Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 1560494 - i686: Using invpcid_flush_all_nonglobals() can cause user-space panic on .i686
i686: Using invpcid_flush_all_nonglobals() can cause user-space panic on .i686
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: kernel (Show other bugs)
6.9
Unspecified Unspecified
high Severity high
: rc
: ---
Assigned To: Waiman Long
Li Wang
: Regression
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2018-03-26 06:32 EDT by Vratislav Bendel
Modified: 2018-06-19 01:05 EDT (History)
6 users (show)

See Also:
Fixed In Version: kernel-2.6.32-754.el6
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2018-06-19 01:05:17 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:1854 normal SHIPPED_LIVE Important: kernel security and bug fix update 2018-06-19 04:58:56 EDT

  None (edit)
Description Vratislav Bendel 2018-03-26 06:32:26 EDT
Description of problem:

Customer's java application can cause panic, apparently after the CPU performs invpcid flush.  
Customer bisected this to the following commit:
commit c6f35cdfc82ca083c041a24fdf33e1b84f80912d
    [x86] mm/kaiser: use invpcid to flush the two kaiser PCID AISD

From what I understand, then apparently the following might be the problem (however I don't currently understand why): 

 static inline void __native_flush_tlb(void)
 {
-       __load_cr3(native_read_cr3());
+       if (!static_cpu_has(X86_FEATURE_INVPCID)) {
+               __load_cr3(native_read_cr3());
+               return;
+       }
+       /*
+        * Note, this works with CR4.PCIDE=0 or 1.
+        */
+       invpcid_flush_all_nonglobals();
 }

Other modifications done by the commit are either under #CONFIG_KAISER or #CONFIG_X86_64, which are not included into .i686 build.


Additionally, disabling invpcid on boot-cmd-line *seems to resolve* the problem. (using 'noinvpcid' boot parameter)


Version-Release number of selected component (if applicable):
kernel-2.6.32-696.18.7.el6.i686

How reproducible:
Always

Steps to Reproduce:
TBA

Actual results:
0xf error_code page_fault panic

Expected results:
no panic

Additional info:
Usage of 'noinvpcid' boot-param in -696.18.7 version is exclusive to #CONFIG_X86_64, however on upstream it's general. 

Customer has tested the workaround ('noinvpcid') on -696.18.7.test kernel, simply modified to enable it on .i686.
Comment 13 Phillip Lougher 2018-05-24 19:38:31 EDT
Patch(es) committed on kernel repository and kernel is undergoing testing
Comment 15 Phillip Lougher 2018-05-24 22:12:27 EDT
Patch(es) available on kernel-2.6.32-754.el6
Comment 19 errata-xmlrpc 2018-06-19 01:05:17 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:1854

Note You need to log in before you can comment on or make changes to this bug.