| Message ID | 4f70c2778163affce8508a210f65d140e84524b4.1581272050.git.christophe.leroy@c-s.fr (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | a4031afb9d10d97f4d0285844abbc0ab04245304 |
| Headers | show |
| Series | powerpc/8xx: Fix clearing of bits 20-23 in ITLB miss | expand |
| Context | Check | Description |
|---|---|---|
| snowpatch_ozlabs/apply_patch | success | Successfully applied on branch powerpc/merge (a5bc6e124219546a81ce334dc9b16483d55e9abf) |
| snowpatch_ozlabs/build-ppc64le | success | Build succeeded |
| snowpatch_ozlabs/build-ppc64be | success | Build succeeded |
| snowpatch_ozlabs/build-ppc64e | success | Build succeeded |
| snowpatch_ozlabs/build-pmac32 | success | Build succeeded |
| snowpatch_ozlabs/checkpatch | success | total: 0 errors, 0 warnings, 0 checks, 8 lines checked |
| snowpatch_ozlabs/needsstable | success | Patch is tagged for stable |
On Sun, 2020-02-09 at 18:14 +0000, Christophe Leroy wrote: > In ITLB miss handled the line supposed to clear bits 20-23 on the > L2 ITLB entry is buggy and does indeed nothing, leading to undefined > value which could allow execution when it shouldn't. > > Properly do the clearing with the relevant instruction. > > Fixes: 74fabcadfd43 ("powerpc/8xx: don't use r12/SPRN_SPRG_SCRATCH2 in TLB Miss handlers") > Cc: stable@vger.kernel.org > Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr> > --- > arch/powerpc/kernel/head_8xx.S | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/arch/powerpc/kernel/head_8xx.S b/arch/powerpc/kernel/head_8xx.S > index 9922306ae512..073a651787df 100644 > --- a/arch/powerpc/kernel/head_8xx.S > +++ b/arch/powerpc/kernel/head_8xx.S > @@ -256,7 +256,7 @@ InstructionTLBMiss: > * set. All other Linux PTE bits control the behavior > * of the MMU. > */ > - rlwimi r10, r10, 0, 0x0f00 /* Clear bits 20-23 */ > + rlwinm r10, r10, 0, ~0x0f00 /* Clear bits 20-23 */ > rlwimi r10, r10, 4, 0x0400 /* Copy _PAGE_EXEC into bit 21 */ > ori r10, r10, RPN_PATTERN | 0x200 /* Set 22 and 24-27 */ > mtspr SPRN_MI_RPN, r10 /* Update TLB entry */ Looks a valid change. rlwimi r10, r10, 0, 0x0f00 means: r10 = ((r10 << 0) & 0x0f00) | (r10 & ~0x0f00) which ends up being r10 = r10 On ISA, rlwinm is recommended for clearing high order bits. rlwinm r10, r10, 0, ~0x0f00 means: r10 = (r10 << 0) & ~0x0f00 Which does exactly what the comments suggests. FWIW: Reviwed-by: Leonardo Bras <leonardo@linux.ibm.com>
Le 15/02/2020 à 07:28, Leonardo Bras a écrit : > On Sun, 2020-02-09 at 18:14 +0000, Christophe Leroy wrote: >> In ITLB miss handled the line supposed to clear bits 20-23 on the >> L2 ITLB entry is buggy and does indeed nothing, leading to undefined >> value which could allow execution when it shouldn't. >> >> Properly do the clearing with the relevant instruction. >> >> Fixes: 74fabcadfd43 ("powerpc/8xx: don't use r12/SPRN_SPRG_SCRATCH2 in TLB Miss handlers") >> Cc: stable@vger.kernel.org >> Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr> >> --- >> arch/powerpc/kernel/head_8xx.S | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/arch/powerpc/kernel/head_8xx.S b/arch/powerpc/kernel/head_8xx.S >> index 9922306ae512..073a651787df 100644 >> --- a/arch/powerpc/kernel/head_8xx.S >> +++ b/arch/powerpc/kernel/head_8xx.S >> @@ -256,7 +256,7 @@ InstructionTLBMiss: >> * set. All other Linux PTE bits control the behavior >> * of the MMU. >> */ >> - rlwimi r10, r10, 0, 0x0f00 /* Clear bits 20-23 */ >> + rlwinm r10, r10, 0, ~0x0f00 /* Clear bits 20-23 */ >> rlwimi r10, r10, 4, 0x0400 /* Copy _PAGE_EXEC into bit 21 */ >> ori r10, r10, RPN_PATTERN | 0x200 /* Set 22 and 24-27 */ >> mtspr SPRN_MI_RPN, r10 /* Update TLB entry */ > > Looks a valid change. > rlwimi r10, r10, 0, 0x0f00 means: > r10 = ((r10 << 0) & 0x0f00) | (r10 & ~0x0f00) which ends up being > r10 = r10 > > On ISA, rlwinm is recommended for clearing high order bits. > rlwinm r10, r10, 0, ~0x0f00 means: > r10 = (r10 << 0) & ~0x0f00 > > Which does exactly what the comments suggests. > > FWIW: > Reviwed-by: Leonardo Bras <leonardo@linux.ibm.com> > I guess you mean Reviewed-by: Leonardo Bras <leonardo@linux.ibm.com>
