Re: [PATCH] x86: General protection fault after STR (32 bit systems only)

[Ingo Molnar <mingo@kernel.org>]

* Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com> wrote:

> On Fri, 2015-06-12 at 11:11 -0700, Andy Lutomirski wrote:
> > On Fri, Jun 12, 2015 at 8:48 AM, Brian Gerst <brgerst@gmail.com> wrote:
> > > On Fri, Jun 12, 2015 at 4:36 AM, Ingo Molnar <mingo@kernel.org> wrote:
> > >>
> > >> * H. Peter Anvin <hpa@zytor.com> wrote:
> > >>
> > >>> %es is used implicitly by string instructions.
> > >>
> > >> Ok, so we are probably better off reloading ES as well early, right
> > >> when we return from the firmware, just in case something does
> > >> a copy before we hit the ES restore in restore_processor_state(),
> > >> which is a generic C function?
> > >>
> > >> Something like the patch below?
> > >>
> > >> I also added FS/GS/SS reloading to make it complete. If this (or a variant
> > >> thereof, it's still totally untested) works then we can remove the segment
> > >> save/restore layer in __save/restore_processor_state().
> > >>
> > >> Thanks,
> > >>
> > >>         Ingo
> > >>
> > >> ===========>
> > >>  arch/x86/kernel/acpi/wakeup_32.S | 13 +++++++++++++
> > >>  1 file changed, 13 insertions(+)
> > >>
> > >> diff --git a/arch/x86/kernel/acpi/wakeup_32.S b/arch/x86/kernel/acpi/wakeup_32.S
> > >> index 665c6b7d2ea9..1376a7fc21b7 100644
> > >> --- a/arch/x86/kernel/acpi/wakeup_32.S
> > >> +++ b/arch/x86/kernel/acpi/wakeup_32.S
> > >> @@ -61,6 +61,19 @@ ENTRY(wakeup_pmode_return)
> > >>
> > >>
> > >>  restore_registers:
> > >> +       /*
> > >> +        * In case the BIOS corrupted our segment descriptors,
> > >> +        * reload them to clear out any shadow descriptor
> > >> +        * state:
> > >> +        */
> > >> +       movl    $__USER_DS, %eax
> > >> +       movl    %eax, %ds
> > >> +       movl    %eax, %es
> > >> +       movl    %eax, %fs
> > >> +       movl    %eax, %gs
> > >> +       movl    $__KERNEL_DS, %eax
> > >> +       movl    %eax, %ss
> > >> +
> > >>         movl    saved_context_ebp, %ebp
> > >>         movl    saved_context_ebx, %ebx
> > >>         movl    saved_context_esi, %esi
> > >
> > > If you follow the convoluted flow of the calls in this file,
> > > wakeup_pmode_return is the first thing called from the trampoline on
> > > resume, and that loads the data segments with __KERNEL_DS.  The better
> > > fix would be to set ds/es to __USER_DS there.  Also since we are in
> > > the kernel, fs is fixed at __KERNEL_PERCPU, and gs is either
> > > __KERNEL_STACK_CANARY or user's gs.
> > 
> > So why is this issue rare?  Is it just that the first entry to
> > userspace after resume is only very rarely via SYSEXIT?  Or is there
> > some other code path that usually, but not quite always, fixes up the
> > segment registers?
>
> We spent a quite a bit of time debugging this. Any small debug code or printk 
> causes problem to disappear. We noticed that we can reproduce this more 
> frequently when the we run just one user space application to just do 
> suspend/resume test, which supports yours theory.

So what happens if you add a couple of CPUID (or NOP) calls? If it's timing 
related, not segment register related, then that might 'fix' the bug too.

Which would suggest that it might be some hardware problem, or a race with 
something (which could not really be on the Linux side, as we are the only thread 
of execution at this point)?

Thanks,

	Ingo