ACK/Cmnt: [SRU][B][PATCH 0/5] x86: mm: fix early boot problem on i386 with KPTI enabled

Stefan Bader stefan.bader at canonical.com
Wed Jul 10 08:16:56 UTC 2019 

On 04.07.19 17:17, Andrea Righi wrote:
> Buglink: https://bugs.launchpad.net/bugs/1827884
> 
> [Impact]
> 
> Commit d653420532d580156c8486686899ea6a9eeb7bf0 in bionic enabled kernel page
> table isolation for x86_32, but also introduced regressions. One of them
> ("BUG_ON() condition in vmalloc_sync_one()") has been addressed by bug 1830433,
> but there are other issues reported on i386.
> 
> Specifically on some i386 systems the kernel seems to fail in the early stage
> of boot (black screen and frozen keyboard) with no error reported on the
> console.
> 
> If the kernel is booted with "mitigations=off" and "nopti" the problem doesn't
> happen (that is a clear indication of being a kernel page table isolation
> issue).
> 
> However, users have been reported positive results with the following upstream
> fixes applied (all clean cherry picks), even with mitigations *and* kernel page
> table isolation enabled.
> 
> [Test Case]
> 
> Unfortuantely this problem is not easily reproducible, the kernel simply fails
> to boot (black screen and frozen keyboard) after the GRUB prompt, so we don't
> have a real test case (except asking the bug reporters to boot the kernel and
> see if it works).
> 
> [Fix]
> 
> The following upstream fix seems to resolve (prevent) the problem:
> 
>  1d8ca3be86ebc6a38dad8236f45c7a9c61681e78 x86/mm/fault: Allow stack access below %rsp
>  aa37c51b9421d66f7931c5fdcb9ce80c450974be x86/mm: Break out user address space handling
>  8fed62000039058adfd8b663344e2f448aed1e7a x86/mm: Break out kernel address space handling
>  164477c2331be75d9bd57fb76704e676b2bcd1cd x86/mm: Clarify hardware vs. software "error_code"
>  0e664eee65337082be49fbbd2ee24aa0d111d0f2 Revert "perf/core: Make sure the ring-buffer is mapped in all page-tables"
> 
> [Regression Potential]
> 
> All upstream fixes, tested on the affected platform, backport changes are
> minimal.
> 
> ----------------------------------------------------------------
> Dave Hansen (3):
>       x86/mm: Clarify hardware vs. software "error_code"
>       x86/mm: Break out kernel address space handling
>       x86/mm: Break out user address space handling
> 
> Joerg Roedel (1):
>       Revert "perf/core: Make sure the ring-buffer is mapped in all page-tables"
> 
> Waiman Long (1):
>       x86/mm/fault: Allow stack access below %rsp
> 
>  arch/x86/mm/fault.c         | 205 +++++++++++++++++++++++++++-----------------
>  kernel/events/ring_buffer.c |  16 ----
>  2 files changed, 126 insertions(+), 95 deletions(-)
> 
> 
At first glance its a lot of change but quite a bit of it is moving code into
helper functions which should be not contributing to risk. Also the issue is a
severe one, so worth taking some risk. And there was positive testing and the
modified code should not depend on specific hardware (higher chance to be used
in testing).

Acked-by: Stefan Bader <stefan.bader at canonical.com>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20190710/b66ef6ef/attachment.sig>

More information about the kernel-team mailing list