1. 20 Dec, 2018 2 commits
    • Madhavan Srinivasan's avatar
      powerpc/perf: Fix thresholding counter data for unknown type · 17cfccc9
      Madhavan Srinivasan authored
      MMCRA[34:36] and MMCRA[38:44] expose the thresholding counter value.
      Thresholding counter can be used to count latency cycles such as
      load miss to reload. But threshold counter value is not relevant
      when the sampled instruction type is unknown or reserved. Patch to
      fix the thresholding counter value to zero when sampled instruction
      type is unknown or reserved.
      
      Fixes: 170a315f('powerpc/perf: Support to export MMCRA[TEC*] field to userspace')
      Signed-off-by: default avatarMadhavan Srinivasan <maddy@linux.vnet.ibm.com>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      17cfccc9
    • Aneesh Kumar K.V's avatar
      powerpc/mm/hash: Handle user access of kernel address gracefully · 374f3f59
      Aneesh Kumar K.V authored
      In commit 2865d08d ("powerpc/mm: Move the DSISR_PROTFAULT sanity
      check") we moved the protection fault access check before the vma
      lookup. That means we hit that WARN_ON when user space accesses a
      kernel address. Before that commit this was handled by find_vma() not
      finding vma for the kernel address and considering that access as bad
      area access.
      
      Avoid the confusing WARN_ON and convert that to a ratelimited printk.
      
      With the patch we now get:
      
      for load:
        a.out[5997]: User access of kernel address (c00000000000dea0) - exploit attempt? (uid: 1000)
        a.out[5997]: segfault (11) at c00000000000dea0 nip 1317c0798 lr 7fff80d6441c code 1 in a.out[1317c0000+10000]
        a.out[5997]: code: 60000000 60420000 3c4c0002 38427790 4bffff20 3c4c0002 38427784 fbe1fff8
        a.out[5997]: code: f821ffc1 7c3f0b78 60000000 e9228030 <89290000> 993f002f 60000000 383f0040
      
      for exec:
        a.out[6067]: User access of kernel address (c00000000000dea0) - exploit attempt? (uid: 1000)
        a.out[6067]: segfault (11) at c00000000000dea0 nip c00000000000dea0 lr 129d507b0 code 1
        a.out[6067]: Bad NIP, not dumping instructions.
      
      Fixes: 2865d08d ("powerpc/mm: Move the DSISR_PROTFAULT sanity check")
      Signed-off-by: default avatarAneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
      Tested-by: default avatarBreno Leitao <leitao@debian.org>
      [mpe: Don't split printk() string across lines]
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      374f3f59
  2. 19 Dec, 2018 19 commits
  3. 17 Dec, 2018 4 commits
  4. 10 Dec, 2018 1 commit
  5. 09 Dec, 2018 5 commits
    • Oliver O'Halloran's avatar
      powerpc/mm: Fallback to RAM if the altmap is unusable · 9ef34630
      Oliver O'Halloran authored
      The "altmap" is used to provide a pool of memory that is reserved for
      the vmemmap backing of hot-plugged memory. This is useful when adding
      large amount of ZONE_DEVICE memory to a system with a limited amount of
      normal memory.
      
      On ppc64 we use huge pages to map the vmemmap which requires the backing
      storage to be contigious and aligned to the hugepage size. The altmap
      implementation allows for the altmap provider to reserve a few PFNs at
      the start of the range for it's own uses and when this occurs the
      first chunk of the altmap is not usable for hugepage mappings. On hash
      there is no sane way to fall back to a normal sized page mapping so we
      fail the allocation. This results in memory hotplug failing with
      ENOMEM when the new range doesn't fall into an existing vmemmap block.
      
      This patch handles this case by falling back to using system memory
      rather than failing if we cannot allocate from the altmap. This
      fallback should only ever be used for the first vmemmap block so it
      should not cause excess memory consumption.
      
      Fixes: 7b73d978 ("mm: pass the vmem_altmap to vmemmap_populate")
      Signed-off-by: default avatarOliver O'Halloran <oohall@gmail.com>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      9ef34630
    • Oliver O'Halloran's avatar
      powerpc/papr_scm: Use ibm,unit-guid as the iset cookie · 43001c52
      Oliver O'Halloran authored
      The interleave set cookie is used to determine if a label stored in the
      metadata space should be applied to the current region. This is
      important in the case of NVDIMMs since the firmware may change the
      interleaving configuration of a DIMM which would invalidate the existing
      labels. In our case the hypervisor hides those details from us so we
      don't really care, but libnvdimm still requires the interleave set
      cookie to be non-zero.
      
      For our purposes we just need the set cookie to be unique and fixed for
      a given PAPR SCM region and using the unit-guid (really a UUID) is fine
      for this purpose.
      
