Discussion:
unaligned accesses in SLAB etc.
David Miller
2014-10-12 17:20:12 UTC
Permalink
From: David Miller <***@davemloft.net>
Date: Sat, 11 Oct 2014 22:15:10 -0400 (EDT)
[603965.383447] Kernel unaligned access at TPC[546b58] free_block+0x98/0x1a0
[603965.396987] Kernel unaligned access at TPC[546b60] free_block+0xa0/0x1a0
[603965.410523] Kernel unaligned access at TPC[546b58] free_block+0x98/0x1a0
The unaligned accesses are happening in the SLAB_OBJ_PFMEMALLOC code,
which assumes that all object pointers are "unsigned long" aligned:

static inline void set_obj_pfmemalloc(void **objp)
{
*objp = (void *)((unsigned long)*objp | SLAB_OBJ_PFMEMALLOC);
return;
}

etc. etc.

But that code has been there working forever. Something changed
recently such that this assumption no longer holds.

In all of the cases, the address is 4-byte aligned but not 8-byte
aligned. And they are vmalloc addresses.

Which made me suspect the percpu commit:

====================
commit bf0dea23a9c094ae869a88bb694fbe966671bf6d
Author: Joonsoo Kim <***@lge.com>
Date: Thu Oct 9 15:26:27 2014 -0700

mm/slab: use percpu allocator for cpu cache
====================

And indeed, reverting this commit fixes the problem.

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to ***@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"***@kvack.org"> ***@kvack.org </a>
m***@linux.ee
2014-10-13 20:22:37 UTC
Permalink
Post by David Miller
Date: Sat, 11 Oct 2014 22:15:10 -0400 (EDT)
[603965.383447] Kernel unaligned access at TPC[546b58] free_block+0x98/0x1a0
[603965.396987] Kernel unaligned access at TPC[546b60] free_block+0xa0/0x1a0
[603965.410523] Kernel unaligned access at TPC[546b58] free_block+0x98/0x1a0
In all of the cases, the address is 4-byte aligned but not 8-byte
aligned. And they are vmalloc addresses.
====================
commit bf0dea23a9c094ae869a88bb694fbe966671bf6d
Date: Thu Oct 9 15:26:27 2014 -0700
mm/slab: use percpu allocator for cpu cache
====================
And indeed, reverting this commit fixes the problem.
I tested Joonsoo Kim's fix and it gets rid of the kernel unaligned
access messages, yes.

But the instability on UltraSparc II era machines still remains -
occassional Bus Errors during kernel compilation, messages like this:

sh[11771]: segfault at ffd6a4d1 ip 00000000f7cc5714 (rpc 00000000f7cc562c) sp 00000000ffd69d90 error 30002 in libc-2.19.so[f7c44000+16a000]
--
Meelis Roos (***@linux.ee)

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to ***@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"***@kvack.org"> ***@kvack.org </a>
Joonsoo Kim
2014-10-13 23:52:19 UTC
Permalink
Post by m***@linux.ee
Post by David Miller
Date: Sat, 11 Oct 2014 22:15:10 -0400 (EDT)
[603965.383447] Kernel unaligned access at TPC[546b58] free_block+0x98/0x1a0
[603965.396987] Kernel unaligned access at TPC[546b60] free_block+0xa0/0x1a0
[603965.410523] Kernel unaligned access at TPC[546b58] free_block+0x98/0x1a0
In all of the cases, the address is 4-byte aligned but not 8-byte
aligned. And they are vmalloc addresses.
====================
commit bf0dea23a9c094ae869a88bb694fbe966671bf6d
Date: Thu Oct 9 15:26:27 2014 -0700
mm/slab: use percpu allocator for cpu cache
====================
And indeed, reverting this commit fixes the problem.
I tested Joonsoo Kim's fix and it gets rid of the kernel unaligned
access messages, yes.
But the instability on UltraSparc II era machines still remains -
sh[11771]: segfault at ffd6a4d1 ip 00000000f7cc5714 (rpc 00000000f7cc562c) sp 00000000ffd69d90 error 30002 in libc-2.19.so[f7c44000+16a000]
Hello, Meelis.

Thanks for testing.

