[bisected] DEBUG_PAGEALLOC hangs on sparc64

[bisected] DEBUG_PAGEALLOC hangs on sparc64

[Meelis Roos]

When we debugged Ricks patches, he suggested that it might be
CONFIG_DEBUG_PAGEALLOC that is broken and suggested I bisect it.

I did. It was not as simple as I had hoped. Initially I saw the problem with
current kernel on V445 when I turned on DEBUG_PAGEALLOC. I could go down to
4.16 on thismachine and no lower (older kernels did not support gcc-8) and
it was still broken with 4.16.

Next I took V440 with old userspace (gcc 4.9.3) and tried with that. After finding
out that CONFIG_HIBERNATION disables/hides DEBUG_PAGEALLOC, I was able to turn on
DEBUG_PAGEALLOC. 4.0 was good, 4.16 was bad, so I started bisecting. On good commits,
everything worked. On bad commits, it hangs slightly after the first scsi disk
detection (the exact line varies slightly) and Ricks debug patches for his patch
showed that it was probably the first vfree() that hangs (please correct me if
I got it wrong!).

Bisecting led me to 4.9 merge window and this patch that broke it:

a74ad5e660a9ee1d071665e7e8ad822784a2dc7f is the first bad commit
commit a74ad5e660a9ee1d071665e7e8ad822784a2dc7f
Author: David S. Miller <davem@davemloft.net>
Date:   Thu Oct 27 09:04:54 2016 -0700

     sparc64: Handle extremely large kernel TLB range flushes more gracefully.
     
     When the vmalloc area gets fragmented, and because the firmware
     mapping area sits between where modules live and the vmalloc area, we
     can sometimes receive requests for enormous kernel TLB range flushes.
     
     When this happens the cpu just spins flushing billions of pages and
     this triggers the NMI watchdog and other problems.
     
     We took care of this on the TSB side by doing a linear scan of the
     table once we pass a certain threshold.
     
     Do something similar for the TLB flush, however we are limited by
     the TLB flush facilities provided by the different chip variants.
     
     First of all we use an (mostly arbitrary) cut-off of 256K which is
     about 32 pages.  This can be tuned in the future.
     
     The huge range code path for each chip works as follows:
     
     1) On spitfire we flush all non-locked TLB entries using diagnostic
        acceses.
     
     2) On cheetah we use the "flush all" TLB flush.
     
     3) On sun4v/hypervisor we do a TLB context flush on context 0, which
        unlike previous chips does not remove "permanent" or locked
        entries.
     
     We could probably do something better on spitfire, such as limiting
     the flush to kernel TLB entries or even doing range comparisons.
     However that probably isn't worth it since those chips are old and
     the TLB only had 64 entries.
     
     Reported-by: James Clarke <jrtc27@jrtc27.com>
     Tested-by: James Clarke <jrtc27@jrtc27.com>
     Signed-off-by: David S. Miller <davem@davemloft.net>

:040000 040000 c55bfc4f1f2140c55c7e00c122794d102025a6eb 0ffe14322d0813244aa7ba2bdc94680eceeccf49 M      arch

This is the CPU in V440:
$ cat /proc/cpuinfo
cpu             : TI UltraSparc IIIi (Jalapeno)
fpu             : UltraSparc IIIi integrated FPU
pmu             : ultra3i
prom            : OBP 4.30.4.a 2010/01/06 14:45
type            : sun4u
ncpus probed    : 4
ncpus active    : 4
D$ parity tl1   : 0
I$ parity tl1   : 0
cpucaps         : flush,stbar,swap,muldiv,v9,ultra3,mul32,div32,v8plus,vis,vis2
Cpu0ClkTck      : 000000004c5a8240
Cpu1ClkTck      : 000000004c5a8240
Cpu2ClkTck      : 000000004c5a8240
Cpu3ClkTck      : 000000004c5a8240
MMU Type        : Cheetah+
MMU PGSZs       : 8K,64K,512K,4MB
State:
CPU0:           online
CPU1:           online
CPU2:           online
CPU3:           online


