tpm: fix lpar crash when running on kexec with VTPM2.0 enabled [P10]

BUGZILLA

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2032117

UPSTREAM STATUS

Upstream Status: Patch has been accepted on kernel/git/powerpc/linux.git

CONFLICTS

None

BUILD INFORMATION

Build Info: http://brewweb.engineering.redhat.com/brew/taskinfo?taskID=43095248

TESTING

The following Kernel Oops was not observed when running kexec on a patched kernel:

[root@ltcden13-lp3 ~]# kexec -l /boot/vmlinuz-5.14.0-49.el9.ppc64le --initrd /boot/initramfs-5.14.0-49.el9.ppc64le.img --append="`cat /proc/cmdline`"
Modified cmdline:BOOT_IMAGE=(ieee1275//vdevice/v-scsi@30000067/disk@8100000000000000,msdos2)/vmlinuz-5.14.0-49.el9.ppc64le root=/dev/mapper/rhel_ltcden13--lp3-root ro crashkernel=2G-4G:384M,4G-16G:512M,16G-64G:1G,64G-128G:2G,128G-102400T:4G rd.lvm.lv=rhel_ltcden13-lp3/root rd.lvm.lv=rhel_ltcden13-lp3/swap biosdevname=0
[root@ltcden13-lp3 ~]# kexec -e
[   85.255522] Removing IBM Power 842 compression device
[   87.868215] Core dump to |/usr/lib/systemd/systemd-coredump pipe failed
[   89.227325] Kernel attempted to read user page (60) - exploit attempt? (uid: 0)
[   89.227336] BUG: Kernel NULL pointer dereference on read at 0x00000060
[   89.227339] Faulting instruction address: 0xc00000000094ea90
[   89.227343] Oops: Kernel access of bad area, sig: 11 [#1]
[   89.227346] LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries
[   89.227351] Modules linked in: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 rfkill bonding tls ip_set nf_tables nfnetlink pseries_rng dax_pmem_compat device_dax dax_pmem_core drm drm_panel_orientation_quirks xfs libcrc32c sd_mod t10_pi sg nd_pmem nd_btt ibmvscsi ibmveth scsi_transport_srp papr_scm libnvdimm vmx_crypto dm_mirror dm_region_hash dm_log dm_mod fuse
[   89.227389] CPU: 1 PID: 1534 Comm: kexec Kdump: loaded Not tainted 5.14.0-49.el9.ppc64le #1
[   89.227395] NIP:  c00000000094ea90 LR: c00000000094ef08 CTR: c00000000054d740
[   89.227398] REGS: c000000099693720 TRAP: 0300   Not tainted  (5.14.0-49.el9.ppc64le)
[   89.227402] MSR:  800000000280b033 <SF,VEC,VSX,EE,FP,ME,IR,DR,RI,LE>  CR: 48288228  XER: 00000001
[   89.227411] CFAR: c00000000094ef04 DAR: 0000000000000060 DSISR: 40000000 IRQMASK: 0
[   89.227411] GPR00: c00000000094ef08 c0000000996939c0 c000000002a46b00 c0000007e4609000
[   89.227411] GPR04: c00000000081c7c0 c0000007e246ab40 0000000000000000 c00000009b3d7e80
[   89.227411] GPR08: 0000000000000000 0000000000000000 0000000000000001 0000000000008000
[   89.227411] GPR12: c00000000295a5f8 c0000007dffff300 0000000111d2f5c8 0000000000000000
[   89.227411] GPR16: ffffffffffffffff 0000000000000000 0000000111d0f728 0000000000000000
[   89.227411] GPR20: 0000000000008913 0000000000008914 00000001261f0f70 0000000000000003
[   89.227411] GPR24: 0000000000100000 0000000000000000 0000000000000000 c000000002da38a8
[   89.227411] GPR28: c000001784268c48 c0000007e4609720 c00000000295a5d8 c0000007e4609000
