mirror of https://github.com/torvalds/linux.git
371b80447f
kexec can leave MMU registers set when booting into a new kernel,
the PIDR (Process Identification Register) in particular. The boot
sequence does not zero PIDR, so it only gets set when CPUs first
switch to a userspace processes (until then it's running a kernel
thread with effective PID = 0).
This leaves a window where a process table entry and page tables are
set up due to user processes running on other CPUs, that happen to
match with a stale PID. The CPU with that PID may cause speculative
accesses that address quadrant 0 (aka userspace addresses), which will
result in cached translations and PWC (Page Walk Cache) for that
process, on a CPU which is not in the mm_cpumask and so they will not
be invalidated properly.
The most common result is the kernel hanging in infinite page fault
loops soon after kexec (usually in schedule_tail, which is usually the
first non-speculative quadrant 0 access to a new PID) due to a stale
PWC. However being a stale translation error, it could result in
anything up to security and data corruption problems.
Fix this by zeroing out PIDR at boot and kexec.
Fixes:
|
||
|---|---|---|
| .. | ||
| trace | ||
| vdso32 | ||
| vdso64 | ||
| .gitignore | ||
| Makefile | ||
| align.c | ||
| asm-offsets.c | ||
| audit.c | ||
| btext.c | ||
| cacheinfo.c | ||
| cacheinfo.h | ||
| compat_audit.c | ||
| cpu_setup_6xx.S | ||
| cpu_setup_44x.S | ||
| cpu_setup_fsl_booke.S | ||
| cpu_setup_pa6t.S | ||
| cpu_setup_power.S | ||
| cpu_setup_ppc970.S | ||
| cputable.c | ||
| crash.c | ||
| crash_dump.c | ||
| dbell.c | ||
| dma-iommu.c | ||
| dma-swiotlb.c | ||
| dma.c | ||
| dt_cpu_ftrs.c | ||
| eeh.c | ||
| eeh_cache.c | ||
| eeh_dev.c | ||
| eeh_driver.c | ||
| eeh_event.c | ||
| eeh_pe.c | ||
| eeh_sysfs.c | ||
| entry_32.S | ||
| entry_64.S | ||
| epapr_hcalls.S | ||
| epapr_paravirt.c | ||
| exceptions-64e.S | ||
| exceptions-64s.S | ||
| fadump.c | ||
| firmware.c | ||
| fpu.S | ||
| fsl_booke_entry_mapping.S | ||
| head_8xx.S | ||
| head_32.S | ||
| head_40x.S | ||
| head_44x.S | ||
| head_64.S | ||
| head_booke.h | ||
| head_fsl_booke.S | ||
| hw_breakpoint.c | ||
| idle.c | ||
| idle_6xx.S | ||
| idle_book3e.S | ||
| idle_book3s.S | ||
| idle_e500.S | ||
| idle_power4.S | ||
| ima_kexec.c | ||
| io-workarounds.c | ||
| io.c | ||
| iomap.c | ||
| iommu.c | ||
| irq.c | ||
| isa-bridge.c | ||
| jump_label.c | ||
| kexec_elf_64.c | ||
| kgdb.c | ||
| kprobes-ftrace.c | ||
| kprobes.c | ||
| kvm.c | ||
| kvm_emul.S | ||
| l2cr_6xx.S | ||
| legacy_serial.c | ||
| machine_kexec.c | ||
| machine_kexec_32.c | ||
| machine_kexec_64.c | ||
| machine_kexec_file_64.c | ||
| mce.c | ||
| mce_power.c | ||
| misc.S | ||
| misc_32.S | ||
| misc_64.S | ||
| module.c | ||
| module_32.c | ||
| module_64.c | ||
| msi.c | ||
| nvram_64.c | ||
| of_platform.c | ||
| optprobes.c | ||
| optprobes_head.S | ||
| paca.c | ||
| pci-common.c | ||
| pci-hotplug.c | ||
| pci_32.c | ||
| pci_64.c | ||
| pci_dn.c | ||
| pci_of_scan.c | ||
| pmc.c | ||
| ppc32.h | ||
| ppc_save_regs.S | ||
| proc_powerpc.c | ||
| process.c | ||
| prom.c | ||
| prom_init.c | ||
| prom_init_check.sh | ||
| prom_parse.c | ||
| ptrace.c | ||
| ptrace32.c | ||
| reloc_32.S | ||
| reloc_64.S | ||
| rtas-proc.c | ||
| rtas-rtc.c | ||
| rtas.c | ||
| rtas_flash.c | ||
| rtas_pci.c | ||
| rtasd.c | ||
| setup-common.c | ||
| setup.h | ||
| setup_32.c | ||
| setup_64.c | ||
| signal.c | ||
| signal.h | ||
| signal_32.c | ||
| signal_64.c | ||
| smp-tbsync.c | ||
| smp.c | ||
| stacktrace.c | ||
| suspend.c | ||
| swsusp.c | ||
| swsusp_32.S | ||
| swsusp_64.c | ||
| swsusp_asm64.S | ||
| swsusp_booke.S | ||
| sys_ppc32.c | ||
| syscalls.c | ||
| sysfs.c | ||
| systbl.S | ||
| systbl_chk.c | ||
| systbl_chk.sh | ||
| tau_6xx.c | ||
| time.c | ||
| tm.S | ||
| traps.c | ||
| udbg.c | ||
| udbg_16550.c | ||
| uprobes.c | ||
| vdso.c | ||
| vecemu.c | ||
| vector.S | ||
| vmlinux.lds.S | ||
| watchdog.c | ||