Re: -tip tree resume fail, bisect to 5bd5a45(x86: Add NX protection for kernel data)

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: matthieu castet <castet.matthieu@free.fr>
To: Lin Ming <ming.m.lin@intel.com>
Cc: Peter Zijlstra <peterz@infradead.org>,
	Andi Kleen <andi@firstfloor.org>,
	Siarhei Liakh <sliakh.lkml@gmail.com>,
	Xuxian Jiang <jiang@cs.ncsu.edu>, Ingo Molnar <mingo@elte.hu>,
	Arjan van de Ven <arjan@infradead.org>,
	lkml <linux-kernel@vger.kernel.org>, tglx <tglx@linutronix.de>
Subject: Re: -tip tree resume fail, bisect to 5bd5a45(x86: Add NX protection for kernel data)
Date: Sun, 23 Jan 2011 20:06:30 +0100	[thread overview]
Message-ID: <4D3C7C36.903@free.fr> (raw)
In-Reply-To: <1291162504.2405.216.camel@minggr.sh.intel.com>

[-- Attachment #1: Type: text/plain, Size: 1079 bytes --]

Lin Ming a écrit :
> On Tue, 2010-11-30 at 19:27 +0800, Peter Zijlstra wrote:
>> On Tue, 2010-11-30 at 13:00 +0800, Lin Ming wrote:
>>> echo 0 > /sys/devices/system/cpu/cpu1/online;
>>> echo 1 > /sys/devices/system/cpu/cpu1/online;
>>>
>>> then machine just reboots...
>>>
I tried to do the same thing on qemu, and the same behavior happened (ie reboot when resuming cpu1).

After enabling qemu log, I found that a triple fault was happening at the beginning of secondary_startup_64
when doing "addq phys_base(%rip), %rax".

Why ?
I suppose because we access data set to NX, but we don't have enabled yet NX in the msr. So the cpu crash due 
to "reserved bit check".

If we enable NX before reading data, there is no more crash (patch attached).

Now I am not sure this is the correct fix. I think the problem is that trampoline using kernel page table
is very dangerous. The kernel can have modified them atfer booting !
May be all the paging stuff should have been done in head_64.S. A first one with identity mapping, and the second one for
the real kernel stuff.


Matthieu

[-- Attachment #2: diff --]
[-- Type: text/plain, Size: 1065 bytes --]

diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
index 239046b..9f32295 100644
--- a/arch/x86/kernel/head_64.S
+++ b/arch/x86/kernel/head_64.S
@@ -165,16 +165,6 @@ ENTRY(secondary_startup_64)
 	movl	$(X86_CR4_PAE | X86_CR4_PGE), %eax
 	movq	%rax, %cr4
 
-	/* Setup early boot stage 4 level pagetables. */
-	movq	$(init_level4_pgt - __START_KERNEL_map), %rax
-	addq	phys_base(%rip), %rax
-	movq	%rax, %cr3
-
-	/* Ensure I am executing from virtual addresses */
-	movq	$1f, %rax
-	jmp	*%rax
-1:
-
 	/* Check if nx is implemented */
 	movl	$0x80000001, %eax
 	cpuid
@@ -189,6 +179,17 @@ ENTRY(secondary_startup_64)
 	btsl	$_EFER_NX, %eax
 1:	wrmsr				/* Make changes effective */
 
+	/* Setup early boot stage 4 level pagetables. */
+	movq	$(init_level4_pgt - __START_KERNEL_map), %rax
+	addq	phys_base(%rip), %rax
+	movq	%rax, %cr3
+
+	/* Ensure I am executing from virtual addresses */
+	movq	$1f, %rax
+	jmp	*%rax
+1:
+
+
 	/* Setup cr0 */
 #define CR0_STATE	(X86_CR0_PE | X86_CR0_MP | X86_CR0_ET | \
 			 X86_CR0_NE | X86_CR0_WP | X86_CR0_AM | \

next prev parent reply	other threads:[~2011-01-23 19:06 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-11-22  7:23 -tip tree resume fail, bisect to 5bd5a45(x86: Add NX protection for kernel data) Lin Ming
2010-11-22  8:07 ` Ingo Molnar
2010-11-22  9:20   ` Andi Kleen
2010-11-22 10:29     ` castet.matthieu
2010-11-22 10:47       ` Andi Kleen
2010-11-22 13:03 ` Peter Zijlstra
2010-11-22 16:29   ` castet.matthieu
2010-11-22 16:35     ` Peter Zijlstra
2010-11-22 16:42       ` Andi Kleen
2010-11-23 22:55         ` mat
2010-11-26 17:31           ` mat
2010-11-26 23:39             ` Lin Ming
2010-11-30  5:00             ` Lin Ming
2010-11-30 11:27               ` Peter Zijlstra
2010-12-01  0:15                 ` Lin Ming
2011-01-23 19:06                   ` matthieu castet [this message]
2011-01-24 22:22                     ` matthieu castet
2011-01-25 12:36                       ` Lin Ming
2011-03-09 23:16                       ` matthieu castet
2011-03-10  2:39                         ` Lin Ming
2010-12-24 17:26               ` matthieu castet
2010-12-27  2:10                 ` Lin Ming
2011-01-05 18:58                   ` matthieu castet
2010-11-22 13:42 ` [tip:x86/security] x86: Resume trampoline must be executable tip-bot for Lin Ming

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:239046b dfblob:9f32295 )
 OR (
bs:"Re: -tip tree resume fail, bisect to 5bd5a45(x86: Add NX protection for kernel data)" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4D3C7C36.903@free.fr \
    --to=castet.matthieu@free.fr \
    --cc=andi@firstfloor.org \
    --cc=arjan@infradead.org \
    --cc=jiang@cs.ncsu.edu \
    --cc=linux-kernel@vger.kernel.org \
    --cc=ming.m.lin@intel.com \
    --cc=mingo@elte.hu \
    --cc=peterz@infradead.org \
    --cc=sliakh.lkml@gmail.com \
    --cc=tglx@linutronix.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox