Bug 633940
Summary: | Booting SMP kernel on single cpu, unhandled user address faults in futex lock,cmpxchg | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | David Bein <d.bein> |
Component: | kernel | Assignee: | Red Hat Kernel Manager <kernel-mgr> |
Status: | CLOSED DUPLICATE | QA Contact: | Red Hat Kernel QE team <kernel-qe> |
Severity: | high | Docs Contact: | |
Priority: | low | ||
Version: | 5.4 | ||
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-02-27 09:46:02 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Attachments: |
Description
David Bein
2010-09-14 17:46:28 UTC
Even though the bug is filed against x86_64 kernels, it is also an issue for i386 kernels [i686]. The alternative instruction logic is shared between the i686 and x86_64 kernels. Created attachment 447322 [details]
Adds an alternate exception lookup table for UP case. Safe for hotplug cpu.
Comment on attachment 447322 [details]
Adds an alternate exception lookup table for UP case. Safe for hotplug cpu.
NOTE: This set of patches is relative to rh5.5:
2.6.18-194.11.3.el5
For full coverage in the presence of boot options: noreplacement or smp-alt-boot or if smp_alt_once is set to 1 in alternative_instructions() [because the maximum number of possible cpus is < 2], we need to defer the call which frees [__smp_alt_begin => __smp_alt_end] because that happens to include [__smp_locks => __smp_locks_end]. Computing the alternative exception addresses requires __smp_locks => __smp_locks_end to be untouched. The call to free_init_pages() poisons the pages which breaks the logic in alternatives_smp_check_exceptions(). It does not fault or anything, but it also does not create the UP alternate exception table [which is the whole point of this dance]. The next attachment is relative to the first one and delays actual calls to free_init_pages() on the SMP alternatives segment until the calculated alternate exceptions are completed. No change in semantics, just defer the free_init_pages() until things have settled down a bit. Created attachment 447367 [details]
Defer calls to free_init_pages() until alternative exception table is created.
This patch is relative to the previous patch for arch/i386/kernel/alternative.c .
It looks like others have hit this one before: https://bugzilla.redhat.com/show_bug.cgi?id=429412 https://bugzilla.redhat.com/show_bug.cgi?id=431823 Digging a bit deeper, the fault was caused by _PAGE_RW being clear in the pte. I have yet to track down why that happened, but maybe COW handling in a fork? Either way, it is because the off-by-1 in the exception table entries for various atomic cmpxchg instruction sequences in the futex code. Created attachment 447555 [details]
A different approach based on 2.6.23 -> 2.6.27 (maybe later)
At the expense of preserving the "lock",<operator> sequences in the futex
code, a different approach is to hardwire the "lock" sequences for the
futex code which means that the SMP alternatives code will never touch them.
This is the approach taken by some kernel.org releases, notably 2.6.24
and at least to 2.6.27 [as of this date]. The latest kernel.org kernels
have some other scheme for handling this entirely.
This is a simpler approach to fixing the problem and is standalone.
It is unclear if anyone will notice the overhead on UP for the
lock instructions for just the futex operators.
It looks like this was fixed in: https://rhn.redhat.com/errata/RHSA-2010-0839.html The other bug for this is: https://bugzilla.redhat.com/show_bug.cgi?id=633170 The choice was to hardwire the lock prefix in futex.h which happens to be the same as: https://bugzilla.redhat.com/attachment.cgi?id=447555 This bug should be marked as a duplicate of 633170. *** This bug has been marked as a duplicate of bug 633170 *** Since this is a dup, nothing is needed at this point. |