I'd like to know that your another problem is related to commit
bf0dea23a9c0 ("mm/slab: use percpu allocator for cpu cache").
So, if the commit is reverted, your another problem is also gone completely?

Thanks.

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to ***@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"***@kvack.org"> ***@kvack.org </a>
David Miller
2014-10-14 00:04:16 UTC
Permalink
From: Joonsoo Kim <***@lge.com>
Date: Tue, 14 Oct 2014 08:52:19 +0900
Post by Joonsoo Kim
I'd like to know that your another problem is related to commit
bf0dea23a9c0 ("mm/slab: use percpu allocator for cpu cache"). So,
if the commit is reverted, your another problem is also gone
completely?
The other problem has been present forever.
--
To unsubscribe from this list: send the line "unsubscribe sparclinux" in
the body of a message to ***@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Joonsoo Kim
2014-10-14 00:14:54 UTC
Permalink
Post by David Miller
Date: Tue, 14 Oct 2014 08:52:19 +0900
Post by Joonsoo Kim
I'd like to know that your another problem is related to commit
bf0dea23a9c0 ("mm/slab: use percpu allocator for cpu cache"). So,
if the commit is reverted, your another problem is also gone
completely?
The other problem has been present forever.
Okay.
Thanks for notifying me.

Thanks.

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to ***@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"***@kvack.org"> ***@kvack.org </a>
m***@linux.ee
2014-10-14 21:19:36 UTC
Permalink
Post by David Miller
Post by Joonsoo Kim
I'd like to know that your another problem is related to commit
bf0dea23a9c0 ("mm/slab: use percpu allocator for cpu cache"). So,
if the commit is reverted, your another problem is also gone
completely?
The other problem has been present forever.
Umm? I am afraid I have been describing it badly. This random
SIGBUS+SIGSEGV problem is new - I have not seen it before.

I have been able to do kernel compiles for years on sparc64 (modulo
specific bugs in specific configurations) and 3.17 + start/end swap
patch seems also stable for most machine. With yesterdays git + align
patch, it dies with SIGBUS multiple times during compilation so it's a
new regression for me.

Will try reverting that commit tomorrow.

My only other current sparc64 problems that I am seeing - V210/V440 die
during bootup if compiled with gcc 4.9 and V480 dies with FATAL
exceptions during bootups since previous kernel release. Maybe also
exit_mmap warning - I do not know if they have been fixed, I see them
rarely.
--
Meelis Roos (***@linux.ee)
--
To unsubscribe from this list: send the line "unsubscribe sparclinux" in
the body of a message to ***@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
David Miller
2014-10-14 21:32:46 UTC
Permalink
From: ***@linux.ee
Date: Wed, 15 Oct 2014 00:19:36 +0300 (EEST)
Post by m***@linux.ee
Post by David Miller
Post by Joonsoo Kim
I'd like to know that your another problem is related to commit
bf0dea23a9c0 ("mm/slab: use percpu allocator for cpu cache"). So,
if the commit is reverted, your another problem is also gone
completely?
The other problem has been present forever.
Umm? I am afraid I have been describing it badly. This random
SIGBUS+SIGSEGV problem is new - I have not seen it before.
Sorry, I thought it was the same bug that causes git corruptions
for you. I misunderstood.
Post by m***@linux.ee
I have been able to do kernel compiles for years on sparc64 (modulo
specific bugs in specific configurations) and 3.17 + start/end swap
patch seems also stable for most machine. With yesterdays git + align
patch, it dies with SIGBUS multiple times during compilation so it's a
new regression for me.
Will try reverting that commit tomorrow.
If that fails, please try to bisect, it will help us a lot.
Post by m***@linux.ee
My only other current sparc64 problems that I am seeing - V210/V440 die
during bootup if compiled with gcc 4.9 and V480 dies with FATAL
exceptions during bootups since previous kernel release. Maybe also
exit_mmap warning - I do not know if they have been fixed, I see them
rarely.
The gcc-4.9 case is interesting, are you saying that a gcc-4.9 compiled
kernel works fine on other systems?

