From 3e607dc4df180b72a38e75030cb0f94d12808712 Mon Sep 17 00:00:00 2001

From: Nicholas Piggin <npiggin@gmail.com>

Date: Tue, 5 Oct 2021 00:56:38 +1000

Subject: [PATCH] powerpc/64s: fix program check interrupt emergency stack path

References: bsc#1156395

Patch-mainline: v5.15-rc5

Git-commit: 3e607dc4df180b72a38e75030cb0f94d12808712

Emergency stack path was jumping into a 3: label inside the

__GEN_COMMON_BODY macro for the normal path after it had finished,

rather than jumping over it. By a small miracle this is the correct

place to build up a new interrupt frame with the existing stack

pointer, so things basically worked okay with an added weird looking

700 trap frame on top (which had the wrong ->nip so it didn't decode

bug messages either).

Fix this by avoiding using numeric labels when jumping over non-trivial

macros.

Before:

 LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA PowerNV

 Modules linked in:

 CPU: 0 PID: 88 Comm: sh Not tainted 5.15.0-rc2-00034-ge057cdade6e5 #2637

 NIP:  7265677368657265 LR: c00000000006c0c8 CTR: c0000000000097f0

 REGS: c0000000fffb3a50 TRAP: 0700   Not tainted

 MSR:  9000000000021031 <SF,HV,ME,IR,DR,LE>  CR: 00000700  XER: 20040000

 CFAR: c0000000000098b0 IRQMASK: 0

 GPR00: c00000000006c964 c0000000fffb3cf0 c000000001513800 0000000000000000

 GPR04: 0000000048ab0778 0000000042000000 0000000000000000 0000000000001299

 GPR08: 000001e447c718ec 0000000022424282 0000000000002710 c00000000006bee8

 GPR12: 9000000000009033 c0000000016b0000 00000000000000b0 0000000000000001

 GPR16: 0000000000000000 0000000000000002 0000000000000000 0000000000000ff8

 GPR20: 0000000000001fff 0000000000000007 0000000000000080 00007fff89d90158

 GPR24: 0000000002000000 0000000002000000 0000000000000255 0000000000000300

 GPR28: c000000001270000 0000000042000000 0000000048ab0778 c000000080647e80

 NIP [7265677368657265] 0x7265677368657265

 LR [c00000000006c0c8] ___do_page_fault+0x3f8/0xb10

 Call Trace:

 [c0000000fffb3cf0] [c00000000000bdac] soft_nmi_common+0x13c/0x1d0 (unreliable)

 --- interrupt: 700 at decrementer_common_virt+0xb8/0x230

 NIP:  c0000000000098b8 LR: c00000000006c0c8 CTR: c0000000000097f0

 REGS: c0000000fffb3d60 TRAP: 0700   Not tainted

 MSR:  9000000000021031 <SF,HV,ME,IR,DR,LE>  CR: 22424282  XER: 20040000

 CFAR: c0000000000098b0 IRQMASK: 0

 GPR00: c00000000006c964 0000000000002400 c000000001513800 0000000000000000

 GPR04: 0000000048ab0778 0000000042000000 0000000000000000 0000000000001299

 GPR08: 000001e447c718ec 0000000022424282 0000000000002710 c00000000006bee8

 GPR12: 9000000000009033 c0000000016b0000 00000000000000b0 0000000000000001

 GPR16: 0000000000000000 0000000000000002 0000000000000000 0000000000000ff8

 GPR20: 0000000000001fff 0000000000000007 0000000000000080 00007fff89d90158

 GPR24: 0000000002000000 0000000002000000 0000000000000255 0000000000000300

 GPR28: c000000001270000 0000000042000000 0000000048ab0778 c000000080647e80

 NIP [c0000000000098b8] decrementer_common_virt+0xb8/0x230

 LR [c00000000006c0c8] ___do_page_fault+0x3f8/0xb10

 --- interrupt: 700

 Instruction dump:

 XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX

 XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX

 ---[ end trace 6d28218e0cc3c949 ]---

After:

 ------------[ cut here ]------------

 kernel BUG at arch/powerpc/kernel/exceptions-64s.S:491!

