[SRU][B][PATCH 0/5] x86: mm: fix early boot problem on i386 with KPTI enabled

Andrea Righi andrea.righi at canonical.com
Thu Jul 4 15:17:40 UTC 2019 

Buglink: https://bugs.launchpad.net/bugs/1827884

[Impact]

Commit d653420532d580156c8486686899ea6a9eeb7bf0 in bionic enabled kernel page
table isolation for x86_32, but also introduced regressions. One of them
("BUG_ON() condition in vmalloc_sync_one()") has been addressed by bug 1830433,
but there are other issues reported on i386.

Specifically on some i386 systems the kernel seems to fail in the early stage
of boot (black screen and frozen keyboard) with no error reported on the
console.

If the kernel is booted with "mitigations=off" and "nopti" the problem doesn't
happen (that is a clear indication of being a kernel page table isolation
issue).

However, users have been reported positive results with the following upstream
fixes applied (all clean cherry picks), even with mitigations *and* kernel page
table isolation enabled.

[Test Case]

Unfortuantely this problem is not easily reproducible, the kernel simply fails
to boot (black screen and frozen keyboard) after the GRUB prompt, so we don't
have a real test case (except asking the bug reporters to boot the kernel and
see if it works).

[Fix]

The following upstream fix seems to resolve (prevent) the problem:

 1d8ca3be86ebc6a38dad8236f45c7a9c61681e78 x86/mm/fault: Allow stack access below %rsp
 aa37c51b9421d66f7931c5fdcb9ce80c450974be x86/mm: Break out user address space handling
 8fed62000039058adfd8b663344e2f448aed1e7a x86/mm: Break out kernel address space handling
 164477c2331be75d9bd57fb76704e676b2bcd1cd x86/mm: Clarify hardware vs. software "error_code"
 0e664eee65337082be49fbbd2ee24aa0d111d0f2 Revert "perf/core: Make sure the ring-buffer is mapped in all page-tables"

[Regression Potential]

All upstream fixes, tested on the affected platform, backport changes are
minimal.

----------------------------------------------------------------
Dave Hansen (3):
      x86/mm: Clarify hardware vs. software "error_code"
      x86/mm: Break out kernel address space handling
      x86/mm: Break out user address space handling

Joerg Roedel (1):
      Revert "perf/core: Make sure the ring-buffer is mapped in all page-tables"

Waiman Long (1):
      x86/mm/fault: Allow stack access below %rsp

 arch/x86/mm/fault.c         | 205 +++++++++++++++++++++++++++-----------------
 kernel/events/ring_buffer.c |  16 ----
 2 files changed, 126 insertions(+), 95 deletions(-)

More information about the kernel-team mailing list