lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 17 Jan 2019 11:14:54 +0100 From: Christophe Leroy <christophe.leroy@....fr> To: Jonathan Neuschäfer <j.neuschaefer@....net> Cc: Benjamin Herrenschmidt <benh@...nel.crashing.org>, Paul Mackerras <paulus@...ba.org>, Michael Ellerman <mpe@...erman.id.au>, linux-kernel@...r.kernel.org, linuxppc-dev@...ts.ozlabs.org Subject: Re: [PATCH v2 00/15] powerpc/32s: Use BATs/LTLBs for STRICT_KERNEL_RWX Le 17/01/2019 à 00:48, Jonathan Neuschäfer a écrit : > On Wed, Jan 16, 2019 at 02:34:53PM +0100, Christophe Leroy wrote: >> Le 16/01/2019 à 14:16, Jonathan Neuschäfer a écrit : >>> On Wed, Jan 16, 2019 at 07:55:29AM +0100, Christophe Leroy wrote: >>>> Le 16/01/2019 à 01:35, Jonathan Neuschäfer a écrit : >>>>> Thinning the kernel down a bit actually makes it boot again. Ooops...! >>>>> Maybe enabling CONFIG_STRICT_KERNEL_RWX has made it just large enough to >>>>> fail the hash table allocation, but there may have been other factors >>>>> involved (I'm not sure exactly). Sorry for the confusion! >>>> >>>> Ok, that must be the reason. Thanks for testing. >>>> >>>> What about the following modification which maps a second 256Mb BAT, does it >>>> helps ? >>>> >>>> >>>> >>>> diff --git a/arch/powerpc/kernel/head_32.S b/arch/powerpc/kernel/head_32.S >>>> index c2f564690778..ea574596de37 100644 >>>> --- a/arch/powerpc/kernel/head_32.S >>>> +++ b/arch/powerpc/kernel/head_32.S >>>> @@ -1160,6 +1160,14 @@ initial_bats: >>>> mtspr SPRN_DBAT0U,r11 /* bit in upper BAT register */ >>>> mtspr SPRN_IBAT0L,r8 >>>> mtspr SPRN_IBAT0U,r11 >>>> +#ifdef CONFIG_WII >>>> + addis r11,r11,0x10000000@h >>>> + addis r8,r8,0x10000000@h >>>> + mtspr SPRN_DBAT2L,r8 >>>> + mtspr SPRN_DBAT2U,r11 >>>> + mtspr SPRN_IBAT2L,r8 >>>> + mtspr SPRN_IBAT2U,r11 >>>> +#endif >>>> isync >>>> blr >>>> >>>> diff --git a/arch/powerpc/mm/ppc_mmu_32.c b/arch/powerpc/mm/ppc_mmu_32.c >>>> index 3f4193201ee7..a334fd5210a8 100644 >>>> --- a/arch/powerpc/mm/ppc_mmu_32.c >>>> +++ b/arch/powerpc/mm/ppc_mmu_32.c >>>> @@ -259,6 +259,8 @@ void setup_initial_memory_limit(phys_addr_t >>>> first_memblock_base, >>>> /* 601 can only access 16MB at the moment */ >>>> if (PVR_VER(mfspr(SPRN_PVR)) == 1) >>>> memblock_set_current_limit(min_t(u64, first_memblock_size, 0x01000000)); >>>> + else if (IS_ENABLED(CONFIG_WII)) >>>> + memblock_set_current_limit(min_t(u64, first_memblock_size, 0x20000000)); >>>> else /* Anything else has 256M mapped */ >>>> memblock_set_current_limit(min_t(u64, first_memblock_size, 0x10000000)); >>>> } >>> >>> I haven't tested it, but this patch won't be enough, because we're only >>> looking at the first memblock, and the additional memory in the Wii >>> (MEM2) is the second memblock. >>> >> >> Yes right. >> >> >> Would the following work instead ? >> >> memblock_set_current_limit(0x20000000); > > With the config at https://gist.githubusercontent.com/neuschaefer/12ccc87ff8aeff543fad558e8742cd2b/raw/d49d321709cac364779e6893bbd91ff5a80bcb03/config > it still doesn't boot, but with a different error: > > top of MEM2 @ 13F00000 > > zImage starting: loaded at 0x01000000 (sp: 0x0178afa0) > Allocating 0x166b2c8 bytes for kernel... > Decompressing (0x00000000 <- 0x01011000:0x01788799)... > Done! Decompressed 0xf421f4 bytes > > Linux/PowerPC