Commit e81ef812 authored by David S. Miller's avatar David S. Miller Committed by Greg Kroah-Hartman

sparc64: Fix register corruption in top-most kernel stack frame during boot.

[ Upstream commit ef3e035c ]

Meelis Roos reported that kernels built with gcc-4.9 do not boot, we
eventually narrowed this down to only impacting machines using
UltraSPARC-III and derivitive cpus.

The crash happens right when the first user process is spawned:

[   54.451346] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000004
[   54.451346]
[   54.571516] CPU: 1 PID: 1 Comm: init Not tainted 3.16.0-rc2-00211-gd7933ab7 #96
[   54.666431] Call Trace:
[   54.698453]  [0000000000762f8c] panic+0xb0/0x224
[   54.759071]  [000000000045cf68] do_exit+0x948/0x960
[   54.823123]  [000000000042cbc0] fault_in_user_windows+0xe0/0x100
[   54.902036]  [0000000000404ad0] __handle_user_windows+0x0/0x10
[   54.978662] Press Stop-A (L1-A) to return to the boot prom
[   55.050713] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000004

Further investigation showed that compiling only per_cpu_patch() with
an older compiler fixes the boot.

Detailed analysis showed that the function is not being miscompiled by
gcc-4.9, but it is using a different register allocation ordering.

With the gcc-4.9 compiled function, something during the code patching
causes some of the %i* input registers to get corrupted.  Perhaps
we have a TLB miss path into the firmware that is deep enough to
cause a register window spill and subsequent restore when we get
back from the TLB miss trap.

Let's plug this up by doing two things:

1) Stop using the firmware stack for client interface calls into
   the firmware.  Just use the kernel's stack.

2) As soon as we can, call into a new function "start_early_boot()"
   to put a one-register-window buffer between the firmware's
   deepest stack frame and the top-most initial kernel one.
Reported-by: default avatarMeelis Roos <mroos@linux.ee>
Tested-by: default avatarMeelis Roos <mroos@linux.ee>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 5955d6d1
...@@ -62,7 +62,8 @@ struct linux_mem_p1275 { ...@@ -62,7 +62,8 @@ struct linux_mem_p1275 {
/* You must call prom_init() before using any of the library services, /* You must call prom_init() before using any of the library services,
* preferably as early as possible. Pass it the romvec pointer. * preferably as early as possible. Pass it the romvec pointer.
*/ */
void prom_init(void *cif_handler, void *cif_stack); void prom_init(void *cif_handler);
void prom_init_report(void);
/* Boot argument acquisition, returns the boot command line string. */ /* Boot argument acquisition, returns the boot command line string. */
char *prom_getbootargs(void); char *prom_getbootargs(void);
......
...@@ -48,6 +48,8 @@ unsigned long safe_compute_effective_address(struct pt_regs *, unsigned int); ...@@ -48,6 +48,8 @@ unsigned long safe_compute_effective_address(struct pt_regs *, unsigned int);
#endif #endif
#ifdef CONFIG_SPARC64 #ifdef CONFIG_SPARC64
void __init start_early_boot(void);
/* unaligned_64.c */ /* unaligned_64.c */
int handle_ldf_stq(u32 insn, struct pt_regs *regs); int handle_ldf_stq(u32 insn, struct pt_regs *regs);
void handle_ld_nf(u32 insn, struct pt_regs *regs); void handle_ld_nf(u32 insn, struct pt_regs *regs);
......
...@@ -65,13 +65,10 @@ struct pause_patch_entry { ...@@ -65,13 +65,10 @@ struct pause_patch_entry {
extern struct pause_patch_entry __pause_3insn_patch, extern struct pause_patch_entry __pause_3insn_patch,
__pause_3insn_patch_end; __pause_3insn_patch_end;
void __init per_cpu_patch(void);
void sun4v_patch_1insn_range(struct sun4v_1insn_patch_entry *, void sun4v_patch_1insn_range(struct sun4v_1insn_patch_entry *,
struct sun4v_1insn_patch_entry *); struct sun4v_1insn_patch_entry *);
void sun4v_patch_2insn_range(struct sun4v_2insn_patch_entry *, void sun4v_patch_2insn_range(struct sun4v_2insn_patch_entry *,
struct sun4v_2insn_patch_entry *); struct sun4v_2insn_patch_entry *);
void __init sun4v_patch(void);
void __init boot_cpu_id_too_large(int cpu);
extern unsigned int dcache_parity_tl1_occurred; extern unsigned int dcache_parity_tl1_occurred;
extern unsigned int icache_parity_tl1_occurred; extern unsigned int icache_parity_tl1_occurred;
......
...@@ -672,14 +672,12 @@ tlb_fixup_done: ...@@ -672,14 +672,12 @@ tlb_fixup_done:
sethi %hi(init_thread_union), %g6 sethi %hi(init_thread_union), %g6
or %g6, %lo(init_thread_union), %g6 or %g6, %lo(init_thread_union), %g6
ldx [%g6 + TI_TASK], %g4 ldx [%g6 + TI_TASK], %g4
mov %sp, %l6
wr %g0, ASI_P, %asi wr %g0, ASI_P, %asi
mov 1, %g1 mov 1, %g1
sllx %g1, THREAD_SHIFT, %g1 sllx %g1, THREAD_SHIFT, %g1
sub %g1, (STACKFRAME_SZ + STACK_BIAS), %g1 sub %g1, (STACKFRAME_SZ + STACK_BIAS), %g1
add %g6, %g1, %sp add %g6, %g1, %sp
mov 0, %fp
/* Set per-cpu pointer initially to zero, this makes /* Set per-cpu pointer initially to zero, this makes
* the boot-cpu use the in-kernel-image per-cpu areas * the boot-cpu use the in-kernel-image per-cpu areas
...@@ -706,44 +704,14 @@ tlb_fixup_done: ...@@ -706,44 +704,14 @@ tlb_fixup_done:
nop nop
#endif #endif
mov %l6, %o1 ! OpenPROM stack
call prom_init call prom_init
mov %l7, %o0 ! OpenPROM cif handler mov %l7, %o0 ! OpenPROM cif handler
/* Initialize current_thread_info()->cpu as early as possible. /* To create a one-register-window buffer between the kernel's
* In order to do that accurately we have to patch up the get_cpuid() * initial stack and the last stack frame we use from the firmware,
* assembler sequences. And that, in turn, requires that we know * do the rest of the boot from a C helper function.
* if we are on a Starfire box or not. While we're here, patch up
* the sun4v sequences as well.
*/ */
call check_if_starfire call start_early_boot
nop
call per_cpu_patch
nop
call sun4v_patch
nop
#ifdef CONFIG_SMP
call hard_smp_processor_id
nop
cmp %o0, NR_CPUS
blu,pt %xcc, 1f
nop
call boot_cpu_id_too_large
nop
/* Not reached... */
1:
#else
mov 0, %o0
#endif
sth %o0, [%g6 + TI_CPU]
call prom_init_report
nop
/* Off we go.... */
call start_kernel
nop nop
/* Not reached... */ /* Not reached... */
......
...@@ -109,7 +109,6 @@ hv_cpu_startup: ...@@ -109,7 +109,6 @@ hv_cpu_startup:
sllx %g5, THREAD_SHIFT, %g5 sllx %g5, THREAD_SHIFT, %g5
sub %g5, (STACKFRAME_SZ + STACK_BIAS), %g5 sub %g5, (STACKFRAME_SZ + STACK_BIAS), %g5
add %g6, %g5, %sp add %g6, %g5, %sp
mov 0, %fp
call init_irqwork_curcpu call init_irqwork_curcpu
nop nop
......
...@@ -30,6 +30,7 @@ ...@@ -30,6 +30,7 @@
