On Sat, Sep 24, 2022 at 01:55:23PM +0200, Michal Suchánek wrote:
> On Sat, Sep 24, 2022 at 12:13:34PM +0200, Greg Kroah-Hartman wrote:
> > On Sat, Sep 24, 2022 at 11:45:21AM +0200, Michal Suchánek wrote:
> > > On Sat, Sep 24, 2022 at 11:19:19AM +0200, Greg Kroah-Hartman wrote:
> > > > On Fri, Sep 2
Implement static call support for 64 bit V2 ABI. This requires
making sure the TOC is kept correct across kernel-module
boundaries. As a secondary concern, it tries to use the local
entry point of a target wherever possible. It does so by
checking if both tramp & target are kernel code, and falls
b
The callee may set a field in `st_other` to 1 to indicate r2 should be
treated as caller-saved. This means a trampoline must be used to save
the current TOC before calling it and restore it afterwards, much like
external calls.
This is necessary for supporting V2 ABI static calls that do not
prese
These tests are out-of-line only, so moving them to the
their own file allows them to be run when an arch does
not implement inline static calls.
Signed-off-by: Benjamin Gray
---
kernel/Makefile | 1 +
kernel/static_call_inline.c | 43 ---
kernel/
KUnit tests for the various combinations of caller/trampoline/target and
kernel/module. They must be run from a module loaded at runtime to
guarantee they have a different TOC to the kernel.
The tests try to mitigate the chance of panicing by restoring the
TOC after every static call. Not all poss
Inserts a direct branch to the stub target when possible, replacing the
mtctr/btctr sequence.
The load into r12 could potentially be skipped too, but that change
would need to refactor the arguments to indicate that the address
does not have a separate local entry point.
This helps the static cal
Adds a generic text patching mechanism for patches of 1, 2, 4, or (64-bit) 8
bytes. The patcher conditionally syncs the icache depending on if
the content will be executed (as opposed to, e.g., read-only data).
The `patch_instruction` function is reimplemented in terms of this
more generic functio
Implementation of out-of-line static calls for PowerPC 64-bit ELF V2 ABI.
Static calls patch an indirect branch into a direct branch at runtime.
Out-of-line specifically has a caller directly call a trampoline, and
the trampoline gets patched to directly call the target.
Previous version here:
htt
Hi Dmitry
Le 25/09/2022 à 07:06, Dmitry Torokhov a écrit :
> Hi Michael, Nick,
>
> I was wondering if PIKA Warp board still relevant. The reason for my
> question is that I am interested in dropping legacy gpio APIs,
> especially OF-specific ones, in favor of newer gpiod APIs, and
> arch/powerpc/
Part of machine check error handling is done in realmode,
As of now instrumentation is not possible for any code that
runs in realmode.
When MCE is injected on KASAN enabled kernel, crash is
observed, Hence force inline or mark no instrumentation
for functions which can run in realmode, to avoid KA
On Mon, 19 Sept 2022 at 05:28, Michael Ellerman wrote:
>
> The original microwatt submission[1] included some early debug code for
> using the Microwatt "potato" UART.
The potato is indeed dead.
>
> The series that was eventually merged switched to using a standard UART,
> and so doesn't need an
Signed-off-by: Alistair Popple
---
lib/test_hmm.c | 119 +-
lib/test_hmm_uapi.h| 1 +-
tools/testing/selftests/vm/hmm-tests.c | 49 +++-
3 files changed, 148 insertions(+), 21 deletions(-)
diff --git a/lib/test_hmm.c
When the module is unloaded or a GPU is unbound from the module it is
possible for device private pages to be left mapped in currently running
processes. This leads to a kernel crash when the pages are either freed
or accessed from the CPU because the GPU and associated data structures
and callback
nouveau_dmem_fault_copy_one() is used during handling of CPU faults via
the migrate_to_ram() callback and is used to copy data from GPU to CPU
memory. It is currently specific to fault handling, however a future
patch implementing eviction of data during teardown needs similar
functionality.
Refac
Device drivers can use the migrate_vma family of functions to migrate
existing private anonymous mappings to device private pages. These pages
are backed by memory on the device with drivers being responsible for
copying data to and from device memory.