load: root=/dev/mmcblk0p2 rootwait console=usbgecko1 > Finalizing device tree... flat tree at 0x178b7a0 > [ 0.000000] printk: bootconsole [udbg0] enabled > [ 0.000000] __memblock_find_range_top_down(1000:20000000, 100000:100000, ffffffff, 0) > [ 0.000000] __memblock_find_range_top_down: in loop, 10000000:13f00000 > [ 0.000000] Total memory = 319MB; using 1024kB for hash table (at d3e00000) > [ 0.000000] __memblock_find_range_top_down(1000:20000000, 1000:1000, ffffffff, 0) > [ 0.000000] __memblock_find_range_top_down: in loop, 10000000:13e00000 > [ 0.000000] __memblock_find_range_top_down(1000:20000000, 1000:1000, ffffffff, 0) > [ 0.000000] __memblock_find_range_top_down: in loop, 10000000:13dff000 > [ 0.000000] BUG: Unable to handle kernel data access at 0xc106a434 > [ 0.000000] Faulting instruction address: 0xc0071bf4 > [ 0.000000] Oops: Kernel access of bad area, sig: 11 [#1] > [ 0.000000] BE PREEMPT > [ 0.000000] Modules linked in: > [ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 5.0.0-rc1-wii-00038-gc34b70d591b6-dirty #1337 > [ 0.000000] NIP: c0071bf4 LR: c00727d8 CTR: 00000000 > [ 0.000000] REGS: c0f1fd30 TRAP: 0300 Not tainted (5.0.0-rc1-wii-00038-gc34b70d591b6-dirty) > [ 0.000000] MSR: 00001032 <ME,IR,DR,RI> CR: 44002842 XER: 00000000 > [ 0.000000] DAR: c106a434 DSISR: 40000000 > [ 0.000000] GPR00: c0074a98 c0f1fde0 c0ead4a0 c0ead4a0 c0ead9c8 00000008 00000000 00000000 > [ 0.000000] GPR08: 00000003 c106a418 00000258 00000001 24000444 fb43ef5b c0f30000 7561f327 > [ 0.000000] GPR16: c0f40000 691cfd11 38afe359 f161e513 00000000 c0ead9c8 00000001 00000000 > [ 0.000000] GPR24: 00000000 c0f46288 00000000 c0ead4a0 c0ead9c8 00000008 c0ead4a0 00000100 > [ 0.000000] NIP [c0071bf4] mark_lock+0x64/0x858 > [ 0.000000] LR [c00727d8] __lock_acquire+0x334/0x1a40 > [ 0.000000] Call Trace: > [ 0.000000] [c0f1fe20] [00000006] 0x6 > [ 0.000000] [c0f1fed0] [c0074a98] lock_acquire+0x110/0x20c > [ 0.000000] [c0f1ff10] [c085e8cc] _raw_spin_lock+0x44/0x60 > [ 0.000000] [c0f1ff30] [c007f220] vprintk_emit+0xa0/0x328 > [ 0.000000] [c0f1ff70] [c007fc48] printk+0x5c/0x84 > [ 0.000000] [c0f1ffb0] [c0c00854] start_kernel+0x64/0x460 > [ 0.000000] [c0f1fff0] [00003438] 0x3438 > [ 0.000000] Instruction dump: > [ 0.000000] 41820170 55086cfe 550a083c 7d4a4214 554a1838 3d20c0f4 7d4a4214 39296288 > [ 0.000000] 554a1838 3d290012 7d295214 39293f38 <8129001c> 7fe94839 41820028 3bc00001 > [ 0.000000] random: get_random_bytes called from print_oops_end_marker+0x34/0x6c with crng_init=0 > [ 0.000000] ---[ end trace 0000000000000000 ]--- > [ 0.000000] > [ 0.000000] Kernel panic - not syncing: Attempted to kill the idle task! > > Not sure what's wrong. It does work with wii_defconfig, though. > I think for now I'm happy without this patch, as it doesn't seem to be > really necessary. That's strange, 0xc106a434 is within the first block, should not be a problem, should it ? According to DSISR, the fault is due to: Set if the translation of an attempted access is not found in the primary or secondary hash table entry group (HTEG), or in the range of a DBAT register (page fault condition) Ok, won't spend more time on that for now, 24Mbytes should be OK for early init in most cases. Christophe > > > Jonathan >
Powered by blists - more mailing lists