tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

powerpc/8xx: Fix pinned TLBs with CONFIG_STRICT_KERNEL_RWX

As spotted and explained in commit c12ab8dbc492 ("powerpc/8xx: Fix
Oops with STRICT_KERNEL_RWX without DEBUG_RODATA_TEST"), the selection
of STRICT_KERNEL_RWX without selecting DEBUG_RODATA_TEST has spotted
the lack of the DIRTY bit in the pinned kernel data TLBs.

This problem should have been detected a lot earlier if things had
been working as expected. But due to an incredible level of chance or
mishap, this went undetected because of a set of bugs: In fact the
DTLBs were not pinned, because instead of setting the reserve bit
in MD_CTR, it was set in MI_CTR that is the register for ITLBs.

But then, another huge bug was there: the physical address was
reset to 0 at the boundary between RO and RW areas, leading to the
same physical space being mapped at both 0xc0000000 and 0xc8000000.
This had by miracle no consequence until now because the entry was
not really pinned so it was overwritten soon enough to go undetected.

Of course, now that we really pin the DTLBs, it must be fixed as well.

Fixes: f76c8f6d257c ("powerpc/8xx: Add function to set pinned TLBs")
Cc: stable@vger.kernel.org # v5.8+
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Depends-on: c12ab8dbc492 ("powerpc/8xx: Fix Oops with STRICT_KERNEL_RWX without DEBUG_RODATA_TEST")
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/a21e9a057fe2d247a535aff0d157a54eefee017a.1636963688.git.christophe.leroy@csgroup.eu

authored by

Christophe Leroy and committed by
Michael Ellerman 1e35eba4 5499802b

+7 -6
+7 -6
arch/powerpc/kernel/head_8xx.S
··· 733 #ifdef CONFIG_PIN_TLB_DATA 734 LOAD_REG_IMMEDIATE(r6, PAGE_OFFSET) 735 LOAD_REG_IMMEDIATE(r7, MI_SVALID | MI_PS8MEG | _PMD_ACCESSED) 736 #ifdef CONFIG_PIN_TLB_IMMR 737 li r0, 3 738 #else ··· 742 mtctr r0 743 cmpwi r4, 0 744 beq 4f 745 - LOAD_REG_IMMEDIATE(r8, 0xf0 | _PAGE_RO | _PAGE_SPS | _PAGE_SH | _PAGE_PRESENT) 746 LOAD_REG_ADDR(r9, _sinittext) 747 748 2: ori r0, r6, MD_EVALID 749 mtspr SPRN_MD_CTR, r5 750 mtspr SPRN_MD_EPN, r0 751 mtspr SPRN_MD_TWC, r7 752 - mtspr SPRN_MD_RPN, r8 753 addi r5, r5, 0x100 754 addis r6, r6, SZ_8M@h 755 addis r8, r8, SZ_8M@h 756 cmplw r6, r9 757 bdnzt lt, 2b 758 - 759 - 4: LOAD_REG_IMMEDIATE(r8, 0xf0 | _PAGE_DIRTY | _PAGE_SPS | _PAGE_SH | _PAGE_PRESENT) 760 2: ori r0, r6, MD_EVALID 761 mtspr SPRN_MD_CTR, r5 762 mtspr SPRN_MD_EPN, r0 763 mtspr SPRN_MD_TWC, r7 764 - mtspr SPRN_MD_RPN, r8 765 addi r5, r5, 0x100 766 addis r6, r6, SZ_8M@h 767 addis r8, r8, SZ_8M@h ··· 782 #endif 783 #if defined(CONFIG_PIN_TLB_IMMR) || defined(CONFIG_PIN_TLB_DATA) 784 lis r0, (MD_RSV4I | MD_TWAM)@h 785 - mtspr SPRN_MI_CTR, r0 786 #endif 787 mtspr SPRN_SRR1, r10 788 mtspr SPRN_SRR0, r11
··· 733 #ifdef CONFIG_PIN_TLB_DATA 734 LOAD_REG_IMMEDIATE(r6, PAGE_OFFSET) 735 LOAD_REG_IMMEDIATE(r7, MI_SVALID | MI_PS8MEG | _PMD_ACCESSED) 736 + li r8, 0 737 #ifdef CONFIG_PIN_TLB_IMMR 738 li r0, 3 739 #else ··· 741 mtctr r0 742 cmpwi r4, 0 743 beq 4f 744 LOAD_REG_ADDR(r9, _sinittext) 745 746 2: ori r0, r6, MD_EVALID 747 + ori r12, r8, 0xf0 | _PAGE_RO | _PAGE_SPS | _PAGE_SH | _PAGE_PRESENT 748 mtspr SPRN_MD_CTR, r5 749 mtspr SPRN_MD_EPN, r0 750 mtspr SPRN_MD_TWC, r7 751 + mtspr SPRN_MD_RPN, r12 752 addi r5, r5, 0x100 753 addis r6, r6, SZ_8M@h 754 addis r8, r8, SZ_8M@h 755 cmplw r6, r9 756 bdnzt lt, 2b 757 + 4: 758 2: ori r0, r6, MD_EVALID 759 + ori r12, r8, 0xf0 | _PAGE_DIRTY | _PAGE_SPS | _PAGE_SH | _PAGE_PRESENT 760 mtspr SPRN_MD_CTR, r5 761 mtspr SPRN_MD_EPN, r0 762 mtspr SPRN_MD_TWC, r7 763 + mtspr SPRN_MD_RPN, r12 764 addi r5, r5, 0x100 765 addis r6, r6, SZ_8M@h 766 addis r8, r8, SZ_8M@h ··· 781 #endif 782 #if defined(CONFIG_PIN_TLB_IMMR) || defined(CONFIG_PIN_TLB_DATA) 783 lis r0, (MD_RSV4I | MD_TWAM)@h 784 + mtspr SPRN_MD_CTR, r0 785 #endif 786 mtspr SPRN_SRR1, r10 787 mtspr SPRN_SRR0, r11