On Fri, Mar 09, 2018 at 11:43:00AM +0800, Li Wang wrote: > On Fri, Mar 9, 2018 at 12:45 AM, Ram Pai <[1]linuxram@xxxxxxxxxx> wrote: > > On Thu, Mar 08, 2018 at 11:19:12PM +1100, Michael Ellerman wrote: > > Li Wang <[2]liwang@xxxxxxxxxx> writes: > > > Hi, > > > > > > ltp/mprotect04[1] crashed by SEGV_PKUERR on ppc64(LPAR on P730, > Power 8 > > > 8247-22L) with kernel-v4.16.0-rc4. > > > > > > 10000000-10020000 r-xp 00000000 fd:00 167223 mprotect04 > > > 10020000-10030000 r--p 00010000 fd:00 167223 mprotect04 > > > 10030000-10040000 rw-p 00020000 fd:00 167223 mprotect04 > > > 1001a380000-1001a3b0000 rw-p 00000000 00:00 0 [heap] > > > 7fffa6c60000-7fffa6c80000 --xp 00000000 00:00 0 > > > > > > &exec_func = 0x10030170 > > > > > > &func = 0x7fffa6c60170 > > > > > > While perform > > > "(*func)();" we get the > > > segmentation fault. > > > > > > > > > strace log: > > > > > > ------------------- > > > mprotect(0x7fffaed00000, 131072, PROT_EXEC) = 0 > > > rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0 > > > --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_PKUERR, > si_addr=0x7fffaed00170} > > > --- > > > > Looks like a bug to me. > > > > Please Cc linuxppc-dev on powerpc bugs. > > > > I also can't reproduce this failure on my machine. > > Not sure what's going on? > > I could reproduce it on a power7 lpar. But not on a power8 lpar. > >> The problem seems to be that the cpu generates a key exception if >> the page with Read/Write-disable-but-execute-enable key is executed >> on power7. If I enable read on that key, the exception disappears. >> > After adding read permission on that key, reproducer get PASS on my power8 > machine too. > (mprotect(..,PROT_READ | PROT_EXEC)) I enabled READ permission on the key by resetting the bit in the AMR register. And that healed the problem. So the point is something is erroneously triggering the MMU to generate a key-exception if the READ permission on the key is disabled. > > > BTW: the testcase executes > mprotect(..,PROT_EXEC). > The mprotect(, PROT_EXEC) system call internally generates a > execute-only key and associates it with the pages in the address-range. > > Now since Li Wang claims that he can reproduce it on power8 as well, i > am wondering if the slightly different cpu behavior is dependent on the > version of the firmware/microcode? > > I also run this reproducer on series ppc kvm machines, but none of them > get the FAIL. on ppc kvm virtual-machines the pkey subsystem is not entirely enabled yet. Though the kernel code exists it does not get enabled, since the feature is not yet exported in the device-tree by qemu. > If you need some more HW info, pls let me know. Will do thanks. RP