From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
To: Joerg Roedel <joerg.roedel@amd.com>
Cc: Greg KH <greg@kroah.com>, Borislav Petkov <bp@amd64.org>,
linux-kernel@vger.kernel.org, stable@kernel.org,
Borislav Petkov <borislav.petkov@amd.com>,
"H. Peter Anvin" <hpa@zytor.com>
Subject: Re: [PATCH 1/3] x86-32: Separate 1:1 pagetables from swapper_pg_dir
Date: Tue, 18 Jan 2011 19:39:08 -0500 [thread overview]
Message-ID: <20110119003908.GB7609@dumpdata.com> (raw)
In-Reply-To: <1289483775-17632-2-git-send-email-joerg.roedel@amd.com>
On Thu, Nov 11, 2010 at 02:56:13PM +0100, Joerg Roedel wrote:
> This patch fixes machine crashes which occur when heavily exercising the
> CPU hotplug codepaths on a 32-bit kernel. These crashes are caused by
> AMD Erratum 383 and result in a fatal machine check exception. Here's
> the scenario:
>
> 1. On 32-bit, the swapper_pg_dir page table is used as the initial page
> table for booting a secondary CPU.
>
> 2. To make this work, swapper_pg_dir needs a direct mapping of physical
> memory in it (the low mappings). By adding those low, large page (2M)
> mappings (PAE kernel), we create the necessary conditions for Erratum
> 383 to occur.
>
> 3. Other CPUs which do not participate in the off- and onlining game may
> use swapper_pg_dir while the low mappings are present (when leave_mm is
> called). For all steps below, the CPU referred to is a CPU that is using
> swapper_pg_dir, and not the CPU which is being onlined.
>
> 4. The presence of the low mappings in swapper_pg_dir can result
> in TLB entries for addresses below __PAGE_OFFSET to be established
> speculatively. These TLB entries are marked global and large.
>
> 5. When the CPU with such TLB entry switches to another page table, this
> TLB entry remains because it is global.
>
> 6. The process then generates an access to an address covered by the
> above TLB entry but there is a permission mismatch - the TLB entry
> covers a large global page not accessible to userspace.
>
> 7. Due to this permission mismatch a new 4kb, user TLB entry gets
> established. Further, Erratum 383 provides for a small window of time
> where both TLB entries are present. This results in an uncorrectable
> machine check exception signalling a TLB multimatch which panics the
> machine.
>
> There are two ways to fix this issue:
>
> 1. Always do a global TLB flush when a new cr3 is loaded and the
> old page table was swapper_pg_dir. I consider this a hack hard
> to understand and with performance implications
>
> 2. Do not use swapper_pg_dir to boot secondary CPUs like 64-bit
> does.
>
> This patch implements solution 2. It introduces a trampoline_pg_dir
> which has the same layout as swapper_pg_dir with low_mappings. This page
> table is used as the initial page table of the booting CPU. Later in the
> bringup process, it switches to swapper_pg_dir and does a global TLB
> flush. This fixes the crashes in our test cases.
>
> -v2: switch to swapper_pg_dir right after entering start_secondary() so
> that we are able to access percpu data which might not be mapped in the
> trampoline page table.
You also might want to look at the regression this patch caused when it
was introduced. Mainly this fix:
805e3f495057aa5307ad4e3d6dc7073d4733c691
next prev parent reply other threads:[~2011-01-19 0:41 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-09-24 11:52 Erratum 383 fix for 32 bit x86 kernels Joerg Roedel
2010-09-24 11:58 ` Joerg Roedel
2010-09-24 13:47 ` Greg KH
2010-09-24 13:53 ` Roedel, Joerg
2010-09-24 16:02 ` Greg KH
2010-09-24 16:24 ` Borislav Petkov
2010-09-24 16:29 ` Greg KH
2010-10-22 16:18 ` Greg KH
2010-10-22 16:20 ` Greg KH
2010-10-23 8:26 ` Borislav Petkov
2010-11-11 13:56 ` [PATCH 0/3] " Joerg Roedel
2010-11-11 13:56 ` [PATCH 1/3] x86-32: Separate 1:1 pagetables from swapper_pg_dir Joerg Roedel
2011-01-19 0:39 ` Konrad Rzeszutek Wilk [this message]
2011-01-19 7:19 ` Borislav Petkov
2011-01-19 15:52 ` Konrad Rzeszutek Wilk
2010-11-11 13:56 ` [PATCH 2/3] x86, mm: Fix CONFIG_VMSPLIT_1G and 2G_OPT trampoline Joerg Roedel
2010-11-11 14:11 ` Greg KH
2010-11-11 14:13 ` Greg KH
2010-11-11 14:17 ` Roedel, Joerg
2010-11-11 15:16 ` [PATCH 0/3] Erratum 383 fix for 32 bit x86 kernels Joerg Roedel
2010-11-11 15:16 ` [PATCH 1/3] x86-32: Separate 1:1 pagetables from swapper_pg_dir Joerg Roedel
2010-12-07 21:05 ` Greg KH
2010-12-08 3:06 ` Jeremy Fitzhardinge
2010-12-08 4:15 ` Greg KH
2010-12-08 9:34 ` Ian Campbell
2010-12-08 11:58 ` Borislav Petkov
2010-12-08 15:21 ` Jeremy Fitzhardinge
2010-11-11 15:16 ` [PATCH 2/3] x86, mm: Fix CONFIG_VMSPLIT_1G and 2G_OPT trampoline Joerg Roedel
2010-12-07 21:06 ` [stable] " Greg KH
2010-11-11 15:16 ` [PATCH 3/3] x86-32: Fix dummy trampoline-related inline stubs Joerg Roedel
2010-12-07 21:07 ` Greg KH
2010-11-11 13:56 ` Joerg Roedel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110119003908.GB7609@dumpdata.com \
--to=konrad.wilk@oracle.com \
--cc=borislav.petkov@amd.com \
--cc=bp@amd64.org \
--cc=greg@kroah.com \
--cc=hpa@zytor.com \
--cc=joerg.roedel@amd.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox