linux/arch/powerpc
Michael Ellerman 496c5fe25c powerpc/idle: Don't corrupt back chain when going idle
In isa206_idle_insn_mayloss() we store various registers into the stack
red zone, which is allowed.

However inside the IDLE_STATE_ENTER_SEQ_NORET macro we save r2 again,
to 0(r1), which corrupts the stack back chain.

We used to do the same in isa206_idle_insn_mayloss() itself, but we
fixed that in 73287caa92 ("powerpc64/idle: Fix SP offsets when saving
GPRs"), however we missed that the macro also corrupts the back chain.

Corrupting the back chain is bad for debuggability but doesn't
necessarily cause a bug.

However we recently changed the stack handling in some KVM code, and it
now relies on the stack back chain being valid when it returns. The
corruption causes that code to return with r1 pointing somewhere in
kernel data, at some point LR is restored from the stack and we branch
to NULL or somewhere else invalid.

Only affects Power8 hosts running KVM guests, with dynamic_mt_modes
enabled (which it is by default).

The fixes tag below points to the commit that changed the KVM stack
handling, exposing this bug. The actual corruption of the back chain has
always existed since 948cf67c47 ("powerpc: Add NAP mode support on
Power7 in HV mode").

Fixes: 9b4416c509 ("KVM: PPC: Book3S HV: Fix stack handling in idle_kvm_start_guest()")
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20211020094826.3222052-1-mpe@ellerman.id.au
2021-10-20 21:37:58 +11:00
..
boot powerpc/boot: Fix build failure since GCC 4.9 removal 2021-09-14 08:33:32 -07:00
configs powerpc/configs/microwatt: Enable options for systemd 2021-08-27 00:56:53 +10:00
crypto crypto: powepc/sha1 - remove unneeded semicolon 2021-03-07 15:13:14 +11:00
include powerpc/32s: Fix kuap_kernel_restore() 2021-10-07 23:34:00 +11:00
kernel powerpc/idle: Don't corrupt back chain when going idle 2021-10-20 21:37:58 +11:00
kexec powerpc updates for 5.15 2021-09-03 11:22:50 -07:00
kvm KVM: PPC: Book3S HV: Make idle_kvm_start_guest() return 0 if it went to guest 2021-10-16 00:40:03 +11:00
lib powerpc/lib: Add helper to check if offset is within conditional branch range 2021-10-07 18:52:33 +11:00
math-emu powerpc/64s: avoid reloading (H)SRR registers if they are still valid 2021-06-25 00:06:55 +10:00
mm Merge branch 'akpm' (patches from Andrew) 2021-09-08 12:55:35 -07:00
net powerpc/bpf ppc32: Fix BPF_SUB when imm == 0x80000000 2021-10-07 19:52:59 +11:00
perf powerpc/perf: Fix the check for SIAR value 2021-08-25 22:38:19 +10:00
platforms pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init 2021-10-07 23:37:22 +11:00
purgatory powerpc/kexec: Don't use .machine ppc64 in trampoline_64.S 2021-04-08 21:17:43 +10:00
sysdev powerpc/xive: Discard disabled interrupts in get_irqchip_state() 2021-10-13 16:38:55 +11:00
tools powerpc/head_check: Fix shellcheck errors 2021-08-17 22:52:02 +10:00
xmon powerpc: Refactor verification of MSR_RI 2021-08-26 21:21:07 +10:00
Kbuild
Kconfig Tracing updates for 5.15: 2021-09-05 11:50:41 -07:00
Kconfig.debug powerpc/ptdump: Convert powerpc to GENERIC_PTDUMP 2021-08-25 13:35:48 +10:00
Makefile powerpc: Add "-z notext" flag to disable diagnostic 2021-08-15 13:49:39 +10:00
Makefile.postlink