[openwrt/openwrt] mpc85xx: backport "fix oops when CONFIG_FSL_PMC=n"

LEDE Commits lede-commits at lists.infradead.org
Sat Nov 27 16:14:23 PST 2021 

chunkeey pushed a commit to openwrt/openwrt.git, branch master:
https://git.openwrt.org/dd7d4703e9de73153bd239afcf67c77cdb7f7cf8

commit dd7d4703e9de73153bd239afcf67c77cdb7f7cf8
Author: Christian Lamparter <chunkeey at gmail.com>
AuthorDate: Fri Nov 26 09:35:45 2021 +0100

    mpc85xx: backport "fix oops when CONFIG_FSL_PMC=n"
    
    Martin Kennedy reported:
    |Presently, I get this kernel panic on mpc85xx (Aerohive HiveAP 370)
    |on OpenWrt 'master' which occurs right as the second processor is
    |initialized:
    |
    |[    0.478804] rcu: Hierarchical SRCU implementation.
    |[    0.535569] dyndbg: Ignore empty _ddebug table in a CONFIG_DYNAMIC_DEBUG_CORE build
    |[    0.627233] smp: Bringing up secondary CPUs ...
    |[    0.681659] kernel tried to execute user page (0) - exploit attempt? (uid: 0)
    |[    0.766618] BUG: Unable to handle kernel instruction fetch (NULL pointer?)
    |[    0.848899] Faulting instruction address: 0x00000000
    |[    0.908273] Oops: Kernel access of bad area, sig: 11 [#1]
    |[    0.972851] BE PAGE_SIZE=4K SMP NR_CPUS=2 P1020 RDB
    |[    1.031179] Modules linked in:
    |[    1.067640] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.10.80 #0
    |[    1.139507] NIP:  00000000 LR: c0021d2c CTR: 00000000
    |[    1.199921] REGS: c1051cf0 TRAP: 0400   Not tainted  (5.10.80)
    |[...]
    |[    1.758220] NIP [00000000] 0x0
    |[    1.794688] LR [c0021d2c] smp_85xx_kick_cpu+0xe8/0x568
    |[    1.856126] Call Trace:
    |[    1.885295] [c1051da8] [c0021cb8] smp_85xx_kick_cpu+0x74/0x568 (unreliable)
    |[    1.968633] [c1051de8] [c0011460] __cpu_up+0xc0/0x228
    |[    2.029038] [c1051e18] [c0031bbc] bringup_cpu+0x30/0x224
    |[    2.092572] [c1051e48] [c0031f3c] cpu_up.constprop.0+0x180/0x33c
    |[..]
    |[    2.727952] ---[ end trace 9b796a4bafb6bc14 ]---
    |[    3.800879] Kernel panic - not syncing: Fatal exception
    |[    3.862353] Rebooting in 1 seconds..
    |[    5.905097] System Halted, OK to turn off power
    |
    |I bisected this down to commit 3ae5da5adce9 ("kernel: bump 5.10 to 5.10.80");
    |that is, I don't get the panic right before this commit, but I do after.
    
    He reported the issue upstream and Xiaoming Ni from huawei came up with
    the patch (that is on it's way to upstream). While the AP370 is not in
    Openwrt, this will likely affect other SMP P1020 devices OpenWrt ships
    with: like the AP330, Enterasys WS-AP3710i, etc.
    
    Reported-by: Martin Kennedy <hurricos at gmail.com>
    Tested-by: Martin Kennedy <hurricos at gmail.com>
    Signed-off-by: Christian Lamparter <chunkeey at gmail.com>
---
 ...werpc-85xx-fix-oops-when-CONFIG_FSL_PMC-n.patch | 55 ++++++++++++++++++++++
 1 file changed, 55 insertions(+)

diff --git a/target/linux/mpc85xx/patches-5.10/002-powerpc-85xx-fix-oops-when-CONFIG_FSL_PMC-n.patch b/target/linux/mpc85xx/patches-5.10/002-powerpc-85xx-fix-oops-when-CONFIG_FSL_PMC-n.patch
new file mode 100644
index 0000000000..e9c2ec7032
--- /dev/null
+++ b/target/linux/mpc85xx/patches-5.10/002-powerpc-85xx-fix-oops-when-CONFIG_FSL_PMC-n.patch
@@ -0,0 +1,55 @@
+From e7757563e621522f5cd862b3aff473aedf8b66c0 Mon Sep 17 00:00:00 2001
+From: Xiaoming Ni <nixiaoming at huawei.com>
+Date: Fri, 26 Nov 2021 12:11:53 +0800
+Subject: [PATCH] powerpc/85xx: fix oops when CONFIG_FSL_PMC=n
+
+When CONFIG_FSL_PMC is set to n, no value is assigned to cpu_up_prepare
+ in the mpc85xx_pm_ops structure. As a result, oops is triggered in
+ smp_85xx_start_cpu().
+
+	[    0.627233] smp: Bringing up secondary CPUs ...
+	[    0.681659] kernel tried to execute user page (0) - exploit attempt? (uid: 0)
+	[    0.766618] BUG: Unable to handle kernel instruction fetch (NULL pointer?)
+	[    0.848899] Faulting instruction address: 0x00000000
+	[    0.908273] Oops: Kernel access of bad area, sig: 11 [#1]
+	...
+	[    1.758220] NIP [00000000] 0x0
+	[    1.794688] LR [c0021d2c] smp_85xx_kick_cpu+0xe8/0x568
+	[    1.856126] Call Trace:
+	[    1.885295] [c1051da8] [c0021cb8] smp_85xx_kick_cpu+0x74/0x568 (unreliable)
+	[    1.968633] [c1051de8] [c0011460] __cpu_up+0xc0/0x228
+	[    2.029038] [c1051e18] [c0031bbc] bringup_cpu+0x30/0x224
+	[    2.092572] [c1051e48] [c0031f3c] cpu_up.constprop.0+0x180/0x33c
+	[    2.164443] [c1051e88] [c00322e8] bringup_nonboot_cpus+0x88/0xc8
+	[    2.236326] [c1051eb8] [c07e67bc] smp_init+0x30/0x78
+	[    2.295698] [c1051ed8] [c07d9e28] kernel_init_freeable+0x118/0x2a8
+	[    2.369641] [c1051f18] [c00032d8] kernel_init+0x14/0x124
+	[    2.433176] [c1051f38] [c0010278] ret_from_kernel_thread+0x14/0x1c
+
+Fixes: c45361abb9185b ("powerpc/85xx: fix timebase sync issue when
+ CONFIG_HOTPLUG_CPU=n")
+Link: https://lore.kernel.org/lkml/CANA18Uyba4kMJQrbCSZVTFep2Exe5izE45whNJgwwUvNSEcNLg@mail.gmail.com/
+Reported-by: Martin Kennedy <hurricos at gmail.com>
+Signed-off-by: Xiaoming Ni <nixiaoming at huawei.com>
+Tested-by: Martin Kennedy <hurricos at gmail.com>
+Cc: stable at vger.kernel.org
+--- a/arch/powerpc/platforms/85xx/smp.c
++++ b/arch/powerpc/platforms/85xx/smp.c
+@@ -220,7 +220,7 @@ static int smp_85xx_start_cpu(int cpu)
+ 	local_irq_save(flags);
+ 	hard_irq_disable();
+ 
+-	if (qoriq_pm_ops)
++	if (qoriq_pm_ops && qoriq_pm_ops->cpu_up_prepare)
+ 		qoriq_pm_ops->cpu_up_prepare(cpu);
+ 
+ 	/* if cpu is not spinning, reset it */
+@@ -292,7 +292,7 @@ static int smp_85xx_kick_cpu(int nr)
+ 		booting_thread_hwid = cpu_thread_in_core(nr);
+ 		primary = cpu_first_thread_sibling(nr);
+ 
+-		if (qoriq_pm_ops)
++		if (qoriq_pm_ops && qoriq_pm_ops->cpu_up_prepare)
+ 			qoriq_pm_ops->cpu_up_prepare(nr);
+ 
+ 		/*

More information about the lede-commits mailing list