[PATCH v3 4/4] ARM: Implement PAN for LPAE by TTBR0 page table walks disablement
Catalin Marinas
catalin.marinas at arm.com
Tue May 14 08:03:22 PDT 2024
On Tue, May 14, 2024 at 01:38:07PM +0100, Russell King wrote:
> On Tue, May 14, 2024 at 02:32:23PM +0200, Geert Uytterhoeven wrote:
> > On Tue, May 14, 2024 at 1:33 PM Russell King (Oracle)
> > <linux at armlinux.org.uk> wrote:
> > > On Tue, May 14, 2024 at 01:22:36PM +0200, Geert Uytterhoeven wrote:
> > > > On Tue, May 14, 2024 at 10:15 AM Russell King (Oracle)
> > > > <linux at armlinux.org.uk> wrote:
> > > > > On Mon, May 13, 2024 at 08:56:20PM -0700, Florian Fainelli wrote:
> > > > > > [ 11.299106] Freeing unused kernel image (initmem) memory: 79872K
> > > > > > [ 11.305720] Run /init as init process
> > > > > > [ 11.314070] Kernel panic - not syncing: Attempted to kill init!
> > > > > > exitcode=0x00000004
> > > > > > [ 11.321888] CPU: 0 PID: 1 Comm: init Not tainted 6.9.0-next-20240513 #32
> > > > > > [ 11.328709] Hardware name: BCM2711
> > > > > > [ 11.332169] Call trace:
> > > > > > [ 11.332179] unwind_backtrace from show_stack+0x10/0x14
> > > > > > [ 11.340087] show_stack from panic+0x20c/0x55c
> > > > > > [ 11.344615] panic from do_exit+0x6b0/0x1e74
> > > > > > [ 11.348972] do_exit from do_group_exit+0xcc/0x280
> > > > > > [ 11.353857] do_group_exit from get_signal+0xfb4/0x1340
> > > > > > [ 11.359182] get_signal from do_work_pending+0x2c0/0x7bc
> > > > > > [ 11.364590] do_work_pending from slow_work_pending+0xc/0x24
> > > > > > [ 11.370351] Exception stack(0xf082bfb0 to 0xf082bff8)
> > > > > > [ 11.375492] bfa0: b6bca568 00000000
> > > > > > 003fa0d6 aedf3d20
> > > > > > [ 11.383811] bfc0: aedf4a28 b6bca6f8 b6bca73c b6bca710 b6bca748 b6bca6f8
> > > > > > aedf4a28 b6bca6f8
> > > > > > [ 11.392127] bfe0: b6bca590 b6bca548 aeddae15 aedeb660 200f0030 ffffffff
> > > > > > [ 11.398954] ---[ end Kernel panic - not syncing: Attempted to kill init!
> > > > > > exitcode=0x00000004 ]---
> > > > >
> > > > > You could enable CONFiG_DEBUG_USER, and then pass "user_debug=24" to
> > > > > the kernel to get a report for the conditions that lead to SEGV/BUS
> > > > > signals being delivered to a userspace processd.
> > > >
> > > > That does not seem to make any difference for me, i.e. no report?
> > >
> > > Then it's not a SEGV/BUS (iow page fault.) Please try user_debug=31
> > > in that case. Thanks.
> >
> > Thanks, much better:
> >
> > init (1): undefined instruction: pc=b6f4feda
> > CPU: 1 PID: 1 Comm: init Not tainted
> > 6.9.0-shmobile-09158-g1218ffc3659e #1820
> > Hardware name: Generic R-Car Gen2 (Flattened Device Tree)
> > PC is at 0xb6f4feda
> > LR is at 0xb6f4ed31
> > pc : [<b6f4feda>] lr : [<b6f4ed31>] psr: 60000030
> > sp : be970630 ip : be970678 fp : b6f67978
> > r10: 00000000 r9 : 004d48ff r8 : be970844
> > r7 : be9707f8 r6 : b6f67978 r5 : be970850 r4 : be970844
> > r3 : b6f669b0 r2 : 003fb0d6 r1 : 00000000 r0 : be970650
> > Flags: nZCv IRQs on FIQs on Mode USER_32 ISA Thumb Segment user
> > Control: 30c5387d Table: 41f6cac0 DAC: 55555555
> > Code: bad PC value
>
> Well, that points to another issue... get_user() appears to be unable
> to access userspace. Userspace can, however, as we wouldn't get an
> undefined instruction abort unless it can successfully access the
> address.
>
> This points to something being very wrong with this implementation.
Yeah, it doesn't look great. Let's see if TLBIALLIS solves anything,
though not as an upstream solution as it's expensive, just to understand
the problem a bit better. So maybe revert the last patch from the
series, the first three seem inoffensive.
For the flush_tlb_all(), I think the mcr incantation is:
mov r0, #0
mcr p15, 0, r0, c8, c7, 0
Linus, if you attempt this in the uaccess_enable/disable macros, also
force the ISB to be always on just in case the TTBRC update does not
take place before the MCR.
--
Catalin
More information about the linux-arm-kernel
mailing list