| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 17 Jan 2019 11:14:54 +0100
From: Christophe Leroy <christophe.leroy@....fr>
To: Jonathan Neuschäfer <j.neuschaefer@....net>
Cc: Benjamin Herrenschmidt <benh@...nel.crashing.org>,
Paul Mackerras <paulus@...ba.org>,
Michael Ellerman <mpe@...erman.id.au>,
linux-kernel@...r.kernel.org, linuxppc-dev@...ts.ozlabs.org
Subject: Re: [PATCH v2 00/15] powerpc/32s: Use BATs/LTLBs for
STRICT_KERNEL_RWX
Le 17/01/2019 à 00:48, Jonathan Neuschäfer a écrit :
> On Wed, Jan 16, 2019 at 02:34:53PM +0100, Christophe Leroy wrote:
>> Le 16/01/2019 à 14:16, Jonathan Neuschäfer a écrit :
>>> On Wed, Jan 16, 2019 at 07:55:29AM +0100, Christophe Leroy wrote:
>>>> Le 16/01/2019 à 01:35, Jonathan Neuschäfer a écrit :
>>>>> Thinning the kernel down a bit actually makes it boot again. Ooops...!
>>>>> Maybe enabling CONFIG_STRICT_KERNEL_RWX has made it just large enough to
>>>>> fail the hash table allocation, but there may have been other factors
>>>>> involved (I'm not sure exactly). Sorry for the confusion!
>>>>
>>>> Ok, that must be the reason. Thanks for testing.
>>>>
>>>> What about the following modification which maps a second 256Mb BAT, does it
>>>> helps ?
>>>>
>>>>
>>>>
>>>> diff --git a/arch/powerpc/kernel/head_32.S b/arch/powerpc/kernel/head_32.S
>>>> index c2f564690778..ea574596de37 100644
>>>> --- a/arch/powerpc/kernel/head_32.S
>>>> +++ b/arch/powerpc/kernel/head_32.S
>>>> @@ -1160,6 +1160,14 @@ initial_bats:
>>>> mtspr SPRN_DBAT0U,r11 /* bit in upper BAT register */
>>>> mtspr SPRN_IBAT0L,r8
>>>> mtspr SPRN_IBAT0U,r11
>>>> +#ifdef CONFIG_WII
>>>> + addis r11,r11,0x10000000@h
>>>> + addis r8,r8,0x10000000@h
>>>> + mtspr SPRN_DBAT2L,r8
>>>> + mtspr SPRN_DBAT2U,r11
>>>> + mtspr SPRN_IBAT2L,r8
>>>> + mtspr SPRN_IBAT2U,r11
>>>> +#endif
>>>> isync
>>>> blr
>>>>
>>>> diff --git a/arch/powerpc/mm/ppc_mmu_32.c b/arch/powerpc/mm/ppc_mmu_32.c
>>>> index 3f4193201ee7..a334fd5210a8 100644
>>>> --- a/arch/powerpc/mm/ppc_mmu_32.c
>>>> +++ b/arch/powerpc/mm/ppc_mmu_32.c
>>>> @@ -259,6 +259,8 @@ void setup_initial_memory_limit(phys_addr_t
>>>> first_memblock_base,
>>>> /* 601 can only access 16MB at the moment */
>>>> if (PVR_VER(mfspr(SPRN_PVR)) == 1)
>>>> memblock_set_current_limit(min_t(u64, first_memblock_size, 0x01000000));
>>>> + else if (IS_ENABLED(CONFIG_WII))
>>>> + memblock_set_current_limit(min_t(u64, first_memblock_size, 0x20000000));
>>>> else /* Anything else has 256M mapped */
>>>> memblock_set_current_limit(min_t(u64, first_memblock_size, 0x10000000));
>>>> }
>>>
>>> I haven't tested it, but this patch won't be enough, because we're only
>>> looking at the first memblock, and the additional memory in the Wii
>>> (MEM2) is the second memblock.
>>>
>>
>> Yes right.
>>
>>
>> Would the following work instead ?
>>
>> memblock_set_current_limit(0x20000000);
>
> With the config at https://gist.githubusercontent.com/neuschaefer/12ccc87ff8aeff543fad558e8742cd2b/raw/d49d321709cac364779e6893bbd91ff5a80bcb03/config
> it still doesn't boot, but with a different error:
>
> top of MEM2 @ 13F00000
>
> zImage starting: loaded at 0x01000000 (sp: 0x0178afa0)
> Allocating 0x166b2c8 bytes for kernel...
> Decompressing (0x00000000 <- 0x01011000:0x01788799)...
