Bug 1560494 - i686: Using invpcid_flush_all_nonglobals() can cause user-space panic on .i686
Summary: i686: Using invpcid_flush_all_nonglobals() can cause user-space panic on .i686
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: kernel
Version: 6.9
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: rc
: ---
Assignee: Waiman Long
QA Contact: Li Wang
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-03-26 10:32 UTC by Vratislav Bendel
Modified: 2018-06-19 05:05 UTC (History)
6 users (show)

Fixed In Version: kernel-2.6.32-754.el6
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-06-19 05:05:17 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:1854 normal SHIPPED_LIVE Important: kernel security and bug fix update 2018-06-19 08:58:56 UTC

Description Vratislav Bendel 2018-03-26 10:32:26 UTC
Description of problem:

Customer's java application can cause panic, apparently after the CPU performs invpcid flush.  
Customer bisected this to the following commit:
commit c6f35cdfc82ca083c041a24fdf33e1b84f80912d
    [x86] mm/kaiser: use invpcid to flush the two kaiser PCID AISD

From what I understand, then apparently the following might be the problem (however I don't currently understand why): 

 static inline void __native_flush_tlb(void)
 {
-       __load_cr3(native_read_cr3());
+       if (!static_cpu_has(X86_FEATURE_INVPCID)) {
+               __load_cr3(native_read_cr3());
+               return;
+       }
+       /*
+        * Note, this works with CR4.PCIDE=0 or 1.
+        */
+       invpcid_flush_all_nonglobals();
 }

Other modifications done by the commit are either under #CONFIG_KAISER or #CONFIG_X86_64, which are not included into .i686 build.


Additionally, disabling invpcid on boot-cmd-line *seems to resolve* the problem. (using 'noinvpcid' boot parameter)


Version-Release number of selected component (if applicable):
kernel-2.6.32-696.18.7.el6.i686

How reproducible:
Always

Steps to Reproduce:
TBA

Actual results:
0xf error_code page_fault panic

Expected results:
no panic

Additional info:
Usage of 'noinvpcid' boot-param in -696.18.7 version is exclusive to #CONFIG_X86_64, however on upstream it's general. 

Customer has tested the workaround ('noinvpcid') on -696.18.7.test kernel, simply modified to enable it on .i686.

Comment 13 Phillip Lougher 2018-05-24 23:38:31 UTC
Patch(es) committed on kernel repository and kernel is undergoing testing

Comment 15 Phillip Lougher 2018-05-25 02:12:27 UTC
Patch(es) available on kernel-2.6.32-754.el6

Comment 19 errata-xmlrpc 2018-06-19 05:05:17 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:1854


Note You need to log in before you can comment on or make changes to this bug.