Device private pages are freed via the pgmap-
migrate_device_coherent_page() reuses the existing migrate_vma family of
functions to migrate a specific page without providing a valid mapping
or vma. This looks a bit odd because it means we are calling
migrate_vma_*() without setting a valid vma, however it was considered
acceptable at the time
Since 27674ef6c73f ("mm: remove the extra ZONE_DEVICE struct page
refcount") device private pages have no longer had an extra reference
count when the page is in use. However before handing them back to the
owning device driver we add an extra reference count such that free
pages have a reference c
When the CPU tries to access a device private page the migrate_to_ram()
callback associated with the pgmap for the page is called. However no
reference is taken on the faulting page. Therefore a concurrent
migration of the device private page can free the page and possibly the
underlying pgmap. Thi
This series aims to fix a number of page reference counting issues in drivers
dealing with device private ZONE_DEVICE pages. These result in use-after-free
type bugs, either from accessing a struct page which no longer exists because it
has been removed or accessing fields within the struct page wh
Le 26/09/2022 à 05:40, Nicholas Piggin a écrit :
> Using a 32-bit constant for this marker allows it to be loaded with
> two ALU instructions, like 32-bit. This avoids a TOC entry and a
> TOC load that depends on the r2 value that has just been loaded from
> the PACA.
>
> This changes the value
Ensure r13 is zero from very early in boot until it gets set to the
boot paca pointer. This allows early program and mce handlers to halt
if there is no valid paca, rather than potentially run off into the
weeds. This preserves register and memory contents for low level
debugging tools.
Nothing co
The idea is to get to the point where if r13 is non-zero, then it should
contain a reasonable paca. This can be used in early boot program check
and machine check handlers to avoid running off into the weeds if they
hit before r13 has a paca.
Signed-off-by: Nicholas Piggin
---
arch/powerpc/kerne
relocate() uses r13 in early boot before it is used for the paca. Use
a different register for this so r13 is kept unchanged until it is
set to the paca pointer.
Avoid r14 as well while we're here, there's no reason not to use the
volatile registers which is a bit less surprising, and r14 could be
Use the early boot interrupt fixup in the machine check handler to allow
the machine check handler to run before interrupt endian is set up.
Branch to an early boot handler that just does a basic crash, which
allows it to run before ppc_md is set up. MSR[ME] is enabled on the boot
CPU earlier, and
In preparation for using this sequence in machine check interrupt, move
it into a macro, with a small change to make it position independent.
Signed-off-by: Nicholas Piggin
---
arch/powerpc/kernel/exceptions-64s.S | 100 +++
1 file changed, 55 insertions(+), 45 deletions(
This series provides a machine check handler to catch out of
bounds memory accesses in early boot before the MMU is enabled.
Since v1:
- 64e compile fix
Nicholas Piggin (5):
powerpc/64s/interrupt: move early boot ILE fixup into a macro
powerpc/64s: early boot machine check handler
powerpc/6
Le 25/09/2022 à 22:26, Haren Myneni a écrit :
>
> DSI error will be generated when the paste operation is issued on
> the suspended NX window due to NX state changes. The hypervisor
> expects the partition to ignore this error during page pault
> handling. To differentiate DSI caused by an actua
irq replay is quite complicated because of softirq processing which
itself enables and disables irqs. Several considerations need to be
accounted for due to this, and they are not clearly documented.
Refactor the irq replay code a bit to tidy and deduplicate some common
functions. Add comments, de
BUG/WARN are handled with a program interrupt which can turn into an
infinite recursion when there are bugs in interrupt handler entry
(which can be irritated by bugs in other parts of the code).
There is one feeble attempt to avoid this recursion, but it misses
several cases. Make a tidier macro
Prior changes eliminated cases of masked PACA_IRQ_MUST_HARD_MASK
interrupts that re-fire due to MSR[EE] being enabled while they are
pending. Add a debug check in the masked interrupt handler to catch
if this occurs.
Signed-off-by: Nicholas Piggin
---
arch/powerpc/kernel/exceptions-64s.S | 10 ++
When irqs are soft-disabled, MSR[EE] is volatile and can change from
1 to 0 asynchronously (if a PACA_IRQ_MUST_HARD_MASK interrupt hits).
