From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
To: Joerg Roedel <joerg.roedel@amd.com>
Cc: Greg KH <greg@kroah.com>, Borislav Petkov <bp@amd64.org>,
linux-kernel@vger.kernel.org, stable@kernel.org,
Borislav Petkov <borislav.petkov@amd.com>,
"H. Peter Anvin" <hpa@zytor.com>
Subject: Re: [PATCH 1/3] x86-32: Separate 1:1 pagetables from swapper_pg_dir
Date: Tue, 18 Jan 2011 19:39:08 -0500 [thread overview]
Message-ID: <20110119003908.GB7609@dumpdata.com> (raw)
In-Reply-To: <1289483775-17632-2-git-send-email-joerg.roedel@amd.com>
On Thu, Nov 11, 2010 at 02:56:13PM +0100, Joerg Roedel wrote:
> This patch fixes machine crashes which occur when heavily exercising the
> CPU hotplug codepaths on a 32-bit kernel. These crashes are caused by
> AMD Erratum 383 and result in a fatal machine check exception. Here's
> the scenario:
>
> 1. On 32-bit, the swapper_pg_dir page table is used as the initial page
> table for booting a secondary CPU.
>
> 2. To make this work, swapper_pg_dir needs a direct mapping of physical
> memory in it (the low mappings). By adding those low, large page (2M)
> mappings (PAE kernel), we create the necessary conditions for Erratum
> 383 to occur.
>
> 3. Other CPUs which do not participate in the off- and onlining game may
> use swapper_pg_dir while the low mappings are present (when leave_mm is
> called). For all steps below, the CPU referred to is a CPU that is using
> swapper_pg_dir, and not the CPU which is being onlined.
>
> 4. The presence of the low mappings in swapper_pg_dir can result
> in TLB entries for addresses below __PAGE_OFFSET to be established
> speculatively. These TLB entries are marked global and large.
>
> 5. When the CPU with such TLB entry switches to another page table, this
> TLB entry remains because it is global.
>
> 6. The process then generates an access to an address covered by the
> above TLB entry but there is a permission mismatch - the TLB entry
> covers a large global page not accessible to userspace.
>
> 7. Due to this permission mismatch a new 4kb, user TLB entry gets
> established. Further, Erratum 383 provides for a small window of time
> where both TLB entries are present. This results in an uncorrectable
> machine check exception signalling a TLB multimatch which panics the
> machine.
>
> There are two ways to fix this issue:
>
> 1. Always do a global TLB flush when a new cr3 is loaded and the
> old page table was swapper_pg_dir. I consider this a hack hard
> to understand and with performance implications
>
> 2. Do not use swapper_pg_dir to boot secondary CPUs like 64-bit
> does.
>
> This patch implements solution 2. It introduces a trampoline_pg_dir
> which has the same layout as swapper_pg_dir with low_mappings. This page
> table is used as the initial page table of the booting CPU. Later in the
> bringup process, it switches to swapper_pg_dir and does a global TLB
> flush. This fixes the crashes in our test cases.
>
> -v2: switch to swapper_pg_dir right after entering start_secondary() so
> that we are able to access percpu data which might not be mapped in the
> trampoline page table.
You also might want to look at the regression this patch caused when it
was introduced. Mainly this fix:
805e3f495057aa5307ad4e3d6dc7073d4733c691
next prev parent reply other threads:[~2011-01-19 0:41 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-09-24 11:52 Erratum 383 fix for 32 bit x86 kernels Joerg Roedel
2010-09-24 11:58 ` Joerg Roedel
2010-09-24 13:47 ` Greg KH
2010-09-24 13:53 ` Roedel, Joerg
2010-09-24 16:02 ` Greg KH
2010-09-24 16:24 ` Borislav Petkov
2010-09-24 16:29 ` Greg KH
2010-10-22 16:18 ` Greg KH
2010-10-22 16:20 ` Greg KH
2010-10-23 8:26 ` Borislav Petkov
2010-11-11 13:56 ` [PATCH 0/3] " Joerg Roedel
2010-11-11 13:56 ` [PATCH 1/3] x86-32: Separate 1:1 pagetables from swapper_pg_dir Joerg Roedel
2011-01-19 0:39 ` Konrad Rzeszutek Wilk [this message]
2011-01-19 7:19 ` Borislav Petkov
2011-01-19 15:52 ` Konrad Rzeszutek Wilk
2010-11-11 13:56 ` [PATCH 2/3] x86, mm: Fix CONFIG_VMSPLIT_1G and 2G_OPT trampoline Joerg Roedel
2010-11-11 14:11 ` Greg KH
2010-11-11 14:13 ` Greg KH
2010-11-11 14:17 ` Roedel, Joerg
2010-11-11 15:16 ` [PATCH 0/3] Erratum 383 fix for 32 bit x86 kernels Joerg Roedel
2010-11-11 15:16 ` [PATCH 1/3] x86-32: Separate 1:1 pagetables from swapper_pg_dir Joerg Roedel
2010-12-07 21:05 ` Greg KH
2010-12-08 3:06 ` Jeremy Fitzhardinge
2010-12-08 4:15 ` Greg KH
2010-12-08 9:34 ` Ian Campbell
2010-12-08 11:58 ` Borislav Petkov
2010-12-08 15:21 ` Jeremy Fitzhardinge
2010-11-11 15:16 ` [PATCH 2/3] x86, mm: Fix CONFIG_VMSPLIT_1G and 2G_OPT trampoline Joerg Roedel
2010-12-07 21:06 ` [stable] " Greg KH
2010-11-11 15:16 ` [PATCH 3/3] x86-32: Fix dummy trampoline-related inline stubs Joerg Roedel
2010-12-07 21:07 ` Greg KH
2010-11-11 13:56 ` Joerg Roedel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110119003908.GB7609@dumpdata.com \
--to=konrad.wilk@oracle.com \
--cc=borislav.petkov@amd.com \
--cc=bp@amd64.org \
--cc=greg@kroah.com \
--cc=hpa@zytor.com \
--cc=joerg.roedel@amd.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.