On Wed, 2017-12-06 at 08:21:14 UTC, Nicholas Piggin wrote: > kexec can leave MMU registers set when booting into a new kernel, PIDR > in particular. The boot sequence does not zero PIDR, so it only gets > set when CPUs first switch to a userspace processes (until then it's > running a kernel thread with effective PID = 0). > > This leaves a window where a process table entry and page tables are > set up due to user processes running on other CPUs, that happen to > match with a stale PID. The CPU with that PID may cause speculative > accesses that address quadrant 0, which will result in cached > translations and PWC for that process, on a CPU which is not in the > mm_cpumask and so they will not get invalidated properly. > > The most common result is the kernel hanging in infinite page fault > loops soon after kexec (usually in schedule_tail, which is usually the > first non-speculative quardant 0 access to a new PID) due to a stale > PWC. However being a stale translation error, it could result in > anything up to security and data corruption problems. > > Fix this by zeroing out PIDR at boot and kexec. > > Signed-off-by: Nicholas Piggin <npig...@gmail.com>
Applied to powerpc fixes, thanks. https://git.kernel.org/powerpc/c/371b80447ff33ddac392c189cf884a cheers
