [c03da5c4] recursive_loop+0x58/0x6c
[c900d3b8] [c03da5c4] recursive_loop+0x58/0x6c
[c900d5c8] [c03da5c4] recursive_loop+0x58/0x6c
[c900d7d8] [c03da5c4] recursive_loop+0x58/0x6c
[c900d9e8] [c03da5c4] recursive_loop+0x58/0x6c
[c900dbf8] [c03da5c4] recursive_loop+0x58/0x6c
[c900de08] [c03da67c] lkdtm_EXHAUST_STACK+0x30/0x4c
[c900de18] [c03da3e8] direct_entry+0xc8/0x140
[c900de48] [c029fb40] full_proxy_write+0x64/0xcc
[c900de68] [c01500f8] __vfs_write+0x30/0x1d0
[c900dee8] [c0152cb8] vfs_write+0xb8/0x1d4
[c900df08] [c0152f7c] ksys_write+0x58/0xe8
[c900df38] [c0014208] ret_from_syscall+0x0/0x34
--- interrupt: c01 at 0xf806664
LR = 0x1000c868
Instruction dump:
4bffff91 80010014 7c832378 7c0803a6 38210010 4e800020 3d20c08a 3ca0c089
8089a0cc 38a58f0c 38600001 4ba2d494 <9421ffe0> 7c0802a6 bfc10018 7c9f2378
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/1b89c121b4070c7ee99e4f22cc178f15a736b07b.1576916812.git.christophe.leroy@c-s.fr
2019-12-21 16:32:29 +08:00
|
|
|
#endif
|
2021-11-18 17:39:53 +08:00
|
|
|
lwz r1, emergency_ctx-PAGE_OFFSET@l(r1)
|
2021-03-12 20:50:25 +08:00
|
|
|
addi r1, r1, THREAD_SIZE - INT_FRAME_SIZE
|
2021-03-12 20:50:38 +08:00
|
|
|
EXCEPTION_PROLOG_2 0 vmap_stack_overflow
|
2021-03-12 20:50:41 +08:00
|
|
|
prepare_transfer_to_handler
|
|
|
|
bl stack_overflow_exception
|
|
|
|
b interrupt_return
|
powerpc/32: Add early stack overflow detection with VMAP stack.
To avoid recursive faults, stack overflow detection has to be
performed before writing in the stack in exception prologs.
Do it by checking the alignment. If the stack pointer alignment is
wrong, it means it is pointing to the following or preceding page.
Without VMAP stack, a stack overflow is catastrophic. With VMAP
stack, a stack overflow isn't destructive, so don't panic. Kill
the task with SIGSEGV instead.
A dedicated overflow stack is set up for each CPU.
lkdtm: Performing direct entry EXHAUST_STACK
lkdtm: Calling function with 512 frame size to depth 32 ...
lkdtm: loop 32/32 ...
lkdtm: loop 31/32 ...
lkdtm: loop 30/32 ...
lkdtm: loop 29/32 ...
lkdtm: loop 28/32 ...
lkdtm: loop 27/32 ...
lkdtm: loop 26/32 ...
lkdtm: loop 25/32 ...
lkdtm: loop 24/32 ...
lkdtm: loop 23/32 ...
lkdtm: loop 22/32 ...
lkdtm: loop 21/32 ...
lkdtm: loop 20/32 ...
Kernel stack overflow in process test[359], r1=c900c008
Oops: Kernel stack overflow, sig: 6 [#1]
BE PAGE_SIZE=4K MMU=Hash PowerMac
Modules linked in:
CPU: 0 PID: 359 Comm: test Not tainted 5.3.0-rc7+ #2225
NIP: c0622060 LR: c0626710 CTR: 00000000
REGS: c0895f48 TRAP: 0000 Not tainted (5.3.0-rc7+)
MSR: 00001032 <ME,IR,DR,RI> CR: 28004224 XER: 00000000
GPR00: c0626ca4 c900c008 c783c000 c07335cc c900c010 c07335cc c900c0f0 c07335cc
GPR08: c900c0f0 00000001 00000000 00000000 28008222 00000000 00000000 00000000
GPR16: 00000000 00000000 10010128 10010000 b799c245 10010158 c07335cc 00000025
GPR24: c0690000 c08b91d4 c068f688 00000020 c900c0f0 c068f668 c08b95b4 c08b91d4
NIP [c0622060] format_decode+0x0/0x4d4
LR [c0626710] vsnprintf+0x80/0x5fc
Call Trace:
[c900c068] [c0626ca4] vscnprintf+0x18/0x48
[c900c078] [c007b944] vprintk_store+0x40/0x214
[c900c0b8] [c007bf50] vprintk_emit+0x90/0x1dc
[c900c0e8] [c007c5cc] printk+0x50/0x60
[c900c128] [c03da5b0] recursive_loop+0x44/0x6c
[c900c338] [c03da5c4] recursive_loop+0x58/0x6c
[c900c548] [c03da5c4] recursive_loop+0x58/0x6c
[c900c758] [c03da5c4] recursive_loop+0x58/0x6c
[c900c968] [c03da5c4] recursive_loop+0x58/0x6c
[c900cb78] [c03da5c4] recursive_loop+0x58/0x6c
[c900cd88] [c03da5c4] recursive_loop+0x58/0x6c
[c900cf98] [c03da5c4] recursive_loop+0x58/0x6c
[c900d1a8] [c03da5c4] recursive_loop+0x58/0x6c
[c900d3b8] [c03da5c4] recursive_loop+0x58/0x6c
[c900d5c8] [c03da5c4] recursive_loop+0x58/0x6c
[c900d7d8] [c03da5c4] recursive_loop+0x58/0x6c
[c900d9e8] [c03da5c4] recursive_loop+0x58/0x6c
[c900dbf8] [c03da5c4] recursive_loop+0x58/0x6c
[c900de08] [c03da67c] lkdtm_EXHAUST_STACK+0x30/0x4c
[c900de18] [c03da3e8] direct_entry+0xc8/0x140
[c900de48] [c029fb40] full_proxy_write+0x64/0xcc
[c900de68] [c01500f8] __vfs_write+0x30/0x1d0
[c900dee8] [c0152cb8] vfs_write+0xb8/0x1d4
[c900df08] [c0152f7c] ksys_write+0x58/0xe8
[c900df38] [c0014208] ret_from_syscall+0x0/0x34
--- interrupt: c01 at 0xf806664
LR = 0x1000c868
Instruction dump:
4bffff91 80010014 7c832378 7c0803a6 38210010 4e800020 3d20c08a 3ca0c089
8089a0cc 38a58f0c 38600001 4ba2d494 <9421ffe0> 7c0802a6 bfc10018 7c9f2378
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/1b89c121b4070c7ee99e4f22cc178f15a736b07b.1576916812.git.christophe.leroy@c-s.fr
2019-12-21 16:32:29 +08:00
|
|
|
.endm
|
|
|
|
|
2019-04-30 20:38:50 +08:00
|
|
|
#endif /* __HEAD_32_H__ */
|