[thirdparty/kernel/stable-queue.git] / releases / 4.16.4 / powerpc-mm-radix-fix-checkstops-caused-by-invalid-tlbiel.patch

From 2675c13b293a007b7b7f8229514126bd23df09a7 Mon Sep 17 00:00:00 2001
From: Michael Ellerman <mpe@ellerman.id.au>
Date: Thu, 12 Apr 2018 11:35:55 +1000
Subject: powerpc/mm/radix: Fix checkstops caused by invalid tlbiel

From: Michael Ellerman <mpe@ellerman.id.au>

commit 2675c13b293a007b7b7f8229514126bd23df09a7 upstream.

In tlbiel_radix_set_isa300() we use the PPC_TLBIEL() macro to
construct tlbiel instructions. The instruction takes 5 fields, two of
which are registers, and the others are constants. But because it's
constructed with inline asm the compiler doesn't know that.

We got the constraint wrong on the 'r' field, using "r" tells the
compiler to put the value in a register. The value we then get in the
macro is the *register number*, not the value of the field.

That means when we mask the register number with 0x1 we get 0 or 1
depending on which register the compiler happens to put the constant
in, eg:

  li      r10,1
  tlbiel  r8,r9,2,0,0

  li      r7,1
  tlbiel  r10,r6,0,0,1

If we're unlucky we might generate an invalid instruction form, for
example RIC=0, PRS=1 and R=0, tlbiel r8,r7,0,1,0, this has been
observed to cause machine checks:

  Oops: Machine check, sig: 7 [#1]
  CPU: 24 PID: 0 Comm: swapper
  NIP:  00000000000385f4 LR: 000000000100ed00 CTR: 000000000000007f
  REGS: c00000000110bb40 TRAP: 0200
  MSR:  9000000000201003 <SF,HV,ME,RI,LE>  CR: 48002222  XER: 20040000
  CFAR: 00000000000385d0 DAR: 0000000000001c00 DSISR: 00000200 SOFTE: 1

If the machine check happens early in boot while we have MSR_ME=0 it
will escalate into a checkstop and kill the box entirely.

To fix it we could change the inline asm constraint to "i" which
tells the compiler the value is a constant. But a better fix is to just
pass a literal 1 into the macro, which bypasses any problems with inline
asm constraints.

Fixes: d4748276ae14 ("powerpc/64s: Improve local TLB flush for boot and MCE on POWER9")
Cc: stable@vger.kernel.org # v4.16+
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Reviewed-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/powerpc/mm/tlb-radix.c |    5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

--- a/arch/powerpc/mm/tlb-radix.c
+++ b/arch/powerpc/mm/tlb-radix.c
@@ -33,13 +33,12 @@ static inline void tlbiel_radix_set_isa3
 {
 	unsigned long rb;
 	unsigned long rs;
-	unsigned int r = 1; /* radix format */
 
 	rb = (set << PPC_BITLSHIFT(51)) | (is << PPC_BITLSHIFT(53));
 	rs = ((unsigned long)pid << PPC_BITLSHIFT(31));
 
-	asm volatile(PPC_TLBIEL(%0, %1, %2, %3, %4)
-		     : : "r"(rb), "r"(rs), "i"(ric), "i"(prs), "r"(r)
+	asm volatile(PPC_TLBIEL(%0, %1, %2, %3, 1)
+		     : : "r"(rb), "r"(rs), "i"(ric), "i"(prs)
 		     : "memory");
 }
Commit	Line	Data
0f23eb5b GKH	1	From 2675c13b293a007b7b7f8229514126bd23df09a7 Mon Sep 17 00:00:00 2001
	2	From: Michael Ellerman <mpe@ellerman.id.au>
	3	Date: Thu, 12 Apr 2018 11:35:55 +1000
	4	Subject: powerpc/mm/radix: Fix checkstops caused by invalid tlbiel
	5
	6	From: Michael Ellerman <mpe@ellerman.id.au>
	7
	8	commit 2675c13b293a007b7b7f8229514126bd23df09a7 upstream.
	9
	10	In tlbiel_radix_set_isa300() we use the PPC_TLBIEL() macro to
	11	construct tlbiel instructions. The instruction takes 5 fields, two of
	12	which are registers, and the others are constants. But because it's
	13	constructed with inline asm the compiler doesn't know that.
	14
	15	We got the constraint wrong on the 'r' field, using "r" tells the
	16	compiler to put the value in a register. The value we then get in the
	17	macro is the register number, not the value of the field.
	18
	19	That means when we mask the register number with 0x1 we get 0 or 1
	20	depending on which register the compiler happens to put the constant
	21	in, eg:
	22
	23	li r10,1
	24	tlbiel r8,r9,2,0,0
	25
	26	li r7,1
	27	tlbiel r10,r6,0,0,1
	28
	29	If we're unlucky we might generate an invalid instruction form, for
	30	example RIC=0, PRS=1 and R=0, tlbiel r8,r7,0,1,0, this has been
	31	observed to cause machine checks:
	32
	33	Oops: Machine check, sig: 7 [#1]
	34	CPU: 24 PID: 0 Comm: swapper
	35	NIP: 00000000000385f4 LR: 000000000100ed00 CTR: 000000000000007f
	36	REGS: c00000000110bb40 TRAP: 0200
	37	MSR: 9000000000201003 <SF,HV,ME,RI,LE> CR: 48002222 XER: 20040000
	38	CFAR: 00000000000385d0 DAR: 0000000000001c00 DSISR: 00000200 SOFTE: 1
	39
	40	If the machine check happens early in boot while we have MSR_ME=0 it
	41	will escalate into a checkstop and kill the box entirely.
	42
	43	To fix it we could change the inline asm constraint to "i" which
	44	tells the compiler the value is a constant. But a better fix is to just
	45	pass a literal 1 into the macro, which bypasses any problems with inline
	46	asm constraints.
	47
	48	Fixes: d4748276ae14 ("powerpc/64s: Improve local TLB flush for boot and MCE on POWER9")
	49	Cc: stable@vger.kernel.org # v4.16+
	50	Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
	51	Reviewed-by: Nicholas Piggin <npiggin@gmail.com>
	52	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	53
	54	---
	55	arch/powerpc/mm/tlb-radix.c \| 5 ++---
	56	1 file changed, 2 insertions(+), 3 deletions(-)
	57
	58	--- a/arch/powerpc/mm/tlb-radix.c
	59	+++ b/arch/powerpc/mm/tlb-radix.c
	60	@@ -33,13 +33,12 @@ static inline void tlbiel_radix_set_isa3
	61	{
	62	unsigned long rb;
	63	unsigned long rs;
	64	- unsigned int r = 1; /* radix format */
65
66	rb = (set << PPC_BITLSHIFT(51)) \| (is << PPC_BITLSHIFT(53));
67	rs = ((unsigned long)pid << PPC_BITLSHIFT(31));
68
69	- asm volatile(PPC_TLBIEL(%0, %1, %2, %3, %4)
70	- : : "r"(rb), "r"(rs), "i"(ric), "i"(prs), "r"(r)
71	+ asm volatile(PPC_TLBIEL(%0, %1, %2, %3, 1)
72	+ : : "r"(rb), "r"(rs), "i"(ric), "i"(prs)
73	: "memory");
74	}
75