Re: [PATCH v3 31/41] powerpc/32: Dismantle EXC_XFER_STD/LITE/TEMPLATE
From: Finn Thain
Date: Wed Aug 04 2021 - 01:06:10 EST
On Tue, 3 Aug 2021, Stan Johnson wrote:
> Attached you will find the following six files:
>
> 1) config-5.13-patched_VMAP.txt
> 2) config-5.13-patched_NO_VMAP.txt
> 3) pb3400c-console-5.13-patched_VMAP.txt (using config 1)
> 4) pb3400c-console-5.13-patched_NO_VMAP.txt (using config 2)
> 5) ws-console-5.13-patched_VMAP.txt (using config 1)
> 6) ws-console-5.13-patched_NO_VMAP.txt (using config 2)
>
Thanks!
> The command lines in BootX were as follows:
>
> PB 3400c:
> root=/dev/sda13 console=ttyS0 video=chips65550:vmode:14,cmode:16
>
> Wallstreet:
> root=/dev/sda12 console=ttyS0 video=ofonly
>
> Notes:
>
> For 3), the patch seems to have fixed the "hang-at-boot" at the Mac
> OS screen for the PB 3400c.
I doubt that. I suspect that this is an unrelated failure that only
affects the Powerbook 3400 and only intermittently. I say that because
you've also observed this failure in v5.11.
So we should probably ignore this early-boot failure for the moment. Stan,
if it happens again, please reboot and retry. That may allow us to make
progress on the other bugs.
> After a successful boot, I didn't see any errors until I accessed the
> system via ssh. In an ssh window, I entered "dmesg" (no errors) followed
> by "ls -Rail /usr/bin", and while that was running, the errors appeared.
Since Stan has a yahoo email address that isn't allowed past the spam
filter, I'll paste that portion of the console log he sent --
Kernel attempted to write user page (78a930) - exploit attempt? (uid: 1000)
------------[ cut here ]------------
Bug: Write fault blocked by KUAP!
WARNING: CPU: 0 PID: 1619 at arch/powerpc/mm/fault.c:230 do_page_fault+0x484/0x720
Modules linked in:
CPU: 0 PID: 1619 Comm: sshd Not tainted 5.13.0-pmac-VMAP #10
NIP: c001b780 LR: c001b780 CTR: 00000000
REGS: cb981bc0 TRAP: 0700 Not tainted (5.13.0-pmac-VMAP)
MSR: 00021032 <ME,IR,DR,RI> CR: 24942424 XER: 00000000
GPR00: c001b780 cb981c80 c151c1e0 00000021 3ffffbff 085b0000 00000027 c8eb644c
GPR08: 00000023 00000000 00000000 00000000 24942424 0076f8c8 00000000 000186a0
GPR16: afab5544 afab5540 afab553c afab5538 afab5534 afab5530 00000004 0078a934
GPR24: 00000000 00000000 0078a970 02000000 c1497b60 0078a930 00000300 cb981cc0
NIP [c001b780] do_page_fault+0x484/0x720
LR [c001b780] do_page_fault+0x484/0x720
Call Trace:
[cb981c80] [c001b780] do_page_fault+0x484/0x720 (unreliable)
[cb981cb0] [c000424c] DataAccess_virt+0xd4/0xe4
--- interrupt: 300 at __copy_tofrom_user+0x110/0x20c
NIP: c001f9bc LR: c0172b04 CTR: 00000001
REGS: cb981cc0 TRAP: 0300 Not tainted (5.13.0-pmac-VMAP)
MSR: 00009032 <EE,ME,IR,DR,RI> CR: 442444e8 XER: 20000000
DAR: 0078a930 DSISR: 0a000000
GPR00: 00000000 cb981d80 c151c1e0 0078a930 cb981db8 00000004 0078a92c 00000100
GPR08: 00000122 10c279a1 10000000 c1800034 242444e2 0076f8c8 00000000 000186a0
GPR16: afab5544 afab5540 afab553c afab5538 afab5534 afab5530 00000004 0078a934
GPR24: 00000000 00000000 0078a970 0078a930 cb981dac cb981dac 00000001 00000004
NIP [c001f9bc] __copy_tofrom_user+0x110/0x20c
LR [c0172b04] core_sys_select+0x3e8/0x594
--- interrupt: 300
[cb981d80] [c0172960] core_sys_select+0x244/0x594 (unreliable)
[cb981ee0] [c0172d98] kern_select+0xe8/0x158
[cb981f30] [c001604c] ret_from_syscall+0x0/0x28
--- interrupt: c00 at 0xa7a4f388
NIP: a7a4f388 LR: a7a4f35c CTR: 00000000
REGS: cb981f40 TRAP: 0c00 Not tainted (5.13.0-pmac-VMAP)
MSR: 0000d032 <EE,PR,ME,IR,DR,RI> CR: 240044e2 XER: 20000000
GPR00: 0000008e afab54e0 a73cc7d0 0000000c 0078a930 0078a970 00000000 00000000
GPR08: 00000004 00000000 00000000 a79e45b0 28004462 0076f8c8 00000000 000186a0
GPR16: afab5544 afab5540 afab553c afab5538 afab5534 afab5530 00000004 00770490
GPR24: afab552f 00000004 00000000 0078a930 00000000 00771734 a7b2fff4 00798cb0
NIP [a7a4f388] 0xa7a4f388
LR [a7a4f35c] 0xa7a4f35c
--- interrupt: c00
Instruction dump:
3884aa30 3863012c 4807685d 807f0080 48042e41 2f830000 419e0148 3c80c079
3c60c076 38841b6c 38630174 4801f701 <0fe00000> 3860000b 4bfffe30 3c80c06b
---[ end trace c6ec12d4725e6f89 ]---
> I'll enter the same commands for the other three boots. It may be
> important that I didn't see errors until there was significant network
> access.
