From patchwork Sun Aug 14 20:23:26 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 9279915 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 405FA60839 for ; Sun, 14 Aug 2016 20:28:12 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 30B08289F3 for ; Sun, 14 Aug 2016 20:28:12 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 2502928A1A; Sun, 14 Aug 2016 20:28:12 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 6A3AC289F3 for ; Sun, 14 Aug 2016 20:28:11 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bZ1yg-0006Eu-2W; Sun, 14 Aug 2016 20:25:50 +0000 Received: from mail6.bemta6.messagelabs.com ([193.109.254.103]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bZ1ye-0006El-Qy for xen-devel@lists.xenproject.org; Sun, 14 Aug 2016 20:25:48 +0000 Received: from [193.109.254.147] by server-2.bemta-6.messagelabs.com id 0A/B3-13744-CC3D0B75; Sun, 14 Aug 2016 20:25:48 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmpikeJIrShJLcpLzFFi42LpubySR/f05Q3 hBhPbJSy+b5nM5MDocfjDFZYAxijWzLyk/IoE1oxfL06xF5zXqJhwnb+B8axiFyMXh5DANkaJ fc39bF2MHBxsAqYSM/6rdDFycogIKEhs7n3GClLDLPCUVeLPhE1MIAlhATeJy313wGwWAVWJ9 x/2soPYvAJWEmfv7GIGsSUE5CQubfsCZnMKWEt0/loDVi8EVHN6egsriC0qICaxuW0XK0SvoM TJmU9YQG5gFlCXWD9PaAIj7ywkmVkImQWMTKsY1YtTi8pSi3RN9JKKMtMzSnITM3N0DQ3M9HJ Ti4sT01NzEpOK9ZLzczcxAsOGAQh2MHZf9j/EKMnBpCTKq2O+LlyILyk/pTIjsTgjvqg0J7X4 EKMMB4eSBO+ESxvChQSLUtNTK9Iyc4ABDJOW4OBREuFdA5LmLS5IzC3OTIdInWJUlBLnNQVJC IAkMkrz4NpgUXOJUVZKmJcR6BAhnoLUotzMElT5V4ziHIxKwryNIFN4MvNK4Ka/AlrMBLRYXx pscUkiQkqqgdFw1oLJgvIVnLlK8d+c506Y8fF23B7NyUYHp/camOzZmHRj4ZPs+ILdoSG609/ PPZDKwW/o82Lz369vtxyZepOT62rjhs3bG+z9+q5P5vpked3RdxpntcRaodA/S99MYNgg0HFz 4krHbq4rMnZ6garG3wqEzZk/zBX9nsNeuikz85fhDGs10V4lluKMREMt5qLiRABh2FNAlQIAA A== X-Env-Sender: gregkh@linuxfoundation.org X-Msg-Ref: server-3.tower-27.messagelabs.com!1471206345!53525786!1 X-Originating-IP: [140.211.169.12] X-SpamReason: No, hits=0.5 required=7.0 tests=BODY_RANDOM_LONG X-StarScan-Received: X-StarScan-Version: 8.84; banners=-,-,- X-VirusChecked: Checked Received: (qmail 57154 invoked from network); 14 Aug 2016 20:25:47 -0000 Received: from mail.linuxfoundation.org (HELO mail.linuxfoundation.org) (140.211.169.12) by server-3.tower-27.messagelabs.com with DHE-RSA-AES256-GCM-SHA384 encrypted SMTP; 14 Aug 2016 20:25:47 -0000 Received: from localhost (pes75-3-78-192-101-3.fbxo.proxad.net [78.192.101.3]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 213728D4; Sun, 14 Aug 2016 20:25:44 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Date: Sun, 14 Aug 2016 22:23:26 +0200 Message-Id: <20160814202303.944432698@linuxfoundation.org> X-Mailer: git-send-email 2.9.3 In-Reply-To: <20160814202302.493206349@linuxfoundation.org> References: <20160814202302.493206349@linuxfoundation.org> User-Agent: quilt/0.64 MIME-Version: 1.0 Cc: Juergen Gross , Denys Vlasenko , xen-devel@lists.xenproject.org, Toshi Kani , Peter Zijlstra , Greg Kroah-Hartman , "Luis R. Rodriguez" , "H. Peter Anvin" , stable@vger.kernel.org, Andy Lutomirski , paul.gortmaker@windriver.com, Ingo Molnar , Borislav Petkov , Brian Gerst , Toshi Kani , Andrew Morton , Borislav Petkov , Linus Torvalds , Thomas Gleixner , elliott@hpe.com Subject: [Xen-devel] [PATCH 4.4 26/49] x86/mtrr: Fix Xorg crashes in Qemu sessions X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP 4.4-stable review patch. If anyone has any objections, please let me know. ------------------ From: Toshi Kani commit edfe63ec97ed8d4496225f7ba54c9ce4207c5431 upstream. A Xorg failure on qemu32 was reported as a regression [1] caused by commit 9cd25aac1f44 ("x86/mm/pat: Emulate PAT when it is disabled"). This patch fixes the Xorg crash. Negative effects of this regression were the following two failures [2] in Xorg on QEMU with QEMU CPU model "qemu32" (-cpu qemu32), which were triggered by the fact that its virtual CPU does not support MTRRs. #1. copy_process() failed in the check in reserve_pfn_range() copy_process