lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20240618093439.16982-1-jinglin.wen@shingroup.cn>
Date: Tue, 18 Jun 2024 17:34:39 +0800
From: Jinglin Wen <jinglin.wen@...ngroup.cn>
To: mpe@...erman.id.au
Cc: npiggin@...il.com,
	christophe.leroy@...roup.eu,
	naveen.n.rao@...ux.ibm.com,
	masahiroy@...nel.org,
	linuxppc-dev@...ts.ozlabs.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] powerpc: Fixed duplicate copying in the early boot.

Hi Michael Ellerman,

Michael Ellerman <mpe@...erman.id.au> writes:
> Jinglin Wen <jinglin.wen@...ngroup.cn> writes:
> > According to the code logic, when the kernel is loaded to address 0,
> > no copying operation should be performed, but it is currently being
> > done.
> >
> > This patch fixes the issue where the kernel code was incorrectly
> > duplicated to address 0 when booting from address 0.
> >
> > Signed-off-by: Jinglin Wen <jinglin.wen@...ngroup.cn>
> > ---
> >  arch/powerpc/kernel/head_64.S | 4 +++-
> >  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> Thanks for the improved change log.
> 
> The subject could probably still be clearer, maybe:
>   Fix unnecessary copy to 0 when kernel is booted at address 0

Thanks for your feedback, I will revise my subject.

> 
> Looks like this was introduced by:
> 
>   Fixes: b270bebd34e3 ("powerpc/64s: Run at the kernel virtual address earlier in boot")
>   Cc: stable@...r.kernel.org # v6.4+
> 
> Let me know if you think otherwise.
> 
> Just out of interest, how are you hitting this bug? AFAIK none of our
> "normal" boot loaders will load the kernel at 0. 
> 
> > diff --git a/arch/powerpc/kernel/head_64.S b/arch/powerpc/kernel/head_64.S
> > index 4690c219bfa4..6c73551bdc50 100644
> > --- a/arch/powerpc/kernel/head_64.S
> > +++ b/arch/powerpc/kernel/head_64.S
> > @@ -647,7 +647,9 @@ __after_prom_start:
> >   * Note: This process overwrites the OF exception vectors.
> >   */
> >  	LOAD_REG_IMMEDIATE(r3, PAGE_OFFSET)
> > -	mr.	r4,r26			/* In some cases the loader may  */
> > +	tophys(r4,r26)
> > +	cmplwi	cr0,r4,0	/* runtime base addr is zero */
> > +	mr	r4,r26			/* In some cases the loader may */
> >  	beq	9f			/* have already put us at zero */
> 	
> That is a pretty minimal fix, but I think the code would be clearer if
> we just compared the source and destination addresses.
> 
> Something like the diff below. Can you confirm that works for you.
> 
> cheers
> 

As for how I discovered this bug, we use zImage.epapr for emulation, which 
loads vmlinux.bin at address 0. When vmlinux.bin is relatively large, I 
found that the boot time of Linux 6.6 is much slower compared to Linux 5.10.108. 
I discovered this issue while comparing the code between the two versions.

> diff --git a/arch/powerpc/kernel/head_64.S b/arch/powerpc/kernel/head_64.S
> index 4690c219bfa4..6ad1435303f9 100644
> --- a/arch/powerpc/kernel/head_64.S
> +++ b/arch/powerpc/kernel/head_64.S
> @@ -647,8 +647,9 @@ __after_prom_start:
>   * Note: This process overwrites the OF exception vectors.
>   */
>  	LOAD_REG_IMMEDIATE(r3, PAGE_OFFSET)
> -	mr.	r4,r26			/* In some cases the loader may  */
> -	beq	9f			/* have already put us at zero */
> +	mr	r4, r26			// Load the source address into r4
> +	cmpld	cr0, r3, r4		// Check if source == dest
> +	beq	9f			// If so skip the copy
>  	li	r6,0x100		/* Start offset, the first 0x100 */
>  					/* bytes were copied earlier.	 */

Indeed, your code looks much clearer. I will make the following modifications 
based on your code:

diff --git a/arch/powerpc/kernel/head_64.S b/arch/powerpc/kernel/head_64.S
index 4690c219bfa4..751181dfb897 100644
--- a/arch/powerpc/kernel/head_64.S
+++ b/arch/powerpc/kernel/head_64.S
@@ -647,8 +647,9 @@ __after_prom_start:
  * Note: This process overwrites the OF exception vectors.
  */
        LOAD_REG_IMMEDIATE(r3, PAGE_OFFSET)
-       mr.     r4,r26                  /* In some cases the loader may  */
-       beq     9f                      /* have already put us at zero */
+       mr      r4,r26                  /* Load the virtual source address into r4 */
+       cmpd    r3,r4           /* Check if source == dest */
+       beq     9f                      /* If so skip the copy  */
        li      r6,0x100                /* Start offset, the first 0x100 */
                                        /* bytes were copied earlier.    */ 

Thanks,

Jinglin Wen

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