hw/ppc/ppc.c | 2 +- target/ppc/cpu.h | 6 +++++ target/ppc/helper_regs.h | 2 +- target/ppc/translate.c | 58 ++++++++++++++++++++++++++++++++-------------- 4 files changed, 48 insertions(+), 20 deletions(-)
Since recent commit 2782ad4c4102 "target/ppc/spapr: Enable mitigations by
default for pseries-4.0 machine type", some recent distros, eg. fedora29,
fail to boot under TCG because of a kernel panic:
[ 0.614425] Oops: Exception in kernel mode, sig: 4 [#1]
[ 0.618832] LE SMP NR_CPUS=1024 NUMA pSeries
[ 0.621868] Modules linked in:
[ 0.624958] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.20.16-200.fc29.ppc64le #1
[ 0.625978] NIP: c00000000000bf00 LR: c00000000000e268 CTR: 0000000000007fff
[ 0.626572] REGS: c0000000015a3750 TRAP: 0700 Not tainted (4.20.16-200.fc29.ppc64le)
[ 0.626835] MSR: 8000000002089033 <SF,VEC,EE,ME,IR,DR,RI,LE> CR: 44828222 XER: 00000000
[ 0.628497] CFAR: c00000000000bee4 IRQMASK: 1
[ 0.628497] GPR00: c00000000001fbc8 c0000000015a39e0 c0000000015a6200 c000000001533450
[ 0.628497] GPR04: c00000003e5819d0 c00000003ff15f68 0000000000000000 0000000022f63728
[ 0.628497] GPR08: 0000000000000000 0000000000007fff 0000000000000000 0000000000000000
[ 0.628497] GPR12: 0000000000008000 c0000000018b0000 000000003dc5fd20 0000000002e75e90
[ 0.628497] GPR16: 0000000002e75d40 c00000003e594d00 000000003dc5fd20 0000000002e90b50
[ 0.628497] GPR20: 000000003e45e800 c000000001531a80 c000000001532100 0000000044828222
[ 0.628497] GPR24: c000000001533450 c000000001533450 c00000003e5819d0 c0000000010e51e0
[ 0.628497] GPR28: c0000000015d5c18 c000000001531a80 c00000003e580000 c000000001531a80
[ 0.631710] NIP [c00000000000bf00] flush_count_cache+0x120/0x2420
[ 0.631905] LR [c00000000000e268] _switch+0x68/0x180
[ 0.632585] Call Trace:
[ 0.633490] [c0000000015a39e0] [c0000000015dbd58] __cpu_online_mask+0x0/0x80 (unreliable)
[ 0.634383] [c0000000015a3bc0] [c00000000001fbc8] __switch_to+0x348/0x500
[ 0.634614] [c0000000015a3c20] [c000000000c509dc] __schedule+0x2bc/0xac0
[ 0.634731] [c0000000015a3cf0] [c000000000c51648] preempt_schedule_common+0x38/0x60
[ 0.634852] [c0000000015a3d10] [c000000000c516d4] _cond_resched+0x64/0x80
[ 0.635527] [c0000000015a3d40] [c00000000011a190] copy_process.isra.4.part.5+0xc90/0x1d20
[ 0.635656] [c0000000015a3e40] [c00000000011b414] _do_fork+0xd4/0x470
[ 0.635772] [c0000000015a3eb0] [c00000000011b88c] kernel_thread+0x3c/0x50
[ 0.635891] [c0000000015a3ed0] [c000000000010b08] rest_init+0x98/0xf8
[ 0.636025] [c0000000015a3f00] [c000000000fe4084] start_kernel+0x658/0x67c
[ 0.636163] [c0000000015a3f90] [c00000000000b37c] start_here_common+0x1c/0x520
[ 0.636763] Instruction dump:
[ 0.640925] 48000005 48000005 48000005 48000005 48000005 4800001c 60000000 60000000
[ 0.641448] 60000000 60000000 60000000 60000000 <7d2803a6> 39207fff 7d2903a6 4c400420
[ 0.648580] ---[ end trace 1dcd9494acdef8df ]---
[ 0.649361]
[ 1.657870] Kernel panic - not syncing: Attempted to kill the idle task!
