| From af55b50e084ca8f153aef9587f63255735014d31 Mon Sep 17 00:00:00 2001 |
| From: Nicholas Piggin <npiggin@gmail.com> |
| Date: Fri, 17 Mar 2017 15:13:20 +1000 |
| Subject: [PATCH] powerpc/64s: Fix idle wakeup potential to clobber registers |
| |
| commit 6d98ce0be541d4a3cfbb52cd75072c0339ebb500 upstream. |
| |
| We concluded there may be a window where the idle wakeup code could get |
| to pnv_wakeup_tb_loss() (which clobbers non-volatile GPRs), but the |
| hardware may set SRR1[46:47] to 01b (no state loss) which would result |
| in the wakeup code failing to restore non-volatile GPRs. |
| |
| I was not able to trigger this condition with trivial tests on real |
| hardware or simulator, but the ISA (at least 2.07) seems to allow for |
| it, and Gautham says that it can happen if there is an exception pending |
| when the sleep/winkle instruction is executed. |
| |
| Fixes: 1706567117ba ("powerpc/kvm: make hypervisor state restore a function") |
| Cc: stable@vger.kernel.org # v4.8+ |
| Signed-off-by: Nicholas Piggin <npiggin@gmail.com> |
| Acked-by: Gautham R. Shenoy <ego@linux.vnet.ibm.com> |
| Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> |
| Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> |
| |
| diff --git a/arch/powerpc/kernel/idle_book3s.S b/arch/powerpc/kernel/idle_book3s.S |
| index 72dac0b58061..b350ac5e3111 100644 |
| --- a/arch/powerpc/kernel/idle_book3s.S |
| +++ b/arch/powerpc/kernel/idle_book3s.S |
| @@ -439,9 +439,23 @@ END_FTR_SECTION_IFSET(CPU_FTR_ARCH_300) |
| _GLOBAL(pnv_wakeup_tb_loss) |
| ld r1,PACAR1(r13) |
| /* |
| - * Before entering any idle state, the NVGPRs are saved in the stack |
| - * and they are restored before switching to the process context. Hence |
| - * until they are restored, they are free to be used. |
| + * Before entering any idle state, the NVGPRs are saved in the stack. |
| + * If there was a state loss, or PACA_NAPSTATELOST was set, then the |
| + * NVGPRs are restored. If we are here, it is likely that state is lost, |
| + * but not guaranteed -- neither ISA207 nor ISA300 tests to reach |
| + * here are the same as the test to restore NVGPRS: |
| + * PACA_THREAD_IDLE_STATE test for ISA207, PSSCR test for ISA300, |
| + * and SRR1 test for restoring NVGPRs. |
| + * |
| + * We are about to clobber NVGPRs now, so set NAPSTATELOST to |
| + * guarantee they will always be restored. This might be tightened |
| + * with careful reading of specs (particularly for ISA300) but this |
| + * is already a slow wakeup path and it's simpler to be safe. |
| + */ |
| + li r0,1 |
| + stb r0,PACA_NAPSTATELOST(r13) |
| + |
| + /* |
| * |
| * Save SRR1 and LR in NVGPRs as they might be clobbered in |
| * opal_call() (called in CHECK_HMI_INTERRUPT). SRR1 is required |
| -- |
| 2.12.0 |
| |