aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChristian Lamparter <chunkeey@gmail.com>2021-11-26 09:35:45 +0100
committerChristian Lamparter <chunkeey@gmail.com>2021-11-28 01:13:01 +0100
commitdd7d4703e9de73153bd239afcf67c77cdb7f7cf8 (patch)
treeac4a201f53441fec44b7878bc9da764cc2c6df41
parenta5b80dd487180982e59e59ac69458b27fb0a5195 (diff)
downloadupstream-dd7d4703e9de73153bd239afcf67c77cdb7f7cf8.tar.gz
upstream-dd7d4703e9de73153bd239afcf67c77cdb7f7cf8.tar.bz2
upstream-dd7d4703e9de73153bd239afcf67c77cdb7f7cf8.zip
mpc85xx: backport "fix oops when CONFIG_FSL_PMC=n"
Martin Kennedy reported: |Presently, I get this kernel panic on mpc85xx (Aerohive HiveAP 370) |on OpenWrt 'master' which occurs right as the second processor is |initialized: | |[ 0.478804] rcu: Hierarchical SRCU implementation. |[ 0.535569] dyndbg: Ignore empty _ddebug table in a CONFIG_DYNAMIC_DEBUG_CORE build |[ 0.627233] smp: Bringing up secondary CPUs ... |[ 0.681659] kernel tried to execute user page (0) - exploit attempt? (uid: 0) |[ 0.766618] BUG: Unable to handle kernel instruction fetch (NULL pointer?) |[ 0.848899] Faulting instruction address: 0x00000000 |[ 0.908273] Oops: Kernel access of bad area, sig: 11 [#1] |[ 0.972851] BE PAGE_SIZE=4K SMP NR_CPUS=2 P1020 RDB |[ 1.031179] Modules linked in: |[ 1.067640] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.10.80 #0 |[ 1.139507] NIP: 00000000 LR: c0021d2c CTR: 00000000 |[ 1.199921] REGS: c1051cf0 TRAP: 0400 Not tainted (5.10.80) |[...] |[ 1.758220] NIP [00000000] 0x0 |[ 1.794688] LR [c0021d2c] smp_85xx_kick_cpu+0xe8/0x568 |[ 1.856126] Call Trace: |[ 1.885295] [c1051da8] [c0021cb8] smp_85xx_kick_cpu+0x74/0x568 (unreliable) |[ 1.968633] [c1051de8] [c0011460] __cpu_up+0xc0/0x228 |[ 2.029038] [c1051e18] [c0031bbc] bringup_cpu+0x30/0x224 |[ 2.092572] [c1051e48] [c0031f3c] cpu_up.constprop.0+0x180/0x33c |[..] |[ 2.727952] ---[ end trace 9b796a4bafb6bc14 ]--- |[ 3.800879] Kernel panic - not syncing: Fatal exception |[ 3.862353] Rebooting in 1 seconds.. |[ 5.905097] System Halted, OK to turn off power | |I bisected this down to commit 3ae5da5adce9 ("kernel: bump 5.10 to 5.10.80"); |that is, I don't get the panic right before this commit, but I do after. He reported the issue upstream and Xiaoming Ni from huawei came up with the patch (that is on it's way to upstream). While the AP370 is not in Openwrt, this will likely affect other SMP P1020 devices OpenWrt ships with: like the AP330, Enterasys WS-AP3710i, etc. Reported-by: Martin Kennedy <hurricos@gmail.com> Tested-by: Martin Kennedy <hurricos@gmail.com> Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
-rw-r--r--target/linux/mpc85xx/patches-5.10/002-powerpc-85xx-fix-oops-when-CONFIG_FSL_PMC-n.patch55
1 files changed, 55 insertions, 0 deletions
diff --git a/target/linux/mpc85xx/patches-5.10/002-powerpc-85xx-fix-oops-when-CONFIG_FSL_PMC-n.patch b/target/linux/mpc85xx/patches-5.10/002-powerpc-85xx-fix-oops-when-CONFIG_FSL_PMC-n.patch
new file mode 100644
index 0000000000..e9c2ec7032
--- /dev/null
+++ b/target/linux/mpc85xx/patches-5.10/002-powerpc-85xx-fix-oops-when-CONFIG_FSL_PMC-n.patch
@@ -0,0 +1,55 @@
+From e7757563e621522f5cd862b3aff473aedf8b66c0 Mon Sep 17 00:00:00 2001
+From: Xiaoming Ni <nixiaoming@huawei.com>
+Date: Fri, 26 Nov 2021 12:11:53 +0800
+Subject: [PATCH] powerpc/85xx: fix oops when CONFIG_FSL_PMC=n
+
+When CONFIG_FSL_PMC is set to n, no value is assigned to cpu_up_prepare
+ in the mpc85xx_pm_ops structure. As a result, oops is triggered in
+ smp_85xx_start_cpu().