> Done! Decompressed 0xf421f4 bytes
>
> Linux/PowerPC load: root=/dev/mmcblk0p2 rootwait console=usbgecko1
> Finalizing device tree... flat tree at 0x178b7a0
> [ 0.000000] printk: bootconsole [udbg0] enabled
> [ 0.000000] __memblock_find_range_top_down(1000:20000000, 100000:100000, ffffffff, 0)
> [ 0.000000] __memblock_find_range_top_down: in loop, 10000000:13f00000
> [ 0.000000] Total memory = 319MB; using 1024kB for hash table (at d3e00000)
> [ 0.000000] __memblock_find_range_top_down(1000:20000000, 1000:1000, ffffffff, 0)
> [ 0.000000] __memblock_find_range_top_down: in loop, 10000000:13e00000
> [ 0.000000] __memblock_find_range_top_down(1000:20000000, 1000:1000, ffffffff, 0)
> [ 0.000000] __memblock_find_range_top_down: in loop, 10000000:13dff000
> [ 0.000000] BUG: Unable to handle kernel data access at 0xc106a434
> [ 0.000000] Faulting instruction address: 0xc0071bf4
> [ 0.000000] Oops: Kernel access of bad area, sig: 11 [#1]
> [ 0.000000] BE PREEMPT
> [ 0.000000] Modules linked in:
> [ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 5.0.0-rc1-wii-00038-gc34b70d591b6-dirty #1337
> [ 0.000000] NIP: c0071bf4 LR: c00727d8 CTR: 00000000
> [ 0.000000] REGS: c0f1fd30 TRAP: 0300 Not tainted (5.0.0-rc1-wii-00038-gc34b70d591b6-dirty)
> [ 0.000000] MSR: 00001032 <ME,IR,DR,RI> CR: 44002842 XER: 00000000
> [ 0.000000] DAR: c106a434 DSISR: 40000000
> [ 0.000000] GPR00: c0074a98 c0f1fde0 c0ead4a0 c0ead4a0 c0ead9c8 00000008 00000000 00000000
> [ 0.000000] GPR08: 00000003 c106a418 00000258 00000001 24000444 fb43ef5b c0f30000 7561f327
> [ 0.000000] GPR16: c0f40000 691cfd11 38afe359 f161e513 00000000 c0ead9c8 00000001 00000000
> [ 0.000000] GPR24: 00000000 c0f46288 00000000 c0ead4a0 c0ead9c8 00000008 c0ead4a0 00000100
> [ 0.000000] NIP [c0071bf4] mark_lock+0x64/0x858
> [ 0.000000] LR [c00727d8] __lock_acquire+0x334/0x1a40
> [ 0.000000] Call Trace:
> [ 0.000000] [c0f1fe20] [00000006] 0x6
> [ 0.000000] [c0f1fed0] [c0074a98] lock_acquire+0x110/0x20c
> [ 0.000000] [c0f1ff10] [c085e8cc] _raw_spin_lock+0x44/0x60
> [ 0.000000] [c0f1ff30] [c007f220] vprintk_emit+0xa0/0x328
> [ 0.000000] [c0f1ff70] [c007fc48] printk+0x5c/0x84
> [ 0.000000] [c0f1ffb0] [c0c00854] start_kernel+0x64/0x460
> [ 0.000000] [c0f1fff0] [00003438] 0x3438
> [ 0.000000] Instruction dump:
> [ 0.000000] 41820170 55086cfe 550a083c 7d4a4214 554a1838 3d20c0f4 7d4a4214 39296288
> [ 0.000000] 554a1838 3d290012 7d295214 39293f38 <8129001c> 7fe94839 41820028 3bc00001
> [ 0.000000] random: get_random_bytes called from print_oops_end_marker+0x34/0x6c with crng_init=0
> [ 0.000000] ---[ end trace 0000000000000000 ]---
> [ 0.000000]
> [ 0.000000] Kernel panic - not syncing: Attempted to kill the idle task!
>
> Not sure what's wrong. It does work with wii_defconfig, though.
> I think for now I'm happy without this patch, as it doesn't seem to be
> really necessary.
That's strange, 0xc106a434 is within the first block, should not be a
problem, should it ?
According to DSISR, the fault is due to: Set if the translation of an
attempted access is not found in the primary or secondary hash table entry
group (HTEG), or in the range of a DBAT register (page fault condition)
Ok, won't spend more time on that for now, 24Mbytes should be OK for
early init in most cases.
Christophe
>
>
> Jonathan
>
Powered by blists - more mailing lists