Received: by 2002:a05:6358:4e97:b0:b3:742d:4702 with SMTP id ce23csp2927069rwb; Mon, 15 Aug 2022 14:12:29 -0700 (PDT) X-Google-Smtp-Source: AA6agR4IvxqP+mDWm7clA/zTHJbR96zcCyraWK75AiV7YEw64E7S1f9P6UYTHbnXaow49UaNxKqn X-Received: by 2002:a17:903:4054:b0:16d:afc6:e7b5 with SMTP id n20-20020a170903405400b0016dafc6e7b5mr18359859pla.55.1660597949341; Mon, 15 Aug 2022 14:12:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1660597949; cv=none; d=google.com; s=arc-20160816; b=vd41edgktV56Rdup2y2r7KWTctuQiKuNIc1RHyY4tyT603FMm+EUOmRcjTaPF4QuY5 tYfXPghngxWSRShtVWKoA/IE4UKDQFt+XFfjhpxQGc0NJo1GS628VKrk67kQNL01BnKE v+UIjJVDnzImenUec/OTM4/7DVBQZTiGapDdNuT3/2pGmQaO9X6Pij9s8FwfikJZ1ZcG aUKkMtmuoVJFU8EsF5R5OEyuj9j3i06QqvxDZVBR2t9LJOyTP96cSrB4j5gkbqz7lYtT XimQKWWrqSvE1XvtQYBVu6BSVKtNGLa1xj0Geg2yFP5jdg9Y5A5AbWDY/AD/lfCJ+QkB GPxQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=y4TLCY5R6EbLTVTBLL6yQfHdv95oCiqH2V89sxb5TBE=; b=W29lVAEc+n4C7oKGez5OE+msus1z4f8ogojMVYPB7jutOJCqtLBM1+qCMpDrRaSx84 jmDvtLfK1i71Lv5YGSsqQtORukXksvNwLUENY47ZztePPAN69fZ2zYyrHH7gGZiB8Vfp AACunKcl2ETIpjpNjpG6JKKRZUJDIrfTlnU6/lxWD6C8k/pulJcissExzptJYffxXiUz QCh5p94dn2sGiSZv4Eyu44Pp0U0pabrDUcDhPN8R8JZDTH80FXKlRTrfS3XvvQztsjXG ExM0NcGoHSMKNXFMRlbcglC5UBcrShNGo3QYEE9Qj0s7TDfbyyComZxTgdEVUk9p6lt2 SxoQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=EILuBg0E; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id d5-20020a170903230500b0016d19a07f40si12928654plh.55.2022.08.15.14.12.16; Mon, 15 Aug 2022 14:12:29 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=EILuBg0E; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1347178AbiHOUYg (ORCPT + 99 others); Mon, 15 Aug 2022 16:24:36 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33596 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1346783AbiHOUQZ (ORCPT ); Mon, 15 Aug 2022 16:16:25 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 46E44956A4; Mon, 15 Aug 2022 11:59:56 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id B7C1A61298; Mon, 15 Aug 2022 18:59:55 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id ABEC9C433C1; Mon, 15 Aug 2022 18:59:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1660589995; bh=DA07pS56JTqxEH7F9nSRAEZuGciygVBfy8ihzvPEWSk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=EILuBg0EXQ1NIPQ5XdKJcps3rWPjaljX1F/NO0ChS1GX0Lcz5tTPhNdcK82lcRSmY FY8Et3VhIh6tTJInLpL8Q7xx3Uc5S/nQjFgEwuwqUopKgyBXVsN2uMQS1pqvpUAneF YZGxEZr/VdLocHBvChrdC9XmUhjjBVpdVoiE1faU= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Christophe Leroy , Michael Ellerman Subject: [PATCH 5.18 0116/1095] powerpc/64e: Fix early TLB miss with KUAP Date: Mon, 15 Aug 2022 19:51:55 +0200 Message-Id: <20220815180434.391862475@linuxfoundation.org> X-Mailer: git-send-email 2.37.2 In-Reply-To: <20220815180429.240518113@linuxfoundation.org> References: <20220815180429.240518113@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Christophe Leroy commit 09317643117ade87c03158341e87466413fa8f1a upstream. With KUAP, the TLB miss handler bails out when an access to user memory is performed with a nul TID. But the normal TLB miss routine which is only used early during boot does the check regardless for all memory areas, not only user memory. By chance there is no early IO or vmalloc access, but when KASAN come we will start having early TLB misses. Fix it by creating a special branch for user accesses similar to the one in the 'bolted' TLB miss handlers. Unfortunately SPRN_MAS1 is now read too early and there are no registers available to preserve it so it will be read a second time. Fixes: 57bc963837f5 ("powerpc/kuap: Wire-up KUAP on book3e/64") Cc: stable@vger.kernel.org Signed-off-by: Christophe Leroy Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/8d6c5859a45935d6e1a336da4dc20be421e8cea7.1656427701.git.christophe.leroy@csgroup.eu Signed-off-by: Greg Kroah-Hartman --- arch/powerpc/mm/nohash/tlb_low_64e.S | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/arch/powerpc/mm/nohash/tlb_low_64e.S b/arch/powerpc/mm/nohash/tlb_low_64e.S index 8b97c4acfebf..9e9ab3803fb2 100644 --- a/arch/powerpc/mm/nohash/tlb_low_64e.S +++ b/arch/powerpc/mm/nohash/tlb_low_64e.S @@ -583,7 +583,7 @@ itlb_miss_fault_e6500: */ rlwimi r11,r14,32-19,27,27 rlwimi r11,r14,32-16,19,19 - beq normal_tlb_miss + beq normal_tlb_miss_user /* XXX replace the RMW cycles with immediate loads + writes */ 1: mfspr r10,SPRN_MAS1 cmpldi cr0,r15,8 /* Check for vmalloc region */ @@ -626,7 +626,7 @@ itlb_miss_fault_e6500: cmpldi cr0,r15,0 /* Check for user region */ std r14,EX_TLB_ESR(r12) /* write crazy -1 to frame */ - beq normal_tlb_miss + beq normal_tlb_miss_user li r11,_PAGE_PRESENT|_PAGE_BAP_SX /* Base perm */ oris r11,r11,_PAGE_ACCESSED@h @@ -653,6 +653,12 @@ itlb_miss_fault_e6500: * r11 = PTE permission mask * r10 = crap (free to use) */ +normal_tlb_miss_user: +#ifdef CONFIG_PPC_KUAP + mfspr r14,SPRN_MAS1 + rlwinm. r14,r14,0,0x3fff0000 + beq- normal_tlb_miss_access_fault /* KUAP fault */ +#endif normal_tlb_miss: /* So we first construct the page table address. We do that by * shifting the bottom of the address (not the region ID) by @@ -683,11 +689,6 @@ finish_normal_tlb_miss: /* Check if required permissions are met */ andc. r15,r11,r14 bne- normal_tlb_miss_access_fault -#ifdef CONFIG_PPC_KUAP - mfspr r11,SPRN_MAS1 - rlwinm. r10,r11,0,0x3fff0000 - beq- normal_tlb_miss_access_fault /* KUAP fault */ -#endif /* Now we build the MAS: * @@ -709,9 +710,7 @@ finish_normal_tlb_miss: rldicl r10,r14,64-8,64-8 cmpldi cr0,r10,BOOK3E_PAGESZ_4K beq- 1f -#ifndef CONFIG_PPC_KUAP mfspr r11,SPRN_MAS1 -#endif rlwimi r11,r14,31,21,24 rlwinm r11,r11,0,21,19 mtspr SPRN_MAS1,r11 -- 2.37.1