The following error is also printed by QEMU:
Opcode 13 10 10 00 (4c400420) leaked temporaries
The root cause behind the panic is that the linux kernel uses for spectre v2
mitigation a form of the bcctr instruction that we don't support. This gets
triggered when passing cap-ibs=workaround machine option, which is the default
since 2782ad4c4102.
The TCG temp leak comes from some missing tcg_temp_free()s on the
exception path.
This series fixes the leak and adds support for the invalid form of bcctr.
Since this adds yet another user of PPC_SEGMENT_64B to discriminate CPU
models that should expose the _new_ behaviour, the final patch introduces
a helper for that purpose.
--
Greg
---
Greg Kurz (3):
target/ppc: Fix TCG temporary leaks in gen_bcond()
target/ppc: Enable "decrement and test CTR" version of bcctr
target/ppc: Consolidate 64-bit server processor detection in a helper
hw/ppc/ppc.c | 2 +-
target/ppc/cpu.h | 6 +++++
target/ppc/helper_regs.h | 2 +-
target/ppc/translate.c | 58 ++++++++++++++++++++++++++++++++--------------
4 files changed, 48 insertions(+), 20 deletions(-)
On Fri, 2019-03-22 at 19:03 +0100, Greg Kurz wrote: > Since recent commit 2782ad4c4102 "target/ppc/spapr: Enable > mitigations by > default for pseries-4.0 machine type", some recent distros, eg. > fedora29, > fail to boot under TCG because of a kernel panic: Good catch! I noticed this as well but didn't get around to fixing it so thanks for doing it for me :D > > [ 0.614425] Oops: Exception in kernel mode, sig: 4 [#1] > [ 0.618832] LE SMP NR_CPUS=1024 NUMA pSeries > [ 0.621868] Modules linked in: > [ 0.624958] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.20.16- > 200.fc29.ppc64le #1 > [ 0.625978] NIP: c00000000000bf00 LR: c00000000000e268 CTR: > 0000000000007fff > [ 0.626572] REGS: c0000000015a3750 TRAP: 0700 Not > tainted (4.20.16-200.fc29.ppc64le) > [ 0.626835] MSR: 8000000002089033 <SF,VEC,EE,ME,IR,DR,RI,LE> CR: > 44828222 XER: 00000000 > [ 0.628497] CFAR: c00000000000bee4 IRQMASK: 1 > [ 0.628497] GPR00: c00000000001fbc8 c0000000015a39e0 > c0000000015a6200 c000000001533450 > [ 0.628497] GPR04: c00000003e5819d0 c00000003ff15f68 > 0000000000000000 0000000022f63728 > [ 0.628497] GPR08: 0000000000000000 0000000000007fff > 0000000000000000 0000000000000000 > [ 0.628497] GPR12: 0000000000008000 c0000000018b0000 > 000000003dc5fd20 0000000002e75e90 > [ 0.628497] GPR16: 0000000002e75d40 c00000003e594d00 > 000000003dc5fd20 0000000002e90b50 > [ 0.628497] GPR20: 000000003e45e800 c000000001531a80 > c000000001532100 0000000044828222 > [ 0.628497] GPR24: c000000001533450 c000000001533450 > c00000003e5819d0 c0000000010e51e0 > [ 0.628497] GPR28: c0000000015d5c18 c000000001531a80 > c00000003e580000 c000000001531a80 > [ 0.631710] NIP [c00000000000bf00] flush_count_cache+0x120/0x2420 > [ 0.631905] LR [c00000000000e268] _switch+0x68/0x180 > [ 0.632585] Call Trace: > [ 0.633490] [c0000000015a39e0] [c0000000015dbd58] > __cpu_online_mask+0x0/0x80 (unreliable) > [ 0.634383] [c0000000015a3bc0] [c00000000001fbc8] > __switch_to+0x348/0x500 > [ 0.634614] [c0000000015a3c20] [c000000000c509dc] > __schedule+0x2bc/0xac0 > [ 0.634731] [c0000000015a3cf0] [c000000000c51648] > preempt_schedule_common+0x38/0x60 > [ 0.634852] [c0000000015a3d10] [c000000000c516d4] > _cond_resched+0x64/0x80 > [ 0.635527] [c0000000015a3d40] [c00000000011a190] > copy_process.isra.4.part.5+0xc90/0x1d20 > [ 