From: Toshi Kani <toshi.kani@hpe.com>
To: mingo@kernel.org, bp@suse.de, hpa@zytor.com, tglx@linutronix.de
Cc: jgross@suse.com, Toshi Kani <toshi.kani@hpe.com>,
mcgrof@suse.com, x86@kernel.org, linux-kernel@vger.kernel.org,
paul.gortmaker@windriver.com, xen-devel@lists.xenproject.org,
elliott@hpe.com
Subject: [PATCH v3 4/6] x86/mtrr: Fix Xorg crashes in Qemu sessions
Date: Wed, 23 Mar 2016 15:42:00 -0600 [thread overview]
Message-ID: <1458769323-24491-5-git-send-email-toshi.kani@hpe.com> (raw)
In-Reply-To: <1458769323-24491-1-git-send-email-toshi.kani@hpe.com>
A Xorg failure on qemu32 was reported as a regression [1] caused by
'commit 9cd25aac1f44 ("x86/mm/pat: Emulate PAT when it is disabled")'.
This patch fixes this regression.
Negative effects of this regression were the following two failures [2]
in Xorg on QEMU with QEMU CPU model "qemu32" (-cpu qemu32), which were
triggered by the fact that its virtual CPU does not support MTRRs.
#1. copy_process() failed in the check in reserve_pfn_range()
copy_process
copy_mm
dup_mm
dup_mmap
copy_page_range
track_pfn_copy
reserve_pfn_range
A WC map request was tracked as WC in memtype, which set a PTE as
UC (pgprot) per __cachemode2pte_tbl[]. This led to this error in
reserve_pfn_range() called from track_pfn_copy(), which obtained
a pgprot from a PTE. It converts pgprot to page_cache_mode, which
does not necessarily result in the original page_cache_mode since
__cachemode2pte_tbl[] redirects multiple types to UC.
#2. error path in copy_process() then hit WARN_ON_ONCE in
untrack_pfn().
x86/PAT: Xorg:509 map pfn expected mapping type uncached-
minus for [mem 0xfd000000-0xfdffffff], got write-combining
Call Trace:
dump_stack
warn_slowpath_common
? untrack_pfn
? untrack_pfn
warn_slowpath_null
untrack_pfn
? __kunmap_atomic
unmap_single_vma
? pagevec_move_tail_fn
unmap_vmas
exit_mmap
mmput
copy_process.part.47
_do_fork
SyS_clone
do_syscall_32_irqs_on
entry_INT80_32
These negative effects are caused by two separate bugs, but they
can be addressed in separate patches. Fixing the pat_init() issue
described below addresses the root cause, and avoids Xorg to hit
these cases.
When the CPU does not support MTRRs, MTRR does not call pat_init(),
which leaves PAT enabled without initializing PAT. This pat_init()
issue is a long-standing issue, but manifested as issue #1 (and then
hit issue #2) with the above-mentioned commit because the memtype
now tracks cache attribute with 'page_cache_mode'.
This pat_init() issue existed before the commit, but we used pgprot
in memtype. Hence, we did not have issue #1 before. But WC request
resulted in WT in effect because WC pgrot is actually WT when PAT
is not initialized. This is not how it was designed to work. When
PAT is set to disable properly, WC is converted to UC. The use of
WT can result in a system crash if the target range does not support
WT. Fortunately, nobody ran into such issue before.
To fix this pat_init() issue, PAT code has been enhanced to provide
pat_disable() interface. Call this interface when MTRRs are disabled.
By setting PAT to disable properly, PAT bypasses the memtype check,
and avoids issue #1.
[1]: https://lkml.org/lkml/2016/3/3/828
[2]: https://lkml.org/lkml/2016/3/4/775
Signed-off-by: Toshi Kani <toshi.kani@hpe.com>
Cc: Borislav Petkov <bp@suse.de>
Cc: Luis R. Rodriguez <mcgrof@suse.com>
Cc: Juergen Gross <jgross@suse.com>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
---
arch/x86/include/asm/mtrr.h | 6 +++++-
arch/x86/kernel/cpu/mtrr/main.c | 10 +++++++++-
2 files changed, 14 insertions(+), 2 deletions(-)
diff --git a/arch/x86/include/asm/mtrr.h b/arch/x86/include/asm/mtrr.h
index b94f6f6..dbff145 100644
--- a/arch/x86/include/asm/mtrr.h
+++ b/arch/x86/include/asm/mtrr.h
@@ -24,6 +24,7 @@
#define _ASM_X86_MTRR_H
#include <uapi/asm/mtrr.h>
+#include <asm/pat.h>
/*
@@ -83,9 +84,12 @@ static inline int mtrr_trim_uncached_memory(unsigned long end_pfn)
static inline void mtrr_centaur_report_mcr(int mcr, u32 lo, u32 hi)
{
}
+static inline void mtrr_bp_init(void)
+{
+ pat_disable("MTRRs disabled, skipping PAT initialization too.");
+}
#define mtrr_ap_init() do {} while (0)
-#define mtrr_bp_init() do {} while (0)
#define set_mtrr_aps_delayed_init() do {} while (0)
#define mtrr_aps_init() do {} while (0)
#define mtrr_bp_restore() do {} while (0)
diff --git a/arch/x86/kernel/cpu/mtrr/main.c b/arch/x86/kernel/cpu/mtrr/main.c
index 10f8d47..8b1947b 100644
--- a/arch/x86/kernel/cpu/mtrr/main.c
+++ b/arch/x86/kernel/cpu/mtrr/main.c
@@ -759,8 +759,16 @@ void __init mtrr_bp_init(void)
}
}
- if (!mtrr_enabled())
+ if (!mtrr_enabled()) {
pr_info("MTRR: Disabled\n");
+
+ /*
+ * PAT initialization relies on MTRR's rendezvous handler.
+ * Skip PAT init until the handler can initialize both
+ * features independently.
+ */
+ pat_disable("MTRRs disabled, skipping PAT initialization too.");
+ }
}
void mtrr_ap_init(void)
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
next prev parent reply other threads:[~2016-03-23 20:49 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1458769323-24491-1-git-send-email-toshi.kani@hpe.com>
2016-03-23 21:41 ` [PATCH v3 1/7] x86/mm/pat: Add support of non-default PAT MSR setting Toshi Kani
2016-03-23 21:41 ` [PATCH v3 2/7] x86/mm/pat: Add pat_disable() interface Toshi Kani
2016-03-23 21:41 ` [PATCH v3 3/7] x86/mm/pat: Replace cpu_has_pat with boot_cpu_has Toshi Kani
2016-03-23 21:42 ` Toshi Kani [this message]
2016-03-23 21:42 ` [PATCH v3 5/7] x86/mtrr: Fix PAT init handling when MTRR is disabled Toshi Kani
2016-03-23 21:42 ` [PATCH v3 6/7] x86/xen, pat: Remove PAT table init code from Xen Toshi Kani
2016-03-23 21:42 ` [PATCH v3 7/7] x86/pat: Document PAT initialization Toshi Kani
2016-03-29 10:34 ` [PATCH v3 0/7] Enhance PAT init to fix Xorg crashes Ingo Molnar
[not found] ` <20160329103442.GA12645@gmail.com>
2016-03-29 14:19 ` Toshi Kani
[not found] ` <1459261167.6393.668.camel@hpe.com>
2016-03-29 14:46 ` Boris Ostrovsky
[not found] ` <56FA9563.60401@oracle.com>
2016-03-29 15:49 ` Toshi Kani
[not found] ` <1459266567.6393.669.camel@hpe.com>
2016-03-30 18:02 ` Luis R. Rodriguez
[not found] ` <CAB=NE6VZD3gJicAzm3068APmVeKmFdF-gavNjEoVCz51hV262g@mail.gmail.com>
2016-03-30 18:58 ` Konrad Rzeszutek Wilk
2016-03-30 20:10 ` [LKP] " Luis R. Rodriguez
[not found] ` <CAB=NE6V2BOfkM5B8E+YULqrjqh_QaXOtBgyqpvBoku-73N4X-Q@mail.gmail.com>
2016-03-30 20:29 ` Konrad Rzeszutek Wilk
2016-03-30 20:47 ` Luis R. Rodriguez
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1458769323-24491-5-git-send-email-toshi.kani@hpe.com \
--to=toshi.kani@hpe.com \
--cc=bp@suse.de \
--cc=elliott@hpe.com \
--cc=hpa@zytor.com \
--cc=jgross@suse.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mcgrof@suse.com \
--cc=mingo@kernel.org \
--cc=paul.gortmaker@windriver.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).