      Fixes: b5beae5e ("powerpc/pseries: Add driver for PAPR SCM regions")
      Signed-off-by: default avatarOliver O'Halloran <oohall@gmail.com>
      [mpe: Use kernel types (u64)]
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      43001c52
    • Oliver O'Halloran's avatar
      powerpc/papr_scm: Fix DIMM device registration race · b0d65a8c
      Oliver O'Halloran authored
      When a new nvdimm device is registered with libnvdimm via
      nvdimm_create() it is added as a device on the nvdimm bus. The probe
      function for the DIMM driver is potentially quite slow so actually
      registering and probing the device is done in an async domain rather
      than immediately after device creation. This can result in a race where
      the region device (created 2nd) is probed first and fails to activate at
      boot.
      
      To fix this we use the same approach as the ACPI/NFIT driver which is to
      check that all the DIMM devices registered successfully. LibNVDIMM
      provides the nvdimm_bus_count_dimms() function which synchronises with
      the async domain and verifies that the dimm was successfully registered
      with the bus.
      
      If either of these does not occur then we bail.
      
      Fixes: b5beae5e ("powerpc/pseries: Add driver for PAPR SCM regions")
      Signed-off-by: default avatarOliver O'Halloran <oohall@gmail.com>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      b0d65a8c
    • Oliver O'Halloran's avatar
      powerpc/papr_scm: Remove endian conversions · 409dd7dc
      Oliver O'Halloran authored
      The return values of a h-call are returned in the CPU registers and
      written to the provided buffer by the plpar_hcall() wrapper. As a result
      the values written to memory are always in the native endian and should
      not be byte swapped.
      
      The inital implementation of the H-Call interface was done in qemu and
      the returned values were byte swapped unnecessarily in both the
      hypervisor and in the driver so this was only noticed when bringing up
      the PowerVM implementation.
      
      Fixes: b5beae5e ("powerpc/pseries: Add driver for PAPR SCM regions")
      Signed-off-by: default avatarOliver O'Halloran <oohall@gmail.com>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      409dd7dc
    • Oliver O'Halloran's avatar
      powerpc/papr_scm: Update DT properties · 683ec0e0
      Oliver O'Halloran authored
      The ibm,unit-sizes property was originally specified as an array of two
      u32s corresponding to the memory block size, and the number of blocks
      available in that region. A fairly last-minute change to the SCM DT
      specification was splitting that into two seperate u64 properties:
      ibm,block-sizes and ibm,number-of-blocks that convey the same
      information. No firmware / hypervisor that emitted the ibm,unit-size
      property ever appeared in the wild.
      
      Fixes: b5beae5e ("powerpc/pseries: Add driver for PAPR SCM regions")
      Signed-off-by: default avatarOliver O'Halloran <oohall@gmail.com>
      [mpe: Use kernel types (u32/u64)]
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      683ec0e0
  6. 07 Dec, 2018 3 commits
  7. 06 Dec, 2018 1 commit
    • Michael Ellerman's avatar
      powerpc/boot: Fix build failures with -j 1 · e41b93a6
      Michael Ellerman authored
      In commit 5e9dcb61 ("powerpc/boot: Expose Kconfig symbols to
      wrapper") we added a dependency to serial.c on autoconf.h:
      
        $(obj)/serial.c: $(obj)/autoconf.h
      
      This works when building in-tree (ie. with KBUILD_OUTPUT unset)
      because the obj tree is the src tree.
      
      But when building with eg. O=build and -j 1 the build fails:
      
        gcc ... -I../arch/powerpc/boot -c -o arch/powerpc/boot/serial.o arch/powerpc/boot/serial.c
        gcc: error: arch/powerpc/boot/serial.c: No such file or directory
      
      Why this is only happening with -j 1 is not clear, when building with
      -j greater than 1 somehow we decide to look for serial.c in the src
      tree (../), eg:
      
        gcc -I../arch/powerpc/boot -c -o arch/powerpc/boot/serial.o ../arch/powerpc/boot/serial.c
      
      Regardless we shouldn't be specifying a dependency on serial.c in the
      build tree, we want to add a dependency to the version in $(srctree)
      so fix the rule to say that.
      
      Fixes: 5e9dcb61 ("powerpc/boot: Expose Kconfig symbols to wrapper")
      Tested-by: default avatarDaniel Axtens <dja@axtens.net>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      e41b93a6
  8. 04 Dec, 2018 5 commits
    • Christophe Leroy's avatar
      powerpc/mm: dump block address translation on book3s/32 · 7c91efce
      Christophe Leroy authored
      This patch adds a debugfs file to dump block address translation:
      
      ~# cat /sys/kernel/debug/powerpc/block_address_translation
      ---[ Instruction Block Address Translations ]---
      0:         -
      1:         -
      2: 0xc0000000-0xcfffffff 0x00000000 Kernel EXEC coherent
      3: 0xd0000000-0xdfffffff 0x10000000 Kernel EXEC coherent
      4:         -
      5:         -
      6:         -
      7:         -
      
      ---[ Data Block Address Translations ]---
      0:         -
      1:         -
      2: 0xc0000000-0xcfffffff 0x00000000 Kernel RW coherent
      3: 0xd0000000-0xdfffffff 0x10000000 Kernel RW coherent
      4:         -
      5:         -
      6:         -
      7:         -
      Signed-off-by: default avatarChristophe Leroy <christophe.leroy@c-s.fr>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      7c91efce
    • Christophe Leroy's avatar
      powerpc/mm: dump segment registers on book3s/32 · 0261a508
      Christophe Leroy authored
      This patch creates a debugfs file to see content of
      segment registers
      
        # cat /sys/kernel/debug/segment_registers
        ---[ User Segments ]---
        0x00000000-0x0fffffff Kern key 1 User key 1 VSID 0xade2b0
        0x10000000-0x1fffffff Kern key 1 User key 1 VSID 0xade3c1
        0x20000000-0x2fffffff Kern key 1 User key 1 VSID 0xade4d2
        0x30000000-0x3fffffff Kern key 1 User key 1 VSID 0xade5e3
        0x40000000-0x4fffffff Kern key 1 User key 1 VSID 0xade6f4
        0x50000000-0x5fffffff Kern key 1 User key 1 VSID 0xade805
        0x60000000-0x6fffffff Kern key 1 User key 1 VSID 0xade916
        0x70000000-0x7fffffff Kern key 1 User key 1 VSID 0xadea27
        0x80000000-0x8fffffff Kern key 1 User key 1 VSID 0xadeb38
        0x90000000-0x9fffffff Kern key 1 User key 1 VSID 0xadec49
        0xa0000000-0xafffffff Kern key 1 User key 1 VSID 0xaded5a
        0xb0000000-0xbfffffff Kern key 1 User key 1 VSID 0xadee6b
      
        ---[ Kernel Segments ]---
        0xc0000000-0xcfffffff Kern key 0 User key 1 VSID 0x000ccc
        0xd0000000-0xdfffffff Kern key 0 User key 1 VSID 0x000ddd
        0xe0000000-0xefffffff Kern key 0 User key 1 VSID 0x000eee
        0xf0000000-0xffffffff Kern key 0 User key 1 VSID 0x000fff
      Signed-off-by: default avatarChristophe Leroy <christophe.leroy@c-s.fr>
      [mpe: Move it under /sys/kernel/debug/powerpc, make sr_init() __init]
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      0261a508
    • Joel Stanley's avatar
      powerpc/math-emu: Update macros from GCC · b682c869
      Joel Stanley authored
      The add_ssaaaa, sub_ddmmss, umul_ppmm and udiv_qrnnd macros originate
      from GCC's longlong.h which in turn was copied from GMP's longlong.h a
      few decades ago.
      
      This was found when compiling with clang:
      
         arch/powerpc/math-emu/fnmsub.c:46:2: error: invalid use of a cast in a
         inline asm context requiring an l-value: remove the cast or build with
         -fheinous-gnu-extensions
                 FP_ADD_D(R, T, B);
                 ^~~~~~~~~~~~~~~~~
         ...
      
         ./arch/powerpc/include/asm/sfp-machine.h:283:27: note: expanded from
         macro 'sub_ddmmss'
                        : "=r" ((USItype)(sh)),                                  \
                                ~~~~~~~~~~^~~
      
      Segher points out: this was fixed in GCC over 16 years ago
      ( https://gcc.gnu.org/r56600 ), and in GMP (where it comes from)
      presumably before that.
      
      Update the add_ssaaaa, sub_ddmmss, umul_ppmm and udiv_qrnnd macros to
      the latest GCC version in order to git rid of the invalid casts. These
      were taken as-is from GCC's longlong in order to make future syncs
      obvious. Other parts of sfp-machine.h were left as-is as the file
      contains more features than present in longlong.h.
      
      Link: https://github.com/ClangBuiltLinux/linux/issues/260Signed-off-by: default avatarJoel Stanley <joel@jms.id.au>
      Reviewed-by: default avatarNick Desaulniers <ndesaulniers@google.com>
      Reviewed-by: default avatarSegher Boessenkool <segher@kernel.crashing.org>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      b682c869
    • Russell Currey's avatar
      powerpc/tools/checkpatch: Ignore DT_SPLIT_BINDING_PATCH · afa202b6
      Russell Currey authored
      From what I've seen, every time this warning comes up it's bogus,
      so let's ignore it.
      Signed-off-by: default avatarRussell Currey <ruscur@russell.cc>
      Reviewed-by: default avatarAndrew Donnellan <andrew.donnellan@au1.ibm.com>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      afa202b6
    • Christophe Leroy's avatar
      powerpc/8xx: regroup TLB handler routines · b14fc502
      Christophe Leroy authored
      As this is running with MMU off, the CPU only does speculative
      fetch for code in the same page.
      
      Following the significant size reduction of TLB handler routines,
      the side handlers can be brought back close to the main part,
      ie in the same page.
      Signed-off-by: default avatarChristophe Leroy <christophe.leroy@c-s.fr>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      b14fc502