Bug 1560494

Summary: i686: Using invpcid_flush_all_nonglobals() can cause user-space panic on .i686
Product: Red Hat Enterprise Linux 6 Reporter: Vratislav Bendel <vbendel>
Component: kernelAssignee: Waiman Long <llong>
kernel sub component: Memory Management QA Contact: Li Wang <liwan>
Status: CLOSED ERRATA Docs Contact:
Severity: high    
Priority: high CC: lwang, mkostyukevic, nyelle, stalexan, vbendel, xiawu
Version: 6.9Keywords: Regression
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: kernel-2.6.32-754.el6 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-06-19 05:05:17 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Vratislav Bendel 2018-03-26 10:32:26 UTC 
Description of problem:

Customer's java application can cause panic, apparently after the CPU performs invpcid flush.  
Customer bisected this to the following commit:
commit c6f35cdfc82ca083c041a24fdf33e1b84f80912d
    [x86] mm/kaiser: use invpcid to flush the two kaiser PCID AISD

From what I understand, then apparently the following might be the problem (however I don't currently understand why): 

 static inline void __native_flush_tlb(void)
 {
-       __load_cr3(native_read_cr3());
+       if (!static_cpu_has(X86_FEATURE_INVPCID)) {
+               __load_cr3(native_read_cr3());
+               return;
+       }
+       /*
+        * Note, this works with CR4.PCIDE=0 or 1.
+        */
+       invpcid_flush_all_nonglobals();
 }

Other modifications done by the commit are either under #CONFIG_KAISER or #CONFIG_X86_64, which are not included into .i686 build.


Additionally, disabling invpcid on boot-cmd-line *seems to resolve* the problem. (using 'noinvpcid' boot parameter)


Version-Release number of selected component (if applicable):
kernel-2.6.32-696.18.7.el6.i686

How reproducible:
Always

Steps to Reproduce:
TBA

Actual results:
0xf error_code page_fault panic

Expected results:
no panic

Additional info:
Usage of 'noinvpcid' boot-param in -696.18.7 version is exclusive to #CONFIG_X86_64, however on upstream it's general. 

Customer has tested the workaround ('noinvpcid') on -696.18.7.test kernel, simply modified to enable it on .i686.
Comment 13 Phillip Lougher 2018-05-24 23:38:31 UTC 
Patch(es) committed on kernel repository and kernel is undergoing testing
Comment 15 Phillip Lougher 2018-05-25 02:12:27 UTC 
Patch(es) available on kernel-2.6.32-754.el6
Comment 19 errata-xmlrpc 2018-06-19 05:05:17 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:1854