#include <linux/cpu.h> #include <linux/cpu.h>
#include <linux/initrd.h> #include <linux/initrd.h>
#include <linux/module.h> #include <linux/module.h>
#include <linux/start_kernel.h>
#include <asm/io.h> #include <asm/io.h>
#include <asm/processor.h> #include <asm/processor.h>
...@@ -174,7 +175,7 @@ char reboot_command[COMMAND_LINE_SIZE]; ...@@ -174,7 +175,7 @@ char reboot_command[COMMAND_LINE_SIZE];
static struct pt_regs fake_swapper_regs = { { 0, }, 0, 0, 0, 0 }; static struct pt_regs fake_swapper_regs = { { 0, }, 0, 0, 0, 0 };
void __init per_cpu_patch(void) static void __init per_cpu_patch(void)
{ {
struct cpuid_patch_entry *p; struct cpuid_patch_entry *p;
unsigned long ver; unsigned long ver;
...@@ -266,7 +267,7 @@ void sun4v_patch_2insn_range(struct sun4v_2insn_patch_entry *start, ...@@ -266,7 +267,7 @@ void sun4v_patch_2insn_range(struct sun4v_2insn_patch_entry *start,
} }
} }
void __init sun4v_patch(void) static void __init sun4v_patch(void)
{ {
extern void sun4v_hvapi_init(void); extern void sun4v_hvapi_init(void);
...@@ -335,14 +336,25 @@ static void __init pause_patch(void) ...@@ -335,14 +336,25 @@ static void __init pause_patch(void)
} }
} }
#ifdef CONFIG_SMP void __init start_early_boot(void)
void __init boot_cpu_id_too_large(int cpu)
{ {
int cpu;
check_if_starfire();
per_cpu_patch();
sun4v_patch();
cpu = hard_smp_processor_id();
if (cpu >= NR_CPUS) {
prom_printf("Serious problem, boot cpu id (%d) >= NR_CPUS (%d)\n", prom_printf("Serious problem, boot cpu id (%d) >= NR_CPUS (%d)\n",
cpu, NR_CPUS); cpu, NR_CPUS);
prom_halt(); prom_halt();
}
current_thread_info()->cpu = cpu;
prom_init_report();
start_kernel();
} }
#endif
/* On Ultra, we support all of the v8 capabilities. */ /* On Ultra, we support all of the v8 capabilities. */
unsigned long sparc64_elf_hwcap = (HWCAP_SPARC_FLUSH | HWCAP_SPARC_STBAR | unsigned long sparc64_elf_hwcap = (HWCAP_SPARC_FLUSH | HWCAP_SPARC_STBAR |
......
...@@ -109,10 +109,13 @@ startup_continue: ...@@ -109,10 +109,13 @@ startup_continue:
brnz,pn %g1, 1b brnz,pn %g1, 1b
nop nop
sethi %hi(p1275buf), %g2 /* Get onto temporary stack which will be in the locked
or %g2, %lo(p1275buf), %g2 * kernel image.
ldx [%g2 + 0x10], %l2 */
add %l2, -(192 + 128), %sp sethi %hi(tramp_stack), %g1
or %g1, %lo(tramp_stack), %g1
add %g1, TRAMP_STACK_SIZE, %g1
sub %g1, STACKFRAME_SZ + STACK_BIAS + 256, %sp
flushw flushw
/* Setup the loop variables: /* Setup the loop variables:
...@@ -394,7 +397,6 @@ after_lock_tlb: ...@@ -394,7 +397,6 @@ after_lock_tlb:
sllx %g5, THREAD_SHIFT, %g5 sllx %g5, THREAD_SHIFT, %g5
sub %g5, (STACKFRAME_SZ + STACK_BIAS), %g5 sub %g5, (STACKFRAME_SZ + STACK_BIAS), %g5
add %g6, %g5, %sp add %g6, %g5, %sp
mov 0, %fp
rdpr %pstate, %o1 rdpr %pstate, %o1
or %o1, PSTATE_IE, %o1 or %o1, PSTATE_IE, %o1
......
...@@ -11,11 +11,10 @@ ...@@ -11,11 +11,10 @@
.text .text
.globl prom_cif_direct .globl prom_cif_direct
prom_cif_direct: prom_cif_direct:
save %sp, -192, %sp
sethi %hi(p1275buf), %o1 sethi %hi(p1275buf), %o1
or %o1, %lo(p1275buf), %o1 or %o1, %lo(p1275buf), %o1
ldx [%o1 + 0x0010], %o2 ! prom_cif_stack ldx [%o1 + 0x0008], %l2 ! prom_cif_handler
save %o2, -192, %sp
ldx [%i1 + 0x0008], %l2 ! prom_cif_handler
mov %g4, %l0 mov %g4, %l0
mov %g5, %l1 mov %g5, %l1
mov %g6, %l3 mov %g6, %l3
......
...@@ -26,13 +26,13 @@ phandle prom_chosen_node; ...@@ -26,13 +26,13 @@ phandle prom_chosen_node;
* It gets passed the pointer to the PROM vector. * It gets passed the pointer to the PROM vector.
*/ */
extern void prom_cif_init(void *, void *); extern void prom_cif_init(void *);
void __init prom_init(void *cif_handler, void *cif_stack) void __init prom_init(void *cif_handler)
{ {
phandle node; phandle node;
prom_cif_init(cif_handler, cif_stack); prom_cif_init(cif_handler);
prom_chosen_node = prom_finddevice(prom_chosen_path); prom_chosen_node = prom_finddevice(prom_chosen_path);
if (!prom_chosen_node || (s32)prom_chosen_node == -1) if (!prom_chosen_node || (s32)prom_chosen_node == -1)
......
...@@ -20,7 +20,6 @@ ...@@ -20,7 +20,6 @@
struct { struct {
long prom_callback; /* 0x00 */ long prom_callback; /* 0x00 */
void (*prom_cif_handler)(long *); /* 0x08 */ void (*prom_cif_handler)(long *); /* 0x08 */
unsigned long prom_cif_stack; /* 0x10 */
} p1275buf; } p1275buf;
extern void prom_world(int); extern void prom_world(int);
...@@ -52,5 +51,4 @@ void p1275_cmd_direct(unsigned long *args) ...@@ -52,5 +51,4 @@ void p1275_cmd_direct(unsigned long *args)
void prom_cif_init(void *cif_handler, void *cif_stack) void prom_cif_init(void *cif_handler, void *cif_stack)
{ {
p1275buf.prom_cif_handler = (void (*)(long *))cif_handler; p1275buf.prom_cif_handler = (void (*)(long *))cif_handler;
p1275buf.prom_cif_stack = (unsigned long)cif_stack;
} }
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment