| Message ID | 20170529062644.21634-1-npiggin@gmail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | 90df4bfb4d9e00a1ab6885900b808bef2b62a21c |
| Headers | show |
Nicholas Piggin <npiggin@gmail.com> writes: > The i-side 0111b case was missed by 7b9f71f974 ("powerpc/64s: POWER9 > machine check handler"). > > It is possible to trigger this exception by branching to a foreign real > address (bits [8:12] != 0) with instruction relocation off, and verify > the exception cause is found after this patch. Can you define "foreign" for people who aren't reading the chip docs :) cheers > Fixes: 7b9f71f974 ("powerpc/64s: POWER9 machine check handler") > Reported-by: Mahesh Salgaonkar <mahesh@linux.vnet.ibm.com> > Signed-off-by: Nicholas Piggin <npiggin@gmail.com> > --- > arch/powerpc/include/asm/mce.h | 15 ++++++++------- > arch/powerpc/kernel/mce.c | 1 + > arch/powerpc/kernel/mce_power.c | 3 +++ > 3 files changed, 12 insertions(+), 7 deletions(-) > > diff --git a/arch/powerpc/include/asm/mce.h b/arch/powerpc/include/asm/mce.h > index 81eff8631434..190d69a7f701 100644 > --- a/arch/powerpc/include/asm/mce.h > +++ b/arch/powerpc/include/asm/mce.h > @@ -90,13 +90,14 @@ enum MCE_UserErrorType { > enum MCE_RaErrorType { > MCE_RA_ERROR_INDETERMINATE = 0, > MCE_RA_ERROR_IFETCH = 1, > - MCE_RA_ERROR_PAGE_TABLE_WALK_IFETCH = 2, > - MCE_RA_ERROR_PAGE_TABLE_WALK_IFETCH_FOREIGN = 3, > - MCE_RA_ERROR_LOAD = 4, > - MCE_RA_ERROR_STORE = 5, > - MCE_RA_ERROR_PAGE_TABLE_WALK_LOAD_STORE = 6, > - MCE_RA_ERROR_PAGE_TABLE_WALK_LOAD_STORE_FOREIGN = 7, > - MCE_RA_ERROR_LOAD_STORE_FOREIGN = 8, > + MCE_RA_ERROR_IFETCH_FOREIGN = 2, > + MCE_RA_ERROR_PAGE_TABLE_WALK_IFETCH = 3, > + MCE_RA_ERROR_PAGE_TABLE_WALK_IFETCH_FOREIGN = 4, > + MCE_RA_ERROR_LOAD = 5, > + MCE_RA_ERROR_STORE = 6, > + MCE_RA_ERROR_PAGE_TABLE_WALK_LOAD_STORE = 7, > + MCE_RA_ERROR_PAGE_TABLE_WALK_LOAD_STORE_FOREIGN = 8, > + MCE_RA_ERROR_LOAD_STORE_FOREIGN = 9, > }; > > enum MCE_LinkErrorType { > diff --git a/arch/powerpc/kernel/mce.c b/arch/powerpc/kernel/mce.c > index 5f9eada3519b..92f185875694 100644 > --- a/arch/powerpc/kernel/mce.c > +++ b/arch/powerpc/kernel/mce.c > @@ -268,6 +268,7 @@ void machine_check_print_event_info(struct machine_check_event *evt, > static const char *mc_ra_types[] = { > "Indeterminate", > "Instruction fetch (bad)", > + "Instruction fetch (foreign)", > "Page table walk ifetch (bad)", > "Page table walk ifetch (foreign)", > "Load (bad)", > diff --git a/arch/powerpc/kernel/mce_power.c b/arch/powerpc/kernel/mce_power.c > index f913139bb0c2..d24e689e893f 100644 > --- a/arch/powerpc/kernel/mce_power.c > +++ b/arch/powerpc/kernel/mce_power.c > @@ -236,6 +236,9 @@ static const struct mce_ierror_table mce_p9_ierror_table[] = { > { 0x00000000081c0000, 0x0000000000180000, true, > MCE_ERROR_TYPE_UE, MCE_UE_ERROR_PAGE_TABLE_WALK_IFETCH, > MCE_INITIATOR_CPU, MCE_SEV_ERROR_SYNC, }, > +{ 0x00000000081c0000, 0x00000000001c0000, true, > + MCE_ERROR_TYPE_RA, MCE_RA_ERROR_IFETCH_FOREIGN, > + MCE_INITIATOR_CPU, MCE_SEV_ERROR_SYNC, }, > { 0x00000000081c0000, 0x0000000008000000, true, > MCE_ERROR_TYPE_LINK,MCE_LINK_ERROR_IFETCH_TIMEOUT, > MCE_INITIATOR_CPU, MCE_SEV_ERROR_SYNC, }, > -- > 2.11.0
On Fri, 02 Jun 2017 13:14:40 +1000 Michael Ellerman <mpe@ellerman.id.au> wrote: > Nicholas Piggin <npiggin@gmail.com> writes: > > > The i-side 0111b case was missed by 7b9f71f974 ("powerpc/64s: POWER9 > > machine check handler"). > > > > It is possible to trigger this exception by branching to a foreign real > > address (bits [8:12] != 0) with instruction relocation off, and verify > > the exception cause is found after this patch. > > Can you define "foreign" for people who aren't reading the chip docs :) Yes I guess we can copy&paste the relevant part. Updated changelog: The i-side 0111b machine check, which is "Instruction Fetch to foreign address space", was missed by 7b9f71f974 ("powerpc/64s: POWER9 machine check handler"). The POWER9 processor core considers host real addresses with a nonzero value in RA(8:12) as foreign address space, accessible only by the copy and paste instructions. The copy and paste instruction pair can be used to invoke the Nest accelerators via the Virtual Accelerator Switchboard (VAS). It is an error for any regular load/store or ifetch to go to a foreign addresses. When relocation is on, this causes an MMU exception. When relocation is off, a machine check exception. It is possible to trigger this machine check by branching to a foreign address with MSR[IR]=0. Any better? Thanks, Nick
On Mon, 2017-05-29 at 06:26:44 UTC, Nicholas Piggin wrote: > The i-side 0111b case was missed by 7b9f71f974 ("powerpc/64s: POWER9 > machine check handler"). > > It is possible to trigger this exception by branching to a foreign real > address (bits [8:12] != 0) with instruction relocation off, and verify > the exception cause is found after this patch. > > Fixes: 7b9f71f974 ("powerpc/64s: POWER9 machine check handler") > Reported-by: Mahesh Salgaonkar <mahesh@linux.vnet.ibm.com> > Signed-off-by: Nicholas Piggin <npiggin@gmail.com> Applied to powerpc next, thanks. https://git.kernel.org/powerpc/c/90df4bfb4d9e00a1ab6885900b808b cheers
diff --git a/arch/powerpc/include/asm/mce.h b/arch/powerpc/include/asm/mce.h index 81eff8631434..190d69a7f701 100644 --- a/arch/powerpc/include/asm/mce.h +++ b/arch/powerpc/include/asm/mce.h @@ -90,13 +90,14 @@ enum MCE_UserErrorType { enum MCE_RaErrorType { MCE_RA_ERROR_INDETERMINATE = 0, MCE_RA_ERROR_IFETCH = 1, - MCE_RA_ERROR_PAGE_TABLE_WALK_IFETCH = 2, - MCE_RA_ERROR_PAGE_TABLE_WALK_IFETCH_FOREIGN = 3, - MCE_RA_ERROR_LOAD = 4, - MCE_RA_ERROR_STORE = 5, - MCE_RA_ERROR_PAGE_TABLE_WALK_LOAD_STORE = 6, - MCE_RA_ERROR_PAGE_TABLE_WALK_LOAD_STORE_FOREIGN = 7, - MCE_RA_ERROR_LOAD_STORE_FOREIGN = 8, + MCE_RA_ERROR_IFETCH_FOREIGN = 2, + MCE_RA_ERROR_PAGE_TABLE_WALK_IFETCH = 3, + MCE_RA_ERROR_PAGE_TABLE_WALK_IFETCH_FOREIGN = 4, + MCE_RA_ERROR_LOAD = 5, + MCE_RA_ERROR_STORE = 6, + MCE_RA_ERROR_PAGE_TABLE_WALK_LOAD_STORE = 7, + MCE_RA_ERROR_PAGE_TABLE_WALK_LOAD_STORE_FOREIGN = 8, + MCE_RA_ERROR_LOAD_STORE_FOREIGN = 9, }; enum MCE_LinkErrorType { diff --git a/arch/powerpc/kernel/mce.c b/arch/powerpc/kernel/mce.c index 5f9eada3519b..92f185875694 100644 --- a/arch/powerpc/kernel/mce.c +++ b/arch/powerpc/kernel/mce.c @@ -268,6 +268,7 @@ void machine_check_print_event_info(struct machine_check_event *evt, static const char *mc_ra_types[] = { "Indeterminate", "Instruction fetch (bad)", + "Instruction fetch (foreign)", "Page table walk ifetch (bad)", "Page table walk ifetch (foreign)", "Load (bad)", diff --git a/arch/powerpc/kernel/mce_power.c b/arch/powerpc/kernel/mce_power.c index f913139bb0c2..d24e689e893f 100644 --- a/arch/powerpc/kernel/mce_power.c +++ b/arch/powerpc/kernel/mce_power.c @@ -236,6 +236,9 @@ static const struct mce_ierror_table mce_p9_ierror_table[] = { { 0x00000000081c0000, 0x0000000000180000, true, MCE_ERROR_TYPE_UE, MCE_UE_ERROR_PAGE_TABLE_WALK_IFETCH, MCE_INITIATOR_CPU, MCE_SEV_ERROR_SYNC, }, +{ 0x00000000081c0000, 0x00000000001c0000, true, + MCE_ERROR_TYPE_RA, MCE_RA_ERROR_IFETCH_FOREIGN, + MCE_INITIATOR_CPU, MCE_SEV_ERROR_SYNC, }, { 0x00000000081c0000, 0x0000000008000000, true, MCE_ERROR_TYPE_LINK,MCE_LINK_ERROR_IFETCH_TIMEOUT, MCE_INITIATOR_CPU, MCE_SEV_ERROR_SYNC, },
The i-side 0111b case was missed by 7b9f71f974 ("powerpc/64s: POWER9 machine check handler"). It is possible to trigger this exception by branching to a foreign real address (bits [8:12] != 0) with instruction relocation off, and verify the exception cause is found after this patch. Fixes: 7b9f71f974 ("powerpc/64s: POWER9 machine check handler") Reported-by: Mahesh Salgaonkar <mahesh@linux.vnet.ibm.com> Signed-off-by: Nicholas Piggin <npiggin@gmail.com> --- arch/powerpc/include/asm/mce.h | 15 ++++++++------- arch/powerpc/kernel/mce.c | 1 + arch/powerpc/kernel/mce_power.c | 3 +++ 3 files changed, 12 insertions(+), 7 deletions(-)