>
> For 4), the PB 3400c also booted normally. Errors started after
> logging in via ssh when I entered "dmesg". To be consistent with the
> first test, I followed that with "ls -Rail /usr/bin" and saw more
> errors. A normal reboot ("shutdown -r now") caused even more errors.
>
Here's the relevant portion of that log:
Kernel attempted to write user page (ba3bc0) - exploit attempt? (uid: 1000)
------------[ cut here ]------------
Bug: Write fault blocked by KUAP!
WARNING: CPU: 0 PID: 1609 at arch/powerpc/mm/fault.c:230 do_page_fault+0x484/0x720
Modules linked in:
CPU: 0 PID: 1609 Comm: bash Not tainted 5.13.0-pmac-NO_VMAP #11
NIP: c001b780 LR: c001b780 CTR: 00000000
REGS: c3c5bba0 TRAP: 0700 Not tainted (5.13.0-pmac-NO_VMAP)
MSR: 00021032 <ME,IR,DR,RI> CR: 24442424 XER: 00000000
GPR00: c001b780 c3c5bc60 c3842ca0 00000021 3ffffbff 085ac000 00000027 c8eb2444
GPR08: 00000023 00000000 00000000 00000000 24442424 00b6fff4 00180008 00000000
GPR16: c18ac148 c3c5beb0 c8fc3e00 00000000 c7a70000 00ba4260 00000000 00000000
GPR24: c3c5be90 00001000 c7a70000 02000000 c1f43900 00ba3bc0 00000300 c3c5bca0
NIP [c001b780] do_page_fault+0x484/0x720
LR [c001b780] do_page_fault+0x484/0x720
Call Trace:
[c3c5bc60] [c001b780] do_page_fault+0x484/0x720 (unreliable)
[c3c5bc90] [c000424c] DataAccess_virt+0xd4/0xe4
--- interrupt: 300 at __copy_tofrom_user+0xbc/0x20c
NIP: c001f968 LR: c03258c4 CTR: 00000031
REGS: c3c5bca0 TRAP: 0300 Not tainted (5.13.0-pmac-NO_VMAP)
MSR: 00009032 <EE,ME,IR,DR,RI> CR: 42424288 XER: 20000000
DAR: 00ba3bc0 DSISR: 0a000000
GPR00: 00000004 c3c5bd60 c3842ca0 00000084 c7a7096c 00000000 00ba3bbc 20776974
GPR08: 68207469 6c646520 287e290a 00000004 22422282 00b6fff4 00180008 00000000
GPR16: c18ac148 c3c5beb0 c8fc3e00 00000000 c7a70000 00ba4260 00000000 00000000
GPR24: c3c5be90 00001000 c7a70000 c8fc3e00 00001000 c3c5be98 00008000 00ba3260
NIP [c001f968] __copy_tofrom_user+0xbc/0x20c
LR [c03258c4] copy_page_to_iter+0x2c0/0xab8
--- interrupt: 300
[c3c5bd60] [00000000] 0x0 (unreliable)
[c3c5bdb0] [c00f5bb4] filemap_read+0x424/0xa2c
[c3c5be80] [c0156910] vfs_read+0x274/0x340
[c3c5bf00] [c0156ec4] ksys_read+0x70/0x118
[c3c5bf30] [c001604c] ret_from_syscall+0x0/0x28
--- interrupt: c00 at 0x86bc88
NIP: 0086bc88 LR: 0086bc5c CTR: 00000000
REGS: c3c5bf40 TRAP: 0c00 Not tainted (5.13.0-pmac-NO_VMAP)
MSR: 0000d032 <EE,PR,ME,IR,DR,RI> CR: 20422224 XER: 20000000
GPR00: 00000003 afa710a0 a799a8c0 00000003 00b9b260 00012b22 00badd88 00000000
GPR08: 0000e279 00012b31 00b9b258 00b9b178 00002564 00b6fff4 00b8b4c0 00000000
GPR16: 00000002 00012b22 00aa2ad0 00000000 00b85730 00b85680 00b87900 00b85620
GPR24: 00b856d0 00b9aa80 00000003 00b85520 00b855d0 00b878a0 00959ff4 0000000e
NIP [0086bc88] 0x86bc88
LR [0086bc5c] 0x86bc5c
--- interrupt: c00
Instruction dump:
3884a9e0 386300f0 48076575 807f0080 48042b59 2f830000 419e0148 3c80c079
3c60c076 38841b24 38630138 4801f419 <0fe00000> 3860000b 4bfffe30 3c80c06b
---[ end trace c6966f6cf6736566 ]---
So the PowerBook 3400 and the PowerBook G3 Series "Wallstreet" may have one
failure mode in common (?) The "Wallstreet" (stock v5.13), in the log
sent a few days ago, showed:
Kernel attempted to write user page (c6207c) - exploit attempt? (uid: 0)
BUG: Unable to handle kernel data access on write at 0x00c6207c
Faulting instruction address: 0xa77ad1dc
Oops: Kernel access of bad area, sig: 11 [#1]
...
> For 5), login at the Wallstreet X console failed, with errors. After
> logging in via ssh, entering "dmesg" and "ls -Rail /usr/bin" generated
> more errors.
>
Here's the relevant portion of the log:
------------[ cut here ]------------
kernel BUG at arch/powerpc/kernel/interrupt.c:49!
Oops: Exception in kernel mode, sig: 5 [#1]
BE PAGE_SIZE=4K MMU=Hash SMP NR_CPUS=2 PowerMac
Modules linked in:
CPU: 0 PID: 1859 Comm: xfce4-session Not tainted 5.13.0-pmac-VMAP #10
NIP: c0011474 LR: c0011464 CTR: 00000000
REGS: e2f75e40 TRAP: 0700 Not tainted (5.13.0-pmac-VMAP)
MSR: 00021032 <ME,IR,DR,RI> CR: 2400446c XER: 20000000
GPR00: c001604c e2f75f00 ca284a60 00000000 00000000 a5205eb0 00000008 00000020
GPR08: ffffffc0 00000001 501200d9 ce030005 ca285010 00c1f778 00000000 00000000
GPR16: 00945b20 009402f8 00000001 a6b87550 a51fd000 afb73220 a6b22c78 a6a6aecc
GPR24: 00000000 ffffffc0 00000020 00000008 a5205eb0 00000000 e2f75f40 000000ae
NIP [c0011474] system_call_exception+0x60/0x164
LR [c0011464] system_call_exception+0x50/0x164
Call Trace:
[e2f75f00] [00009000] 0x9000 (unreliable)
[e2f75f30] [c001604c] ret_from_syscall+0x0/0x28
--- interrupt: c00 at 0xa69d6cb0
NIP: a69d6cb0 LR: a69d6c3c CTR: 00000000
REGS: e2f75f40 TRAP: 0c00 Not tainted (5.13.0-pmac-VMAP)
MSR: 0000d032 <EE,PR,ME,IR,DR,RI> CR: 2400446c XER: 20000000
GPR00: 000000ae a5205de0 a5687ca0 00000000 00000000 a5205eb0 00000008 00000020
GPR08: ffffffc0 401201ea 401200d9 ffffffff c158f230 00c1f778 00000000 00000000
GPR16: 00945b20 009402f8 00000001 a6b87550 a51fd000 afb73220 a6b22c78 a6a6aecc
GPR24: afb72fc8 00000000 00000001 a5205f30 afb733dc 00000000 a6b85ff4 a5205eb0
NIP [a69d6cb0] 0xa69d6cb0
LR [a69d6c3c] 0xa69d6c3c
--- interrupt: c00
Instruction dump:
7cdb3378 93810020 7cbc2b78 93a10024 7c9d2378 93e1002c 7d3f4b78 4800d629
817e0084 931e0088 69690002 5529fffe <0f090000> 69694000 552997fe 0f090000
---[ end trace c66c6c3c44806276 ]---
> For 6), login at the Wallstreet X console worked, with no errors.
> There were also no errors from entering "dmesg" or "ls -Rail /usr/bin"
> in an ssh window. Everything seems stable.
>
I think that's consistent with results from a previous test with this
machine with v5.13 with CONFIG_VMAP_STACK disabled.