So it can not be used to check hard IRQ enabled status, except to
confirm it is disabled.
ppc64_runlatch_on/off functions use MSR this way to decide whether to
If a synchronous interrupt (e.g., hash fault) is taken inside an
irqs-disabled region which has MSR[EE]=1, then an asynchronous interrupt
that is PACA_IRQ_MUST_HARD_MASK (e.g., PMI) is taken inside the
synchronous interrupt handler, then the synchronous interrupt will
return with MSR[EE]=1 and the
This prevents interrupts in early boot (e.g., program check) from
enabling MSR[EE], potentially causing endian mismatch or other
crashes when reporting early boot traps.
Fixes: 4423eb5ae32ec ("powerpc/64/interrupt: make normal synchronous interrupts
enable MSR[EE] if possible")
Signed-off-by: Nic
Commit 171476775d32 ("context_tracking: Convert state to atomic_t")
added a CONTEXT_IDLE state which can be encountered by interrupts from
kernel mode in the idle thread, causing a false positive warning.
Fixes: 171476775d32 ("context_tracking: Convert state to atomic_t")
Signed-off-by: Nicholas P
No real changes since last posting, I just pulled fixes from several
series together and rearranged them and updated changelogs slightly.
Thanks,
Nick
Nicholas Piggin (7):
powerpc/64/interrupt: Fix false warning in context tracking due to
idle state
powerpc/64: mark irqs hard disabled in
The .toc section is not really intended for arbitrary data. Writable
data in particular prevents making the TOC read-only after relocation.
Move hcall_tracepoint_refcount into the .data section.
Signed-off-by: Nicholas Piggin
---
This is split out from "[v2,2/5] powerpc/64: asm use consistent glo
The interrupt entry code carefully saves a minimal number of registers,
so in some places the TOC is required, it is loaded into a different
register, so provide a macro that can supply an alternate TOC register.
This continues to use got addressing because TOC-relative results in
"got/toc optimiz
A later change stops the kernel using r2 and loads it with a poison
value. Provide a PACATOC loading abstraction which can hide this
detail.
Signed-off-by: Nicholas Piggin
---
arch/powerpc/include/asm/ppc_asm.h | 6 ++
arch/powerpc/kernel/exceptions-64e.S | 12 ++-
There is no need to use GOT addressing within the kernel.
Signed-off-by: Nicholas Piggin
---
arch/powerpc/boot/ppc_asm.h| 3 ++-
arch/powerpc/include/asm/ppc_asm.h | 3 ++-
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/arch/powerpc/boot/ppc_asm.h b/arch/powerpc/boot/ppc_
Use helper macros to access global variables, and place them in .data
sections rather than in .toc. Putting addresses in TOC is not required
because the kernel is linked with a single TOC.
Signed-off-by: Nicholas Piggin
---
arch/powerpc/boot/opal-calls.S | 6 +++---
arch/powerpc/bo
This is a cleaned up set of the initial prep patches from the pcrel
series, dealing with regularising addressing variables from asm
and using helper macros more consistently.
Changes since v1:
- Use "REGS" stack frame marker for 64-bit, leaving 32-bit unchanged.
- Fix PPC64 32-bit boot wrapper com
Using a 32-bit constant for this marker allows it to be loaded with
two ALU instructions, like 32-bit. This avoids a TOC entry and a
TOC load that depends on the r2 value that has just been loaded from
the PACA.
This changes the value for 32-bit as well, so both have the same
value in the low 4 by
DSI error will be generated when the paste operation is issued on
the suspended NX window due to NX state changes. The hypervisor
expects the partition to ignore this error during page pault
handling. To differentiate DSI caused by an actual HW configuration
or by the NX window, a new “ibm,pi-fea
> >>> Add a string property to assign the rpmsg channel this sound card sits
> >>> on. It also represents the name of ASoC platform driver. This property
> >>> can be omitted if there is only one sound card and it sits on
> >>> "rpmsg-audio-channel".
> >>>
> >>> Signed-off-by: Chancel Liu
> >>> --
44 matches
Mail list logo