-- 
Meelis Roos (mroos@linux.ee)

Re: [bisected] DEBUG_PAGEALLOC hangs on sparc64

[David Miller]

From: Meelis Roos <mroos@linux.ee>
Date: Wed, 29 May 2019 22:08:26 +0300

> Bisecting led me to 4.9 merge window and this patch that broke it:
> 
> a74ad5e660a9ee1d071665e7e8ad822784a2dc7f is the first bad commit
> commit a74ad5e660a9ee1d071665e7e8ad822784a2dc7f
> Author: David S. Miller <davem@davemloft.net>
> Date:   Thu Oct 27 09:04:54 2016 -0700
> 
>     sparc64: Handle extremely large kernel TLB range flushes more
>     gracefully.

Thank you, I will take a close look at this ASAP.

Re: [bisected] DEBUG_PAGEALLOC hangs on sparc64

[James Clarke]

On 29 May 2019, at 21:23, David Miller <davem@davemloft.net> wrote:
> 
> From: Meelis Roos <mroos@linux.ee>
> Date: Wed, 29 May 2019 22:08:26 +0300
> 
>> Bisecting led me to 4.9 merge window and this patch that broke it:
>> 
>> a74ad5e660a9ee1d071665e7e8ad822784a2dc7f is the first bad commit
>> commit a74ad5e660a9ee1d071665e7e8ad822784a2dc7f
>> Author: David S. Miller <davem@davemloft.net>
>> Date:   Thu Oct 27 09:04:54 2016 -0700
>> 
>>    sparc64: Handle extremely large kernel TLB range flushes more
>>    gracefully.
> 
> Thank you, I will take a close look at this ASAP.

Perhaps I'm being stupid, but the first hunk in xcall_flush_tlb_kernel_range
looks wrong to me. %g2 previously contained PAGE_SIZE-1, but is now clobbered
by the new srlx, setting %g2 to (aligned_end-aligned_start)>>18. If the
brnz %g2 is taken, %g2 gets overwritten, so it's not a problem, but if the
branch *isn't* taken, then %g2 is zero, so the add %g2, 1, %g2 in the delay
slot of the branch sets %g2 to 1. However, prior to this commit, %g2 would then
have had the value PAGE_SIZE, and the following code to do a page-by-page flush
assumes this, using it as the amount to step through. Rather than stepping
through page-by-page (with offset 0x20 to indicate nucleus), we will step
through the loop byte-by-byte, so some iterations will have low bit
combinations for things other than a nucleus page demap operation. This same
bug is replicated in the new __cheetah_xcall_flush_tlb_kernel_range.

Regards,
James

Re: [bisected] DEBUG_PAGEALLOC hangs on sparc64

[James Clarke]

[-- Attachment #1: Type: text/plain, Size: 2089 bytes --]

On 29 May 2019, at 22:00, James Clarke <jrtc27@jrtc27.com> wrote:
> On 29 May 2019, at 21:23, David Miller <davem@davemloft.net> wrote:
>> 
>> From: Meelis Roos <mroos@linux.ee>
>> Date: Wed, 29 May 2019 22:08:26 +0300
>> 
>>> Bisecting led me to 4.9 merge window and this patch that broke it:
>>> 
>>> a74ad5e660a9ee1d071665e7e8ad822784a2dc7f is the first bad commit
>>> commit a74ad5e660a9ee1d071665e7e8ad822784a2dc7f
>>> Author: David S. Miller <davem@davemloft.net>
>>> Date:   Thu Oct 27 09:04:54 2016 -0700
>>> 
>>>   sparc64: Handle extremely large kernel TLB range flushes more
>>>   gracefully.
>> 
>> Thank you, I will take a close look at this ASAP.
> 
> Perhaps I'm being stupid, but the first hunk in xcall_flush_tlb_kernel_range
> looks wrong to me. %g2 previously contained PAGE_SIZE-1, but is now clobbered
> by the new srlx, setting %g2 to (aligned_end-aligned_start)>>18. If the
> brnz %g2 is taken, %g2 gets overwritten, so it's not a problem, but if the
> branch *isn't* taken, then %g2 is zero, so the add %g2, 1, %g2 in the delay
> slot of the branch sets %g2 to 1. However, prior to this commit, %g2 would then
> have had the value PAGE_SIZE, and the following code to do a page-by-page flush
> assumes this, using it as the amount to step through. Rather than stepping
> through page-by-page (with offset 0x20 to indicate nucleus), we will step
> through the loop byte-by-byte, so some iterations will have low bit
> combinations for things other than a nucleus page demap operation. This same
> bug is replicated in the new __cheetah_xcall_flush_tlb_kernel_range.