+
+ [ 0.627233] smp: Bringing up secondary CPUs ...
+ [ 0.681659] kernel tried to execute user page (0) - exploit attempt? (uid: 0)
+ [ 0.766618] BUG: Unable to handle kernel instruction fetch (NULL pointer?)
+ [ 0.848899] Faulting instruction address: 0x00000000
+ [ 0.908273] Oops: Kernel access of bad area, sig: 11 [#1]
+ ...
+ [ 1.758220] NIP [00000000] 0x0
+ [ 1.794688] LR [c0021d2c] smp_85xx_kick_cpu+0xe8/0x568
+ [ 1.856126] Call Trace:
+ [ 1.885295] [c1051da8] [c0021cb8] smp_85xx_kick_cpu+0x74/0x568 (unreliable)
+ [ 1.968633] [c1051de8] [c0011460] __cpu_up+0xc0/0x228
+ [ 2.029038] [c1051e18] [c0031bbc] bringup_cpu+0x30/0x224
+ [ 2.092572] [c1051e48] [c0031f3c] cpu_up.constprop.0+0x180/0x33c
+ [ 2.164443] [c1051e88] [c00322e8] bringup_nonboot_cpus+0x88/0xc8
+ [ 2.236326] [c1051eb8] [c07e67bc] smp_init+0x30/0x78
+ [ 2.295698] [c1051ed8] [c07d9e28] kernel_init_freeable+0x118/0x2a8
+ [ 2.369641] [c1051f18] [c00032d8] kernel_init+0x14/0x124
+ [ 2.433176] [c1051f38] [c0010278] ret_from_kernel_thread+0x14/0x1c
+
+Fixes: c45361abb9185b ("powerpc/85xx: fix timebase sync issue when
+ CONFIG_HOTPLUG_CPU=n")
+Link: https://lore.kernel.org/lkml/CANA18Uyba4kMJQrbCSZVTFep2Exe5izE45whNJgwwUvNSEcNLg@mail.gmail.com/
+Reported-by: Martin Kennedy <hurricos@gmail.com>
+Signed-off-by: Xiaoming Ni <nixiaoming@huawei.com>
+Tested-by: Martin Kennedy <hurricos@gmail.com>
+Cc: stable@vger.kernel.org
+--- a/arch/powerpc/platforms/85xx/smp.c
++++ b/arch/powerpc/platforms/85xx/smp.c
+@@ -220,7 +220,7 @@ static int smp_85xx_start_cpu(int cpu)
+ local_irq_save(flags);
+ hard_irq_disable();
+
+- if (qoriq_pm_ops)
++ if (qoriq_pm_ops && qoriq_pm_ops->cpu_up_prepare)
+ qoriq_pm_ops->cpu_up_prepare(cpu);
+
+ /* if cpu is not spinning, reset it */
+@@ -292,7 +292,7 @@ static int smp_85xx_kick_cpu(int nr)
+ booting_thread_hwid = cpu_thread_in_core(nr);
+ primary = cpu_first_thread_sibling(nr);
+
+- if (qoriq_pm_ops)
++ if (qoriq_pm_ops && qoriq_pm_ops->cpu_up_prepare)
+ qoriq_pm_ops->cpu_up_prepare(nr);
+
+ /*