Received: by 2002:a05:6358:4e97:b0:b3:742d:4702 with SMTP id ce23csp3031570rwb; Mon, 15 Aug 2022 16:30:56 -0700 (PDT) X-Google-Smtp-Source: AA6agR4oQkGzxrNPCxYjxFBjbgfTyxMg4G9Hcivn/f/ayb6LdlQ4DpnW8ejulw+WckLHg7r9crpC X-Received: by 2002:a17:907:da9:b0:731:1a5:8c66 with SMTP id go41-20020a1709070da900b0073101a58c66mr11484289ejc.80.1660605793303; Mon, 15 Aug 2022 16:23:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1660605793; cv=none; d=google.com; s=arc-20160816; b=wNmXnB/6GJks7fWHLeXPDxrJi81TBqG/Y4Sv8IYDxfAsB54D3sNDm5aj+Fxu8g2rnu D6DzdrRHkrfk9ujM2WcyZhBd5Tt8fYvBPxLwSPRKhjPXcZ5vApV+eRJYsSUw6yT3phUP xq19k7txe8tWrapD/PnDewdBgi5FMWikh7XIc5gGJNebpF1J+75WxsIUJ5utn/HKqnbO NJ93gCDa7+JW1OjHL9ON7SjNoz/A4bE2HreP1yT7lEtottxOuIOCsihf1g62/29q/ou/ lAPN8DAkI13a6o3CdCBt8luYGSze4lGryS3vhzkR8RZtx5Vxg9n2R8O6rEQlLoPVG74D a4OA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=j1gjHoHBNhs9fi48hBpL5/Fpgx28a45M0FxJvOhhflo=; b=GE561Fwedi8mm+GVa8ATEMvOHH+4hVREK3ykEJx4avTcuHIC3+e3U1TnA4/AUEnj3m WixRxUykNoMKiqYYxT+h4x6x4XZSguZcF49oQfqx0CuqYf4LJvlcAiiGf3+/PK3javSm +rwFcHWgt22Cb4IjYS7eoQff9v/n/fbfz2xfA4Q1Uw02aug/CBXkiRd6kov8fRJ6jsLh fvXcgTWJeu9lM9IlmhbJc0vYCfyoyayf0beq2yPj8UL7N9JlYI/QlHgls7dkNWsOo5t3 Dj47A2Ad72nMCFu4xRWUFhWNOlS2WYnvsudjBPNBEwf3ZnF5ixrcbo41HYjCymBseBFh 05IA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=s1yw+Cz8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id o3-20020a170906974300b0073836811b33si4911145ejy.176.2022.08.15.16.22.48; Mon, 15 Aug 2022 16:23:13 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=s1yw+Cz8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348379AbiHOWZ1 (ORCPT + 99 others); Mon, 15 Aug 2022 18:25:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60616 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1350806AbiHOWSg (ORCPT ); Mon, 15 Aug 2022 18:18:36 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5608A3FA23; Mon, 15 Aug 2022 12:42:17 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id E775E610A3; Mon, 15 Aug 2022 19:42:16 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D4CA6C433D6; Mon, 15 Aug 2022 19:42:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1660592536; bh=OggAWeCjBbOVAOvprMgUN8UYloEZQLkYuRLZdxCUCV8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=s1yw+Cz8UZLmszdteRROVKaDaKKaJ3DD3PexnTJ5OaYohuVk3LvjZjtIqX6eBGI2p B0+ER0xlAtHJf1NuG+byWAntHyJW5Va/w8KWXBppRLNra66yJtgFNBGAPHQeAugoc4 SnpzAtPtA+sn88eQPiCWnmKDuxhDo6W/CCcUEezs= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Christophe Leroy , Michael Ellerman Subject: [PATCH 5.19 0126/1157] powerpc/64e: Fix early TLB miss with KUAP Date: Mon, 15 Aug 2022 19:51:22 +0200 Message-Id: <20220815180444.659154606@linuxfoundation.org> X-Mailer: git-send-email 2.37.2 In-Reply-To: <20220815180439.416659447@linuxfoundation.org> References: <20220815180439.416659447@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Christophe Leroy commit 09317643117ade87c03158341e87466413fa8f1a upstream. With KUAP, the TLB miss handler bails out when an access to user memory is performed with a nul TID. But the normal TLB miss routine which is only used early during boot does the check regardless for all memory areas, not only user memory. By chance there is no early IO or vmalloc access, but when KASAN come we will start having early TLB misses. Fix it by creating a special branch for user accesses similar to the one in the 'bolted' TLB miss handlers. Unfortunately SPRN_MAS1 is now read too early and there are no registers available to preserve it so it will be read a second time. Fixes: 57bc963837f5 ("powerpc/kuap: Wire-up KUAP on book3e/64") Cc: stable@vger.kernel.org Signed-off-by: Christophe Leroy Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/8d6c5859a45935d6e1a336da4dc20be421e8cea7.1656427701.git.christophe.leroy@csgroup.eu Signed-off-by: Greg Kroah-Hartman --- arch/powerpc/mm/nohash/tlb_low_64e.S | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) --- a/arch/powerpc/mm/nohash/tlb_low_64e.S +++ b/arch/powerpc/mm/nohash/tlb_low_64e.S @@ -583,7 +583,7 @@ itlb_miss_fault_e6500: */ rlwimi r11,r14,32-19,27,27 rlwimi r11,r14,32-16,19,19 - beq normal_tlb_miss + beq normal_tlb_miss_user /* XXX replace the RMW cycles with immediate loads + writes */ 1: mfspr r10,SPRN_MAS1 cmpldi cr0,r15,8 /* Check for vmalloc region */ @@ -626,7 +626,7 @@ itlb_miss_fault_e6500: cmpldi cr0,r15,0 /* Check for user region */ std r14,EX_TLB_ESR(r12) /* write crazy -1 to frame */ - beq normal_tlb_miss + beq normal_tlb_miss_user li r11,_PAGE_PRESENT|_PAGE_BAP_SX /* Base perm */ oris r11,r11,_PAGE_ACCESSED@h @@ -653,6 +653,12 @@ itlb_miss_fault_e6500: * r11 = PTE permission mask * r10 = crap (free to use) */ +normal_tlb_miss_user: +#ifdef CONFIG_PPC_KUAP + mfspr r14,SPRN_MAS1 + rlwinm. r14,r14,0,0x3fff0000 + beq- normal_tlb_miss_access_fault /* KUAP fault */ +#endif normal_tlb_miss: /* So we first construct the page table address. We do that by * shifting the bottom of the address (not the region ID) by @@ -683,11 +689,6 @@ finish_normal_tlb_miss: /* Check if required permissions are met */ andc. r15,r11,r14 bne- normal_tlb_miss_access_fault -#ifdef CONFIG_PPC_KUAP - mfspr r11,SPRN_MAS1 - rlwinm. r10,r11,0,0x3fff0000 - beq- normal_tlb_miss_access_fault /* KUAP fault */ -#endif /* Now we build the MAS: * @@ -709,9 +710,7 @@ finish_normal_tlb_miss: rldicl r10,r14,64-8,64-8 cmpldi cr0,r10,BOOK3E_PAGESZ_4K beq- 1f -#ifndef CONFIG_PPC_KUAP mfspr r11,SPRN_MAS1 -#endif rlwimi r11,r14,31,21,24 rlwinm r11,r11,0,21,19 mtspr SPRN_MAS1,r11