copy_mm dup_mm dup_mmap copy_page_range track_pfn_copy reserve_pfn_range A WC map request was tracked as WC in memtype, which set a PTE as UC (pgprot) per __cachemode2pte_tbl[]. This led to this error in reserve_pfn_range() called from track_pfn_copy(), which obtained a pgprot from a PTE. It converts pgprot to page_cache_mode, which does not necessarily result in the original page_cache_mode since __cachemode2pte_tbl[] redirects multiple types to UC. #2. error path in copy_process() then hit WARN_ON_ONCE in untrack_pfn(). x86/PAT: Xorg:509 map pfn expected mapping type uncached- minus for [mem 0xfd000000-0xfdffffff], got write-combining Call Trace: dump_stack warn_slowpath_common ? untrack_pfn ? untrack_pfn warn_slowpath_null untrack_pfn ? __kunmap_atomic unmap_single_vma ? pagevec_move_tail_fn unmap_vmas exit_mmap mmput copy_process.part.47 _do_fork SyS_clone do_syscall_32_irqs_on entry_INT80_32 These negative effects are caused by two separate bugs, but they can be addressed in separate patches. Fixing the pat_init() issue described below addresses the root cause, and avoids Xorg to hit these cases. When the CPU does not support MTRRs, MTRR does not call pat_init(), which leaves PAT enabled without initializing PAT. This pat_init() issue is a long-standing issue, but manifested as issue #1 (and then hit issue #2) with the above-mentioned commit because the memtype now tracks cache attribute with 'page_cache_mode'. This pat_init() issue existed before the commit, but we used pgprot in memtype. Hence, we did not have issue #1 before. But WC request resulted in WT in effect because WC pgrot is actually WT when PAT is not initialized. This is not how it was designed to work. When PAT is set to disable properly, WC is converted to UC. The use of WT can result in a system crash if the target range does not support WT. Fortunately, nobody ran into such issue before. To fix this pat_init() issue, PAT code has been enhanced to provide pat_disable() interface. Call this interface when MTRRs are disabled. By setting PAT to disable properly, PAT bypasses the memtype check, and avoids issue #1. [1]: https://lkml.org/lkml/2016/3/3/828 [2]: https://lkml.org/lkml/2016/3/4/775 Signed-off-by: Toshi Kani Reviewed-by: Thomas Gleixner Cc: Andrew Morton Cc: Andy Lutomirski Cc: Borislav Petkov Cc: Borislav Petkov Cc: Brian Gerst Cc: Denys Vlasenko Cc: H. Peter Anvin Cc: Juergen Gross Cc: Linus Torvalds Cc: Luis R. Rodriguez Cc: Peter Zijlstra Cc: Toshi Kani Cc: elliott@hpe.com Cc: konrad.wilk@oracle.com Cc: paul.gortmaker@windriver.com Cc: xen-devel@lists.xenproject.org Link: http://lkml.kernel.org/r/1458769323-24491-5-git-send-email-toshi.kani@hpe.com Signed-off-by: Ingo Molnar Signed-off-by: Greg Kroah-Hartman --- arch/x86/include/asm/mtrr.h | 6 +++++- arch/x86/kernel/cpu/mtrr/main.c | 10 +++++++++- 2 files changed, 14 insertions(+), 2 deletions(-) --- a/arch/x86/include/asm/mtrr.h +++ b/arch/x86/include/asm/mtrr.h @@ -24,6 +24,7 @@ #define _ASM_X86_MTRR_H #include +#include /* @@ -83,9 +84,12 @@ static inline int mtrr_trim_uncached_mem static inline void mtrr_centaur_report_mcr(int mcr, u32 lo, u32 hi) { } +static inline void mtrr_bp_init(void) +{ + pat_disable("MTRRs disabled, skipping PAT initialization too."); +} #define mtrr_ap_init() do {} while (0) -#define mtrr_bp_init() do {} while (0) #define set_mtrr_aps_delayed_init() do {} while (0) #define mtrr_aps_init() do {} while (0) #define mtrr_bp_restore() do {} while (0) --- a/arch/x86/kernel/cpu/mtrr/main.c +++ b/arch/x86/kernel/cpu/mtrr/main.c @@ -759,8 +759,16 @@ void __init mtrr_bp_init(void) } } - if (!mtrr_enabled()) + if (!mtrr_enabled()) { pr_info("MTRR: Disabled\n"); + + /* + * PAT initialization relies on MTRR's rendezvous handler. + * Skip PAT init until the handler can initialize both + * features independently. + */ + pat_disable("MTRRs disabled, skipping PAT initialization too."); + } } void mtrr_ap_init(void)