Meelis, could you please try the attached patch to see if it fixes the issue?

David, I don't actually see why we need this alignment code in the first place.
The only call to the xcall is in smp_flush_tlb_kernel_range which already
rounds the start and end to multiples of the page size, so I believe we should
be able to delete the first four instructions of the 3 different
implementations? The non-xcall variants already skip doing this.

Regards,
James

[-- Attachment #2: 0001-sparc64-Fix-regression-in-non-hypervisor-TLB-flush-x.patch --]
[-- Type: application/octet-stream, Size: 1641 bytes --]

From c30831c5498105b986a563e3cde35b4015ae97e5 Mon Sep 17 00:00:00 2001
From: James Clarke <jrtc27@jrtc27.com>
Date: Wed, 29 May 2019 22:31:31 +0100
Subject: [PATCH] sparc64: Fix regression in non-hypervisor TLB flush xcall

Previously, %g2 would end up with the value PAGE_SIZE, but after the
commit mentioned below it ends up with the value 1 due to being reused
for a different purpose. We need it to be PAGE_SIZE as we use it to step
through pages in our demap loop, otherwise we set different flags in the
low 12 bits of the address written to, thereby doing things other than a
nucleus page flush.

Fixes: a74ad5e660a9 ("sparc64: Handle extremely large kernel TLB range flushes more gracefully.")
Reported-by: Meelis Roos <mroos@linux.ee>
Signed-off-by: James Clarke <jrtc27@jrtc27.com>
---
 arch/sparc/mm/ultra.S | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/sparc/mm/ultra.S b/arch/sparc/mm/ultra.S
index d245f89d1395..d220b6848746 100644
--- a/arch/sparc/mm/ultra.S
+++ b/arch/sparc/mm/ultra.S
@@ -587,7 +587,7 @@ xcall_flush_tlb_kernel_range:	/* 44 insns */
 	sub		%g7, %g1, %g3
 	srlx		%g3, 18, %g2
 	brnz,pn		%g2, 2f
-	 add		%g2, 1, %g2
+	 sethi		%hi(PAGE_SIZE), %g2
 	sub		%g3, %g2, %g3
 	or		%g1, 0x20, %g1		! Nucleus
 1:	stxa		%g0, [%g1 + %g3] ASI_DMMU_DEMAP
@@ -751,7 +751,7 @@ __cheetah_xcall_flush_tlb_kernel_range:	/* 44 insns */
 	sub		%g7, %g1, %g3
 	srlx		%g3, 18, %g2
 	brnz,pn		%g2, 2f
-	 add		%g2, 1, %g2
+	 sethi		%hi(PAGE_SIZE), %g2
 	sub		%g3, %g2, %g3
 	or		%g1, 0x20, %g1		! Nucleus
 1:	stxa		%g0, [%g1 + %g3] ASI_DMMU_DEMAP
-- 
2.20.1

Re: [bisected] DEBUG_PAGEALLOC hangs on sparc64

[Meelis Roos]

> Meelis, could you please try the attached patch to see if it fixes the issue?

Works on top of both the offending commit and current git, on V440 - thank you!

Will try on V445 too, hopefully today.

-- 
Meelis Roos

Re: [bisected] DEBUG_PAGEALLOC hangs on sparc64

[Meelis Roos]

> Meelis, could you please try the attached patch to see if it fixes the issue?

It also fixes latest git with DEBUG_PAGEALLOC on V445.

-- 
Meelis Roos <mroos@linux.ee>