0.635656] [c0000000015a3e40] [c00000000011b414] > _do_fork+0xd4/0x470 > [ 0.635772] [c0000000015a3eb0] [c00000000011b88c] > kernel_thread+0x3c/0x50 > [ 0.635891] [c0000000015a3ed0] [c000000000010b08] > rest_init+0x98/0xf8 > [ 0.636025] [c0000000015a3f00] [c000000000fe4084] > start_kernel+0x658/0x67c > [ 0.636163] [c0000000015a3f90] [c00000000000b37c] > start_here_common+0x1c/0x520 > [ 0.636763] Instruction dump: > [ 0.640925] 48000005 48000005 48000005 48000005 48000005 4800001c > 60000000 60000000 > [ 0.641448] 60000000 60000000 60000000 60000000 <7d2803a6> > 39207fff 7d2903a6 4c400420 > [ 0.648580] ---[ end trace 1dcd9494acdef8df ]--- > [ 0.649361] > [ 1.657870] Kernel panic - not syncing: Attempted to kill the idle > task! > > The following error is also printed by QEMU: > > Opcode 13 10 10 00 (4c400420) leaked temporaries > > The root cause behind the panic is that the linux kernel uses for > spectre v2 > mitigation a form of the bcctr instruction that we don't support. > This gets > triggered when passing cap-ibs=workaround machine option, which is > the default > since 2782ad4c4102. > > The TCG temp leak comes from some missing tcg_temp_free()s on the > exception path. > > This series fixes the leak and adds support for the invalid form of > bcctr. > Since this adds yet another user of PPC_SEGMENT_64B to discriminate > CPU > models that should expose the _new_ behaviour, the final patch > introduces > a helper for that purpose. > > -- > Greg > > --- > > Greg Kurz (3): > target/ppc: Fix TCG temporary leaks in gen_bcond() > target/ppc: Enable "decrement and test CTR" version of bcctr > target/ppc: Consolidate 64-bit server processor detection in a > helper > > > hw/ppc/ppc.c | 2 +- > target/ppc/cpu.h | 6 +++++ > target/ppc/helper_regs.h | 2 +- > target/ppc/translate.c | 58 ++++++++++++++++++++++++++++++++-- > ------------ > 4 files changed, 48 insertions(+), 20 deletions(-) > >
On Mon, 25 Mar 2019 11:31:04 +1100 Suraj Jitindar Singh <sjitindarsingh@gmail.com> wrote: > On Fri, 2019-03-22 at 19:03 +0100, Greg Kurz wrote: > > Since recent commit 2782ad4c4102 "target/ppc/spapr: Enable > > mitigations by > > default for pseries-4.0 machine type", some recent distros, eg. > > fedora29, > > fail to boot under TCG because of a kernel panic: > > Good catch! I noticed this as well but didn't get around to fixing it > so thanks for doing it for me :D > My pleasure :) > > > > [ 0.614425] Oops: Exception in kernel mode, sig: 4 [#1] > > [ 0.618832] LE SMP NR_CPUS=1024 NUMA pSeries > > [ 0.621868] Modules linked in: > > [ 0.624958] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.20.16- > > 200.fc29.ppc64le #1 > > [ 0.625978] NIP: c00000000000bf00 LR: c00000000000e268 CTR: > > 0000000000007fff > > [ 0.626572] REGS: c0000000015a3750 TRAP: 0700 Not > > tainted (4.20.16-200.fc29.ppc64le) > > [ 0.626835] MSR: 8000000002089033 <SF,VEC,EE,ME,IR,DR,RI,LE> CR: > > 44828222 XER: 00000000 > > [ 0.628497] CFAR: c00000000000bee4 IRQMASK: 1 > > [ 0.628497] GPR00: c00000000001fbc8 c0000000015a39e0 > > c0000000015a6200 c000000001533450 > > [ 0.628497] GPR04: c00000003e5819d0 c00000003ff15f68 > > 0000000000000000 0000000022f63728 > > [ 0.628497] GPR08: 0000000000000000 0000000000007fff > > 0000000000000000 0000000000000000 > > [ 0.628497] GPR12: 0000000000008000 c0000000018b0000 > > 000000003dc5fd20 0000000002e75e90 > > [ 0.628497] GPR16: 0000000002e75d40 c00000003e594d00 > > 000000003dc5fd20 0000000002e90b50 > > [ 0.628497] GPR20: 000000003e45e800 c000000001531a80 > > c000000001532100 0000000044828222 > > [ 0.628497] GPR24: c000000001533450 c000000001533450 > > c00000003e5819d0 c0000000010e51e0 > > [ 0.628497] GPR28: c0000000015d5c18 c000000001531a80 > > c00000003e580000 c000000001531a80 > > [ 0.631710] NIP [c00000000000bf00] flush_count_cache+0x120/0x2420 > > [ 0.631905] LR [c00000000000e268] _switch+0x68/0x180 > > [ 0.632585] Call Trace: > > [ 0.633490] [c0000000015a39e0] [c0000000015dbd58] > > __cpu_online_mask+0x0/0x80 (unreliable) > > [ 0.634383] [c0000000015a3bc0] [c00000000001fbc8] > > __switch_to+0x348/0x500 > > [ 0.634614] [c0000000015a3c20] [c000000000c509dc] > > __schedule+0x2bc/0xac0 > > [ 0.634731] [c0000000015a3cf0] [c000000000c51648] > > preempt_schedule_common+0x38/0x60 > > [ 0.634852] [c0000000015a3d10] [c000000000c516d4] > > _cond_resched+0x64/0x80 > > [ 0.635527] [c0000000015a3d40] [c00000000011a190] > > copy_process.isra.4.part.5+0xc90/0x1d20 > > [ 0.635656] [c0000000015a3e40] [c00000000011b414] > > _do_fork+0xd4/0x470 > > [ 0.635772] [c0000000015a3eb0] [c00000000011b88c] > > kernel_thread+0x3c/0x50 > > [ 0.635891] [c0000000015a3ed0] [c000000000010b08] > > rest_init+0x98/0xf8 > > [ 0.636025] [c0000000015a3f00] [c000000000fe4084] > > start_kernel+0x658/0x67c > > [ 0.636163] [c0000000015a3f90] [c00000000000b37c] > > start_here_common+0x1c/0x520 > > [ 0.636763] Instruction dump: > > [ 0.640925] 48000005 48000005 48000005 48000005 48000005 4800001c > > 60000000 60000000 > > [ 0.641448] 60000000 60000000 60000000 60000000 <7d2803a6> > > 39207fff 7d2903a6 4c400420 > > [ 0.648580] ---[ end trace 1dcd9494acdef8df ]--- > > [ 0.649361] > > [ 1.657870] Kernel panic - not syncing: Attempted to kill the idle > > task! > > > > The following error is also printed by QEMU: > > > > Opcode 13 10 10 00 (4c400420) leaked temporaries > > > > The root cause behind the panic is that the linux kernel uses for > > spectre v2 > > mitigation a form of the bcctr instruction that we don't support. > > This gets > > triggered when passing cap-ibs=workaround machine option, which is > > the default > > since 2782ad4c4102. > > > > The TCG temp leak comes from some missing tcg_temp_free()s on the > > exception path. > > > > This series fixes the leak and adds support for the invalid form of > > bcctr. > > Since this adds yet another user of PPC_SEGMENT_64B to discriminate > > CPU > > models that should expose the _new_ behaviour, the final patch > > introduces > > a helper for that purpose. > > > > -- > > Greg > > > > --- > > > > Greg Kurz (3): > > target/ppc: Fix TCG temporary leaks in gen_bcond() > > target/ppc: Enable "decrement and test CTR" version of bcctr > > target/ppc: Consolidate 64-bit server processor detection in a > > helper > > > > > > hw/ppc/ppc.c | 2 +- > > target/ppc/cpu.h | 6 +++++ > > target/ppc/helper_regs.h | 2 +- > > target/ppc/translate.c | 58 ++++++++++++++++++++++++++++++++-- > > ------------ > > 4 files changed, 48 insertions(+), 20 deletions(-) > > > >
On Fri, Mar 22, 2019 at 07:03:35PM +0100, Greg Kurz wrote: > Since recent commit 2782ad4c4102 "target/ppc/spapr: Enable mitigations by > default for pseries-4.0 machine type", some recent distros, eg. fedora29, > fail to boot under TCG because of a kernel panic: > > [ 0.614425] Oops: Exception in kernel mode, sig: 4 [#1] > [ 0.618832] LE SMP NR_CPUS=1024 NUMA pSeries > [ 0.621868] Modules linked in: > [ 0.624958] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.20.16-200.fc29.ppc64le #1 > [ 0.625978] NIP: c00000000000bf00 LR: c00000000000e268 CTR: 0000000000007fff > [ 0.626572] REGS: c0000000015a3750 TRAP: 0700 Not tainted (4.20.16-200.fc29.ppc64le) > [ 0.626835] MSR: 8000000002089033 <SF,VEC,EE,ME,IR,DR,RI,LE> CR: 44828222 XER: 00000000 > [ 0.628497] CFAR: c00000000000bee4 IRQMASK: 1 > [ 0.628497] GPR00: c00000000001fbc8 c0000000015a39e0 c0000000015a6200 c000000001533450 > [ 0.628497] GPR04: c00000003e5819d0 c00000003ff15f68 0000000000000000 0000000022f63728 > [ 0.628497] GPR08: 0000000000000000 0000000000007fff 0000000000000000 0000000000000000 > [ 0.628497] GPR12: 0000000000008000 c0000000018b0000 000000003dc5fd20 0000000002e75e90 > [ 0.628497] GPR16: 0000000002e75d40 c00000003e594d00 000000003dc5fd20 0000000002e90b50 > [ 0.628497] GPR20: 000000003e45e800 c000000001531a80 c000000001532100 0000000044828222 > [ 0.628497] GPR24: c000000001533450 c000000001533450 c00000003e5819d0 c0000000010e51e0 > [ 0.628497] GPR28: c0000000015d5c18 c000000001531a80 c00000003e580000 c000000001531a80 > [ 0.631710] NIP [c00000000000bf00] flush_count_cache+0x120/0x2420 > [ 0.631905] LR [c00000000000e268] _switch+0x68/0x180 > [ 0.632585] Call Trace: > [ 0.633490] [c0000000015a39e0] [c0000000015dbd58] __cpu_online_mask+0x0/0x80 (unreliable) > [ 0.634383] [c0000000015a3bc0] [c00000000001fbc8] __switch_to+0x348/0x500 > [ 0.634614] [c0000000015a3c20] [c000000000c509dc] __schedule+0x2bc/0xac0 > [ 0.634731] [c0000000015a3cf0] [c000000000c51648] preempt_schedule_common+0x38/0x60 > [ 0.634852] [c0000000015a3d10] [c000000000c516d4] _cond_resched+0x64/0x80 > [ 0.635527] [c0000000015a3d40] [c00000000011a190] copy_process.isra.4.part.5+0xc90/0x1d20 > [ 0.635656] [c0000000015a3e40] [c00000000011b414] _do_fork+0xd4/0x470 > [ 0.635772] [c0000000015a3eb0] [c00000000011b88c] kernel_thread+0x3c/0x50 > [ 0.635891] [c0000000015a3ed0] [c000000000010b08] rest_init+0x98/0xf8 > [ 0.636025] [c0000000015a3f00] [c000000000fe4084] start_kernel+0x658/0x67c > [ 0.636163] [c0000000015a3f90] [c00000000000b37c] start_here_common+0x1c/0x520 > [ 0.636763] Instruction dump: > [ 0.640925] 48000005 48000005 48000005 48000005 48000005 4800001c 60000000 60000000 > [ 0.641448] 60000000 60000000 60000000 60000000 <7d2803a6> 39207fff 7d2903a6 4c400420 > [ 0.648580] ---[ end trace 1dcd9494acdef8df ]--- > [ 0.649361] > [ 1.657870] Kernel panic - not syncing: Attempted to kill the idle task! > > The following error is also printed by QEMU: > > Opcode 13 10 10 00 (4c400420) leaked temporaries > > The root cause behind the panic is that the linux kernel uses for spectre v2 > mitigation a form of the bcctr instruction that we don't support. This gets > triggered when passing cap-ibs=workaround machine option, which is the default > since 2782ad4c4102. > > The TCG temp leak comes from some missing tcg_temp_free()s on the > exception path. > > This series fixes the leak and adds support for the invalid form of bcctr. > Since this adds yet another user of PPC_SEGMENT_64B to discriminate CPU > models that should expose the _new_ behaviour, the final patch introduces > a helper for that purpose. Series applied to ppc-for-4.0, thanks. -- David Gibson | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson
© 2016 - 2024 Red Hat, Inc.