Re: [patch 0/6] Cure kexec() vs. mwait_play_dead() troubles

From: Sean Christopherson
Date: Mon Jun 05 2023 - 13:41:17 EST

Next message: Peter Collingbourne: "Re: [PATCH v4 1/3] mm: Call arch_swap_restore() from do_swap_page()"
Previous message: Herve Codina: "Re: [PATCH v2 5/9] iio: inkern: Add a helper to query an available minimum raw value"
In reply to: Thomas Gleixner: "[patch 3/6] x86/smp: Use dedicated cache-line for mwait_play_dead()"
Next in thread: Thomas Gleixner: "Re: [patch 0/6] Cure kexec() vs. mwait_play_dead() troubles"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Jun 03, 2023, Thomas Gleixner wrote:
> Hi!
>
> Ashok observed triple faults when executing kexec() on a kernel which has
> 'nosmt' on the kernel commandline and HT enabled in the BIOS.
>
> 'nosmt' brings up the HT siblings to the point where they initiliazed the
> CPU and then rolls the bringup back which parks them in mwait_play_dead().
> The reason is that all CPUs should have CR4.MCE set. Otherwise a broadcast
> MCE will immediately shut down the machine.

...

> This is only half safe because HLT can resume execution due to NMI, SMI and
> MCE. Unfortunately there is no real safe mechanism to "park" a CPU reliably,

On Intel. On AMD, enabling EFER.SVME and doing CLGI will block everything except
single-step #DB (lol) and RESET. #MC handling is implementation-dependent and
*might* cause shutdown, but at least there's a chance it will work. And presumably
modern CPUs do pend the #MC until GIF=1.

> but there is at least one which prevents the NMI and SMI cause: INIT.
>
> 3) If the system uses the regular INIT/STARTUP sequence to wake up
> secondary CPUS, then "park" all CPUs including the "offline" ones
> by sending them INIT IPIs.
>
> The INIT IPI brings the CPU into a wait for wakeup state which is not
> affected by NMI and SMI, but INIT also clears CR4.MCE, so the broadcast MCE
> problem comes back.
>
> But that's not really any different from a CPU sitting in the HLT loop on
> the previous kernel. If a broadcast MCE arrives, HLT resumes execution and
> the CPU tries to handle the MCE on overwritten text, pagetables etc.
>
> So parking them via INIT is not completely solving the problem, but it
> takes at least NMI and SMI out of the picture.

Don't most SMM handlers rendezvous all CPUs? I.e. won't blocking SMIs indefinitely
potentially cause problems too?

Why not carve out a page that's hidden across kexec() to hold whatever code+data
is needed to safely execute a HLT loop indefinitely? E.g. doesn't the original
kernel provide the e820 tables for the post-kexec() kernel? To avoid OOM after
many kexec(), reserving a page could be done iff the current kernel wasn't itself
kexec()'d.

Next message: Peter Collingbourne: "Re: [PATCH v4 1/3] mm: Call arch_swap_restore() from do_swap_page()"
Previous message: Herve Codina: "Re: [PATCH v2 5/9] iio: inkern: Add a helper to query an available minimum raw value"
In reply to: Thomas Gleixner: "[patch 3/6] x86/smp: Use dedicated cache-line for mwait_play_dead()"
Next in thread: Thomas Gleixner: "Re: [patch 0/6] Cure kexec() vs. mwait_play_dead() troubles"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]