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to ***@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"***@kvack.org"> ***@kvack.org </a>
Meelis Roos
2014-10-15 08:04:49 UTC
Permalink
Post by David Miller
Post by m***@linux.ee
My only other current sparc64 problems that I am seeing - V210/V440 die
during bootup if compiled with gcc 4.9 and V480 dies with FATAL
exceptions during bootups since previous kernel release. Maybe also
exit_mmap warning - I do not know if they have been fixed, I see them
rarely.
The gcc-4.9 case is interesting, are you saying that a gcc-4.9 compiled
kernel works fine on other systems?
Yes, all USII based systems work fine with Debian gcc-4.9, as does
T2000. Of USIII* systems, V210 and V440 exhibit the boot hang with
gcc-4.9 and V480 crashes wit FATAL exception during boot that is
probably earlier than the gcc boot hang so I do not know about V480 and
gcc-4.9. V240 not tested because of fan failures, V245 is in the queue
for setup but not tested so far.
--
Meelis Roos (***@linux.ee)

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to ***@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"***@kvack.org"> ***@kvack.org </a>
David Miller
2014-10-15 18:36:24 UTC
Permalink
From: Meelis Roos <***@linux.ee>
Date: Wed, 15 Oct 2014 11:04:49 +0300 (EEST)
Post by Meelis Roos
Post by David Miller
Post by m***@linux.ee
My only other current sparc64 problems that I am seeing - V210/V440 die
during bootup if compiled with gcc 4.9 and V480 dies with FATAL
exceptions during bootups since previous kernel release. Maybe also
exit_mmap warning - I do not know if they have been fixed, I see them
rarely.
The gcc-4.9 case is interesting, are you saying that a gcc-4.9 compiled
kernel works fine on other systems?
Yes, all USII based systems work fine with Debian gcc-4.9, as does
T2000. Of USIII* systems, V210 and V440 exhibit the boot hang with
gcc-4.9 and V480 crashes wit FATAL exception during boot that is
probably earlier than the gcc boot hang so I do not know about V480 and
gcc-4.9. V240 not tested because of fan failures, V245 is in the queue
for setup but not tested so far.
Ok, on the V210/V440 can you boot with "-p" on the kernel boot command
line and post the log? Let's start by seeing how far it gets, maybe
we can figure out roughly where it dies.

A boot hang should be relatively easy to diagnose and pinpoint.

Thanks.

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to ***@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"***@kvack.org"> ***@kvack.org </a>
Meelis Roos
2014-10-15 20:11:34 UTC
Permalink
Post by David Miller
Post by Meelis Roos
Post by David Miller
The gcc-4.9 case is interesting, are you saying that a gcc-4.9 compiled
kernel works fine on other systems?
Yes, all USII based systems work fine with Debian gcc-4.9, as does
T2000. Of USIII* systems, V210 and V440 exhibit the boot hang with
gcc-4.9 and V480 crashes wit FATAL exception during boot that is
probably earlier than the gcc boot hang so I do not know about V480 and
gcc-4.9. V240 not tested because of fan failures, V245 is in the queue
for setup but not tested so far.
Ok, on the V210/V440 can you boot with "-p" on the kernel boot command
line and post the log? Let's start by seeing how far it gets, maybe
we can figure out roughly where it dies.
http://www.spinics.net/lists/sparclinux/msg12238.html and
http://www.spinics.net/lists/sparclinux/msg12468.html are my relevant
posts about it. Should I get something more? It would be easy because of
ALOM.
--
Meelis Roos (***@linux.ee)

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to ***@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"***@kvack.org"> ***@kvack.org </a>
David Miller
2014-10-16 03:11:54 UTC
Permalink
From: Meelis Roos <***@linux.ee>
Date: Wed, 15 Oct 2014 23:11:34 +0300 (EEST)
Post by Meelis Roos
Post by David Miller
Post by Meelis Roos
Post by David Miller
The gcc-4.9 case is interesting, are you saying that a gcc-4.9 compiled
kernel works fine on other systems?
Yes, all USII based systems work fine with Debian gcc-4.9, as does
T2000. Of USIII* systems, V210 and V440 exhibit the boot hang with
gcc-4.9 and V480 crashes wit FATAL exception during boot that is
probably earlier than the gcc boot hang so I do not know about V480 and
gcc-4.9. V240 not tested because of fan failures, V245 is in the queue
for setup but not tested so far.
Ok, on the V210/V440 can you boot with "-p" on the kernel boot command
line and post the log? Let's start by seeing how far it gets, maybe
we can figure out roughly where it dies.
http://www.spinics.net/lists/sparclinux/msg12238.html and
http://www.spinics.net/lists/sparclinux/msg12468.html are my relevant
posts about it. Should I get something more? It would be easy because of
ALOM.
Less information than I had hoped :-/