[   89.227447] NIP [c00000000094ea90] tpm_chip_start+0x30/0x140
[   89.227455] LR [c00000000094ef08] tpm_chip_unregister+0x188/0x1e0
[   89.227458] Call Trace:
[   89.227460] [c0000000996939c0] [c000000000e9ac98] down_write+0x28/0x90 (unreliable)
[   89.227467] [c0000000996939f0] [c00000000094ef08] tpm_chip_unregister+0x188/0x1e0
[   89.227471] [c000000099693a30] [c00000000095d6d4] tpm_ibmvtpm_remove+0x34/0x130
[   89.227474] [c000000099693aa0] [c000000000112698] vio_bus_remove+0x58/0xe0
[   89.227479] [c000000099693ae0] [c000000000976748] device_shutdown+0x1d8/0x3a8
[   89.227483] [c000000099693b80] [c00000000019a554] kernel_restart_prepare+0x54/0x70
[   89.227487] [c000000099693ba0] [c00000000027d5f4] kernel_kexec+0xa4/0xf0
[   89.227491] [c000000099693c10] [c00000000019ad54] __do_sys_reboot+0x2e4/0x340
[   89.227495] [c000000099693db0] [c000000000030880] system_call_exception+0x160/0x300
[   89.227499] [c000000099693e10] [c00000000000c168] system_call_vectored_common+0xe8/0x278
[   89.227503] --- interrupt: 3000 at 0x7fff80363718
[   89.227506] NIP:  00007fff80363718 LR: 0000000000000000 CTR: 0000000000000000
[   89.227509] REGS: c000000099693e80 TRAP: 3000   Not tainted  (5.14.0-49.el9.ppc64le)
[   89.227511] MSR:  800000000280f033 <SF,VEC,VSX,EE,PR,FP,ME,IR,DR,RI,LE>  CR: 42222884  XER: 00000000
[   89.227520] IRQMASK: 0
[   89.227520] GPR00: 0000000000000058 00007fffe8823230 00007fff80467100 fffffffffee1dead
[   89.227520] GPR04: 0000000028121969 0000000045584543 0000000000000000 0000000000000003
[   89.227520] GPR08: 0000000000100000 0000000000000000 0000000000000000 0000000000000000
[   89.227520] GPR12: 0000000000000000 00007fff805bb190 0000000111d2f5c8 0000000000000000
[   89.227520] GPR16: ffffffffffffffff 0000000000000000 0000000111d0f728 0000000000000000
[   89.227520] GPR20: 0000000000008913 0000000000008914 00000001261f0f70 0000000000000003
[   89.227520] GPR24: 0000000000000000 0000000000000001 0000000000000003 00007fffe88233b0
[   89.227520] GPR28: 0000000111d09988 00007fff804618c0 00000001261f0fd0 00000001261f0f90
[   89.227552] NIP [00007fff80363718] 0x7fff80363718
[   89.227555] LR [0000000000000000] 0x0
[   89.227556] --- interrupt: 3000
[   89.227558] Instruction dump:
[   89.227560] 3c4c0210 384280a0 7c0802a6 60000000 7c0802a6 fbe1fff8 fbc1fff0 7c7f1b78
[   89.227566] f8010010 f821ffd1 f8410018 e9230748 <e9890060> 2c2c0000 41820018 7d8903a6
[   89.227574] ---[ end trace 4a696310099a61d7 ]---
[   89.229620]
[   90.229624] Kernel panic - not syncing: Fatal exception
[   90.236505] ------------[ cut here ]------------

DESCRIPTION

PowerVM lpars are hiting a Kernel Oops by executing kexec if VTPM2.0 is enabled on the system. This Oops was being triggered due to a NULL dereference of the chip-ops pointer on tpm_del_char_device(). The fix checks if the pointer is still valid to avoid dereferencing it to NULL twice.

Signed-off-by: Desnes A. Nunes do Rosario drosario@redhat.com