 Oops: Exception in kernel mode, sig: 5 [#1]

 LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA PowerNV

 Modules linked in:

 CPU: 0 PID: 88 Comm: login Not tainted 5.15.0-rc2-00034-ge057cdade6e5-dirty #2638

 NIP:  c0000000000098b8 LR: c00000000006bf04 CTR: c0000000000097f0

 REGS: c0000000fffb3d60 TRAP: 0700   Not tainted

 MSR:  9000000000021031 <SF,HV,ME,IR,DR,LE>  CR: 24482227  XER: 00040000

 CFAR: c0000000000098b0 IRQMASK: 0

 GPR00: c00000000006bf04 0000000000002400 c000000001513800 c000000001271868

 GPR04: 00000000100f0d29 0000000042000000 0000000000000007 0000000000000009

 GPR08: 00000000100f0d29 0000000024482227 0000000000002710 c000000000181b3c

 GPR12: 9000000000009033 c0000000016b0000 00000000100f0d29 c000000005b22f00

 GPR16: 00000000ffff0000 0000000000000001 0000000000000009 00000000100eed90

 GPR20: 00000000100eed90 0000000010000000 000000001000a49c 00000000100f1430

 GPR24: c000000001271868 0000000002000000 0000000000000215 0000000000000300

 GPR28: c000000001271800 0000000042000000 00000000100f0d29 c000000080647860

 NIP [c0000000000098b8] decrementer_common_virt+0xb8/0x230

 LR [c00000000006bf04] ___do_page_fault+0x234/0xb10

 Call Trace:

 Instruction dump:

 4182000c 39400001 48000008 894d0932 714a0001 39400008 408225fc 718a4000

 7c2a0b78 3821fcf0 41c20008 e82d0910 <0981fcf0> f92101a0 f9610170 f9810178

 ---[ end trace a5dbd1f5ea4ccc51 ]---

Fixes: 0a882e28468f4 ("powerpc/64s/exception: remove bad stack branch")

Signed-off-by: Nicholas Piggin <npiggin@gmail.com>

Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>

Link: https://lore.kernel.org/r/20211004145642.1331214-2-npiggin@gmail.com

Acked-by: Michal Suchanek <msuchanek@suse.de>

---

 arch/powerpc/kernel/exceptions-64s.S | 17 ++++++++++-------

 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/arch/powerpc/kernel/exceptions-64s.S b/arch/powerpc/kernel/exceptions-64s.S

index 37859e62a8dc..024d9231f88c 100644

--- a/arch/powerpc/kernel/exceptions-64s.S

+++ b/arch/powerpc/kernel/exceptions-64s.S

@@ -1665,27 +1665,30 @@ EXC_COMMON_BEGIN(program_check_common)

 	 */

 	andi.	r10,r12,MSR_PR

-	bne	2f			/* If userspace, go normal path */

+	bne	.Lnormal_stack		/* If userspace, go normal path */

 	andis.	r10,r12,(SRR1_PROGTM)@h

-	bne	1f			/* If TM, emergency		*/

+	bne	.Lemergency_stack	/* If TM, emergency		*/

 	cmpdi	r1,-INT_FRAME_SIZE	/* check if r1 is in userspace	*/

-	blt	2f			/* normal path if not		*/

+	blt	.Lnormal_stack		/* normal path if not		*/

 	/* Use the emergency stack					*/

-1:	andi.	r10,r12,MSR_PR		/* Set CR0 correctly for label	*/

+.Lemergency_stack:

+	andi.	r10,r12,MSR_PR		/* Set CR0 correctly for label	*/

 					/* 3 in EXCEPTION_PROLOG_COMMON	*/

 	mr	r10,r1			/* Save r1			*/

 	ld	r1,PACAEMERGSP(r13)	/* Use emergency stack		*/

 	subi	r1,r1,INT_FRAME_SIZE	/* alloc stack frame		*/

 	__ISTACK(program_check)=0

 	__GEN_COMMON_BODY program_check

-	b 3f

-2:

+	b .Ldo_program_check

+

+.Lnormal_stack:

 	__ISTACK(program_check)=1

 	__GEN_COMMON_BODY program_check

-3:

+

+.Ldo_program_check:

 	addi	r3,r1,STACK_FRAME_OVERHEAD

 	bl	program_check_exception

 	REST_NVGPRS(r1) /* instruction emulation may change GPRs */

-- 

2.31.1