I thought it was hanging "during boot" meaning before we try to
execute userspace. When in fact it seems to die exactly when we start
running the init process.

Wrt. disassembly of fault_in_user_windows(), that's not likely the
cause because if it were being miscompiled it would equally not work
on the other systems.

Something in the UltraSPARC-III specific code paths is going wrong
(either it is miscompiled, or the code makes an assumption that isn't
valid which has happened in the past).

Do you happen to have both gcc-4.9 and a previously working compiler
on these systems? If you do, we can build a kernel with gcc-4.9 and
then selectively compile certain failes with the older working
compiler to narrow down what compiles into something non-working with
gcc-4.9

I would start with the following files:

arch/sparc/mm/init_64.c
arch/sparc/mm/tlb.c
arch/sparc/mm/tsb.c
arch/sparc/mm/fault_64.c

And failing that, go for various files under arch/sparc/kernel/ such as:

arch/sparc/kernel/process_64.c
arch/sparc/kernel/smp_64.c
arch/sparc/kernel/sys_sparc_64.c
arch/sparc/kernel/sys_sparc32.c
arch/sparc/kernel/traps_64.c

Hopefully, this should be a simply matter of doing a complete build
with gcc-4.9, then removing the object file we want to selectively
build with the older compiler and then going:

make CC="gcc-4.6" arch/sparc/mm/init_64.o

then relinking with plain 'make'.

If the build system rebuilds the object file on you when you try
to relink the final kernel image, we'll have to do some of this
by hand to make the test.

Thanks.

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to ***@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"***@kvack.org"> ***@kvack.org </a>
Meelis Roos
2014-10-16 07:22:56 UTC
Permalink
Post by David Miller
Do you happen to have both gcc-4.9 and a previously working compiler
on these systems? If you do, we can build a kernel with gcc-4.9 and
then selectively compile certain failes with the older working
compiler to narrow down what compiles into something non-working with
gcc-4.9
Yes, I kept gcc-4.6 to help resolving it.

[...]
Post by David Miller
Hopefully, this should be a simply matter of doing a complete build
with gcc-4.9, then removing the object file we want to selectively
make CC="gcc-4.6" arch/sparc/mm/init_64.o
then relinking with plain 'make'.
If the build system rebuilds the object file on you when you try
to relink the final kernel image, we'll have to do some of this
by hand to make the test.
Unfortunately it starts a full rebuild with plain make after compiling
some files with gcc-4.6 - detects CC change?
--
Meelis Roos (***@linux.ee)

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to ***@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"***@kvack.org"> ***@kvack.org </a>
Hermann Lauer
2014-10-16 12:49:13 UTC
Permalink
Post by Meelis Roos
compiler to narrow down what compiles into something non-working wi=
th
Post by Meelis Roos
gcc-4.9
=20
Yes, I kept gcc-4.6 to help resolving it.
Probably unrelated, but as a datapoint:
On a Enterprise 250 vanilla 3.17.0 crashes also in userspace
with a red state exception shortly after boot. With the wheezy
kernel the system boots sucessfully.

