From: Borislav Petkov <bp@alien8.de>
To: Andy Lutomirski <luto@amacapital.net>
Cc: x86-ml <x86@kernel.org>, lkml <linux-kernel@vger.kernel.org>
Subject: Re: WARNING: CPU: 0 PID: 3031 at ./arch/x86/include/asm/fpu/internal.h:530 fpu__restore+0x90/0x130()
Date: Mon, 15 Feb 2016 20:05:22 +0100 [thread overview]
Message-ID: <20160215190522.GA32716@pd.tnic> (raw)
In-Reply-To: <CALCETrVU8RvcDAUPfwoW9FVvgyn3z-5R86+4-mXtubpTd4YiKg@mail.gmail.com>
On Thu, Feb 11, 2016 at 05:16:00PM -0800, Andy Lutomirski wrote:
> Are you running 32-bit userspace by any chance?
Sure, that's a 32-bit kernel testing partition. :)
> I'm guessing you're hitting this in __fpu_restore_sig:
Yeah, I was looking at that too.
> fpu__drop(fpu);
> if (__copy_from_user(&fpu->state.xsave, buf_fx, state_size) ||
> __copy_from_user(&env, buf, sizeof(env))) {
> fpstate_init(&fpu->state);
> err = -1;
> } else {
> sanitize_restored_xstate(tsk, &env, xfeatures, fx_only);
> }
>
> fpu->fpstate_active = 1;
>
> <-- preempted right here
Yeah, that could explain why I'm seeing it.
> if (use_eager_fpu()) {
> preempt_disable();
> fpu__restore(fpu);
> preempt_enable();
> }
>
> I don't see why this code deserves to work. If I'm right, it can be
> fixed by pulling the preempt_disable out of the if (use_eager_fpu())
> to right above the fpstate_active = 1 line. Don't bother trying to
> optimize the !use_eager_fpu() case.
Right.
> Once someone gets around to eagerly *allocating* the FPU context and
> dropping CR0.TS usage entirely, then even that won't be enough unless
> we do my suggesting of deferring FPU restore to
> prepare_exit_to_usermode. (Doing that will make all of this much,
> much more sane.)
Sounds good to me.
So the thing with this issue is, is that I don't have a reproducer yet.
It happened randomly.
So let me ask it this way: can anything go wrong if we pull up the
preemption disabled region? I mean, do we even care about the !eager FPU
case? I'd much prefer that vs FPU state corruption...
--
Regards/Gruss,
Boris.
ECO tip #101: Trim your mails when you reply.
next prev parent reply other threads:[~2016-02-15 19:05 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-11 19:27 WARNING: CPU: 0 PID: 3031 at ./arch/x86/include/asm/fpu/internal.h:530 fpu__restore+0x90/0x130() Borislav Petkov
2016-02-11 23:47 ` Andy Lutomirski
2016-02-12 1:16 ` Andy Lutomirski
2016-02-12 17:00 ` Borislav Petkov
2016-02-15 19:14 ` Borislav Petkov
2016-02-16 2:25 ` Andy Lutomirski
2016-02-17 8:16 ` Ingo Molnar
2016-02-17 9:29 ` Borislav Petkov
2016-02-17 9:35 ` Ingo Molnar
2016-02-17 10:31 ` Borislav Petkov
2016-02-17 11:06 ` Ingo Molnar
2016-02-17 11:41 ` Borislav Petkov
2016-02-17 17:52 ` Andy Lutomirski
2016-02-15 19:05 ` Borislav Petkov [this message]
2016-02-12 11:17 ` Borislav Petkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160215190522.GA32716@pd.tnic \
--to=bp@alien8.de \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).