From: Paolo Bonzini <pbonzini@redhat.com>
To: Matt Fleming <matt@codeblueprint.co.uk>
Cc: linux-kernel@vger.kernel.org, hpa@zytor.com, x86@kernel.org,
stable@vger.kernel.org, lersek@redhat.com,
matt.fleming@intel.com, bp@suse.de, linux-efi@vger.kernel.org,
Andy Lutomirski <luto@amacapital.net>
Subject: Re: [PATCH] x86: setup: extend low identity map to cover whole kernel range
Date: Wed, 14 Oct 2015 16:29:33 +0200 [thread overview]
Message-ID: <561E66CD.1050301@redhat.com> (raw)
In-Reply-To: <20151014135211.GB2782@codeblueprint.co.uk>
On 14/10/2015 15:52, Matt Fleming wrote:
>> > However, for non-PAE kernels there is no guarantee that the identity
>> > mapping in the initial_page_table extends as far as the GDT; in this
>> > case, accesses to the GDT will cause a page fault (which quickly becomes
>> > a triple fault). Fix this by copying the kernel mappings from
>> > swapper_pg_dir to initial_page_table twice, both at PAGE_OFFSET and at
>> > identity mapping.
>
> Oops, good catch guys. This is clearly a bug, but...
>
> ... I'm a little surprised you managed to trigger this at all, because
> the GDT we load in efi_call_phys_prolog() is part of the per-cpu data
> section and therefore part of the kernel image.
Only until setup_percpu, which is earlier than SetVirtualAddressMap.
For example, I get:
setup_percpu: NR_CPUS:8 nr_cpumask_bits:8 nr_cpu_ids:1 nr_node_ids:1
PERCPU: Embedded 18 pages/cpu @c728e000 s41800 r0 d31928 u73728
^^^^^^^
but the kernel image ends at 0x037fffff.
The GDT is 0xc728e000 in this run, so the GDT is at the beginning of the
relocated percpu area.
In the above run, the FS base that switch_to_new_gdt loads is 0x551C000.
You have 0x728E000 - 0x551C000 = 0x1D72000, and from tracing I see that
one of the GDT values that is loaded very early is exactly 0xC1D72000.
That _is_ inside the kernel image of course when you remove PAGE_OFFSET.
Paolo
next prev parent reply other threads:[~2015-10-14 14:29 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-14 11:30 [PATCH] x86: setup: extend low identity map to cover whole kernel range Paolo Bonzini
2015-10-14 13:52 ` Matt Fleming
2015-10-14 14:29 ` Paolo Bonzini [this message]
2015-10-14 21:04 ` Matt Fleming
[not found] ` <20151014135211.GB2782-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org>
2015-10-14 16:22 ` Andy Lutomirski
2015-10-14 21:00 ` Matt Fleming
[not found] ` <20151014210050.GE2782-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org>
2015-10-14 21:39 ` Andy Lutomirski
2015-10-15 9:45 ` Matt Fleming
[not found] ` <CALCETrU=YL8yWpp29xO0N7TEVogX1j5Fyk5M_FpJTa9ZOS21Zw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-10-15 12:18 ` H. Peter Anvin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=561E66CD.1050301@redhat.com \
--to=pbonzini@redhat.com \
--cc=bp@suse.de \
--cc=hpa@zytor.com \
--cc=lersek@redhat.com \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=matt.fleming@intel.com \
--cc=matt@codeblueprint.co.uk \
--cc=stable@vger.kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).