On Sat, 2020-02-15 at 11:17 +0100, Christophe Leroy wrote: > > Le 15/02/2020 à 07:28, Leonardo Bras a écrit : > > On Sun, 2020-02-09 at 18:14 +0000, Christophe Leroy wrote: > > > In ITLB miss handled the line supposed to clear bits 20-23 on the > > > L2 ITLB entry is buggy and does indeed nothing, leading to undefined > > > value which could allow execution when it shouldn't. > > > > > > Properly do the clearing with the relevant instruction. > > > > > > Fixes: 74fabcadfd43 ("powerpc/8xx: don't use r12/SPRN_SPRG_SCRATCH2 in TLB Miss handlers") > > > Cc: stable@vger.kernel.org > > > Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr> > > > --- > > > arch/powerpc/kernel/head_8xx.S | 2 +- > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > diff --git a/arch/powerpc/kernel/head_8xx.S b/arch/powerpc/kernel/head_8xx.S > > > index 9922306ae512..073a651787df 100644 > > > --- a/arch/powerpc/kernel/head_8xx.S > > > +++ b/arch/powerpc/kernel/head_8xx.S > > > @@ -256,7 +256,7 @@ InstructionTLBMiss: > > > * set. All other Linux PTE bits control the behavior > > > * of the MMU. > > > */ > > > - rlwimi r10, r10, 0, 0x0f00 /* Clear bits 20-23 */ > > > + rlwinm r10, r10, 0, ~0x0f00 /* Clear bits 20-23 */ > > > rlwimi r10, r10, 4, 0x0400 /* Copy _PAGE_EXEC into bit 21 */ > > > ori r10, r10, RPN_PATTERN | 0x200 /* Set 22 and 24-27 */ > > > mtspr SPRN_MI_RPN, r10 /* Update TLB entry */ > > > > Looks a valid change. > > rlwimi r10, r10, 0, 0x0f00 means: > > r10 = ((r10 << 0) & 0x0f00) | (r10 & ~0x0f00) which ends up being > > r10 = r10 > > > > On ISA, rlwinm is recommended for clearing high order bits. > > rlwinm r10, r10, 0, ~0x0f00 means: > > r10 = (r10 << 0) & ~0x0f00 > > > > Which does exactly what the comments suggests. > > > > FWIW: > > Reviwed-by: Leonardo Bras <leonardo@linux.ibm.com> > > > > I guess you mean > > Reviewed-by: Leonardo Bras <leonardo@linux.ibm.com> Yes, sorry for the typo.
On Sun, 2020-02-09 at 18:14:42 UTC, Christophe Leroy wrote: > In ITLB miss handled the line supposed to clear bits 20-23 on the > L2 ITLB entry is buggy and does indeed nothing, leading to undefined > value which could allow execution when it shouldn't. > > Properly do the clearing with the relevant instruction. > > Fixes: 74fabcadfd43 ("powerpc/8xx: don't use r12/SPRN_SPRG_SCRATCH2 in TLB Miss handlers") > Cc: stable@vger.kernel.org > Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr> Applied to powerpc fixes, thanks. https://git.kernel.org/powerpc/c/a4031afb9d10d97f4d0285844abbc0ab04245304 cheers
diff --git a/arch/powerpc/kernel/head_8xx.S b/arch/powerpc/kernel/head_8xx.S index 9922306ae512..073a651787df 100644 --- a/arch/powerpc/kernel/head_8xx.S +++ b/arch/powerpc/kernel/head_8xx.S @@ -256,7 +256,7 @@ InstructionTLBMiss: * set. All other Linux PTE bits control the behavior * of the MMU. */ - rlwimi r10, r10, 0, 0x0f00 /* Clear bits 20-23 */ + rlwinm r10, r10, 0, ~0x0f00 /* Clear bits 20-23 */ rlwimi r10, r10, 4, 0x0400 /* Copy _PAGE_EXEC into bit 21 */ ori r10, r10, RPN_PATTERN | 0x200 /* Set 22 and 24-27 */ mtspr SPRN_MI_RPN, r10 /* Update TLB entry */
In ITLB miss handled the line supposed to clear bits 20-23 on the L2 ITLB entry is buggy and does indeed nothing, leading to undefined value which could allow execution when it shouldn't. Properly do the clearing with the relevant instruction. Fixes: 74fabcadfd43 ("powerpc/8xx: don't use r12/SPRN_SPRG_SCRATCH2 in TLB Miss handlers") Cc: stable@vger.kernel.org Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr> --- arch/powerpc/kernel/head_8xx.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)