Greetings
Hermann

[ 0.000000] PROMLIB: Sun IEEE Boot Prom 'OBP 3.30.0 2003/11/11 10:37=
'
[ 0.000000] PROMLIB: Root node compatible: sun4u
[ 0.000000] Initializing cgroup subsys cpuset
[ 0.000000] Initializing cgroup subsys cpu
[ 0.000000] Initializing cgroup subsys cpuacct
[ 0.000000] Linux version 3.17.0 (***@abacus) (gcc version 4.6.3 =
(Debian 4.6.3-14) ) #1 SMP Mon Oct 13 20:44:31 CEST 2014
[ 0.000000] bootconsole [earlyprom0] enabled
[ 0.000000] ARCH: SUN4U
[ 0.000000] Ethernet address: 08:00:20:9f:45:7e
[ 0.000000] PAGE_OFFSET is 0xffffff0000000000 (max_phys_bits =3D=3D =
40)
[ 0.000000] Kernel: Using 4 locked TLB entries for main kernel image=
=2E
[ 0.000000] Remapping the kernel... done.
[ 0.000000] OF stdout device is: /***@1f,4000/***@1/***@14,400000:a
[ 0.000000] PROM: Built device tree with 88024 bytes of memory.
[ 0.000000] Top of RAM: 0x1fec0000, Total RAM: 0x1feae000
[ 0.000000] Memory hole size: 0MB
[ 0.000000] Zone ranges:
[ 0.000000] DMA empty
[ 0.000000] Normal [mem 0x00000000-0x1febffff]
[ 0.000000] Movable zone start for each node
[ 0.000000] Early memory node ranges
[ 0.000000] node 0: [mem 0x00000000-0x1fdfdfff]
[ 0.000000] node 0: [mem 0x1fe00000-0x1fe99fff]
[ 0.000000] node 0: [mem 0x1feaa000-0x1febffff]
[ 0.000000] Booting Linux...
[ 0.000000] CPU CAPS: [flush,stbar,swap,muldiv,v9,mul32,div32,v8plus=
]
[ 0.000000] CPU CAPS: [vis]
[ 0.000000] PERCPU: Embedded 7 pages/cpu @ffffff001f000000 s23040 r8=
192 d26112 u4194304
[ 0.000000] Built 1 zonelists in Zone order, mobility grouping on. =
Total pages: 64856
[ 0.000000] Kernel command line: root=3D/dev/md0 ro
[ 0.000000] PID hash table entries: 2048 (order: 1, 16384 bytes)
[ 0.000000] Dentry cache hash table entries: 65536 (order: 6, 524288=
bytes)
[ 0.000000] Inode-cache hash table entries: 32768 (order: 5, 262144 =
bytes)
[ 0.000000] Sorting __ex_table...
[ 0.000000] Memory: 488256K/522936K available (4099K kernel code, 53=
0K rwdata, 1272K rodata, 256K init, 6873K bss, 34680K reserved)
[ 0.000000] Hierarchical RCU implementation.
[ 0.000000] CONFIG_RCU_FANOUT set to non-default value of 32
[ 0.000000] RCU dyntick-idle grace-period acceleration is enabled.
[ 0.000000] RCU restricting CPUs from NR_CPUS=3D256 to nr_cpu_ids=3D=
1.
[ 0.000000] RCU: Adjusting geometry for rcu_fanout_leaf=3D16, nr_cpu=
_ids=3D1
[ 0.000000] NR_IRQS:255

<rest available if interesting>

[....] Starting enhanced syslogd: rsyslogd=1B[?25l=1B[?1c
CPU0 RED State Exception

CPUVersion: 0017.0011.2000.0507
UPAConfig: 0000.06b6.34c0.803b
LSU-Control: 0000.0000.0000.0000
ECErrEnable: 0000.0000.0000.0007

AFAR: 0000.01fe.0180.2800
AFSR: 0000.0000.0000.0000

DMMU SFAR: 0000.0000.f78e.4004
DMMU SFSR: 0000.0000.0000.0000
IMMU SFSR: 0000.0000.0000.0011

TL=3D0000.0000.0000.0005 TT=3D0000.0000.0000.0064
TPC=3D0000.0000.0042.4c80 TnPC=3D0000.0000.0042.4c84 TSTATE=3D0000.0=
000.1104.1402
TL=3D0000.0000.0000.0004 TT=3D0000.0000.0000.0064
TPC=3D0000.0000.0042.4c80 TnPC=3D0000.0000.0042.4c84 TSTATE=3D0000.0=
000.1104.1402
TL=3D0000.0000.0000.0003 TT=3D0000.0000.0000.0064
TPC=3D0000.0000.0042.4c80 TnPC=3D0000.0000.0042.4c84 TSTATE=3D0000.0=
000.1104.1402
TL=3D0000.0000.0000.0002 TT=3D0000.0000.0000.0064
TPC=3D0000.0000.0042.0c80 TnPC=3D0000.0000.0042.0c84 TSTATE=3D0000.0=
000.1104.1402
TL=3D0000.0000.0000.0001 TT=3D0000.0000.0000.0064
TPC=3D0000.0000.0044.cac0 TnPC=3D0000.0000.0044.cac4 TSTATE=3D0000.0=
000.1100.1602=0D=EF=BF=BD

--=20
Netzwerkadministration/Zentrale Dienste, Interdiziplinaeres=20
Zentrum fuer wissenschaftliches Rechnen der Universitaet Heidelberg
IWR; INF 368; 69120 Heidelberg; Tel: (06221)54-8236 Fax: -5224
Email: ***@iwr.uni-heidelberg.de
--
To unsubscribe from this list: send the line "unsubscribe sparclinux" i=
n
the body of a message to ***@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Meelis Roos
2014-10-16 20:11:49 UTC
Permalink
Post by Meelis Roos
Post by David Miller
Hopefully, this should be a simply matter of doing a complete build
with gcc-4.9, then removing the object file we want to selectively
make CC="gcc-4.6" arch/sparc/mm/init_64.o
then relinking with plain 'make'.
If the build system rebuilds the object file on you when you try
to relink the final kernel image, we'll have to do some of this
by hand to make the test.
Unfortunately it starts a full rebuild with plain make after compiling
some files with gcc-4.6 - detects CC change?
Figured out from make V=1 how to call gcc-4.6 directly, so far my
bisection shows that it one or probably more of arch/sparc/kernel/*.c
but probably more than 1 - 2 halfs of it both failed. Still bisecting.
--
Meelis Roos (***@linux.ee)

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to ***@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"***@kvack.org"> ***@kvack.org </a>
David Miller
2014-10-16 20:18:23 UTC
Permalink
From: Meelis Roos <***@linux.ee>
Date: Thu, 16 Oct 2014 23:11:49 +0300 (EEST)
Post by Meelis Roos
Post by Meelis Roos
Post by David Miller
Hopefully, this should be a simply matter of doing a complete build
with gcc-4.9, then removing the object file we want to selectively
make CC="gcc-4.6" arch/sparc/mm/init_64.o
then relinking with plain 'make'.
If the build system rebuilds the object file on you when you try
to relink the final kernel image, we'll have to do some of this
by hand to make the test.
Unfortunately it starts a full rebuild with plain make after compiling
some files with gcc-4.6 - detects CC change?
Figured out from make V=1 how to call gcc-4.6 directly, so far my
bisection shows that it one or probably more of arch/sparc/kernel/*.c
but probably more than 1 - 2 halfs of it both failed. Still bisecting.
Thanks a lot for working this out.

I'm going to also try to setup a test environment so I can try this
gcc-4.9 stuff on my T4-2 as well.

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to ***@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"***@kvack.org"> ***@kvack.org </a>
Meelis Roos
2014-10-16 21:38:20 UTC
Permalink
Removed non-sparc64 people from CC to not spam them. Kept the lists
though.
Post by David Miller
Do you happen to have both gcc-4.9 and a previously working compiler
on these systems? If you do, we can build a kernel with gcc-4.9 and
then selectively compile certain failes with the older working
compiler to narrow down what compiles into something non-working with
gcc-4.9
arch/sparc/mm/init_64.c
arch/sparc/mm/tlb.c
arch/sparc/mm/tsb.c
arch/sparc/mm/fault_64.c
arch/sparc/kernel/process_64.c
arch/sparc/kernel/smp_64.c
arch/sparc/kernel/sys_sparc_64.c
arch/sparc/kernel/sys_sparc32.c
arch/sparc/kernel/traps_64.c
arch/sparc/kernel/setup_64.c is the only culprit.

Attached are 2 versions of the object file as of v3.17-rc1-22-g480cadc
that I tested.
--
Meelis Roos (***@linux.ee)
David Miller
2014-10-19 04:32:09 UTC
Permalink
From: Meelis Roos <***@linux.ee>
Date: Fri, 17 Oct 2014 00:38:20 +0300 (EEST)
Post by Meelis Roos
arch/sparc/kernel/setup_64.c is the only culprit.
Attached are 2 versions of the object file as of v3.17-rc1-22-g480cadc
that I tested.
Just to confirm, a gcc-4.9 compiled kernel works if just setup_64.c
is built with gcc-4.6, is that correct?

I'm looking through these two object files now, thanks!
--
To unsubscribe from this list: send the line "unsubscribe sparclinux" in
the body of a message to ***@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Meelis Roos
2014-10-19 07:07:03 UTC
Permalink
Post by David Miller
Date: Fri, 17 Oct 2014 00:38:20 +0300 (EEST)
Post by Meelis Roos
arch/sparc/kernel/setup_64.c is the only culprit.
Attached are 2 versions of the object file as of v3.17-rc1-22-g480cadc
that I tested.
Just to confirm, a gcc-4.9 compiled kernel works if just setup_64.c
is built with gcc-4.6, is that correct?
Yes, exactly.
--
Meelis Roos (***@linux.ee)
David Miller
2014-10-20 18:57:46 UTC
Permalink
From: Meelis Roos <***@linux.ee>
Date: Sun, 19 Oct 2014 10:07:03 +0300 (EEST)
Post by Meelis Roos
Post by David Miller
Date: Fri, 17 Oct 2014 00:38:20 +0300 (EEST)
Post by Meelis Roos
arch/sparc/kernel/setup_64.c is the only culprit.
Attached are 2 versions of the object file as of v3.17-rc1-22-g480cadc
that I tested.
Just to confirm, a gcc-4.9 compiled kernel works if just setup_64.c
is built with gcc-4.6, is that correct?
Yes, exactly.
Just an update, I have an environment where I can perfectly reproduce
this. I have a gcc-4.9 SVN built that compiles kernels which crash
the same way it does for you.

I'll let you know when I make more progress.
David Miller
2014-10-22 20:39:49 UTC
Permalink
From: David Miller <***@davemloft.net>
Date: Mon, 20 Oct 2014 14:57:46 -0400 (EDT)
Post by David Miller
Just an update, I have an environment where I can perfectly reproduce
this. I have a gcc-4.9 SVN built that compiles kernels which crash
the same way it does for you.
I'll let you know when I make more progress.
Whilst I don't have access to my reproducer machine until tomorrow in
order to test this myself, I wanted to toss this patch your way so you
could get a head start on me.

The issue is not that gcc-4.9 miscompiles anything, the issue is that
we had an existing bug that is exposed by gcc-4.9 simply allocating
registers in a different order.

per_cpu_patch() is the function that matters. I verified this by
pulling that function out of setup_64.c and into it's own separate
foo.c file, and only building that source file with gcc-4.9

I poured over the assembler several times over the course of a day or
so, and I'm pretty sure the generated code is fine. I even extracted
the assembler into a userland test-case and stepped through it for
the code paths that Ultra-III systems trigger.

What happens is that the inner-most registers are corrupted by the
first one of the TLB misses triggered by this code patching. These
TLB misses are serviced by the firmware because we are still using the
firmware's trap table this early on, and if the code path in the
firmware to service that TLB miss is deep enough we get a register
spill.

This is the top-most of the initial kernel stack's call chain, the
per_cpu_patch() function is invoked right from head_64.S.

What we've traditionally done is save away the firmware's stack
pointer, and jump onto that stack when we make firmware calls. But
there is absolutely no reason to do that, and it means that by doing
so we have always risked modifying registers erroneously at that
boundary at the top of the initial kernel stack.

So let's get rid of the CIF stack, and just call into the firwmare
using the normal kernel stack.

diff --git a/arch/sparc/include/asm/oplib_64.h b/arch/sparc/include/asm/oplib_64.h
index f346824..741f24a 100644
--- a/arch/sparc/include/asm/oplib_64.h
+++ b/arch/sparc/include/asm/oplib_64.h
@@ -62,7 +62,7 @@ struct linux_mem_p1275 {
/* You must call prom_init() before using any of the library services,
* preferably as early as possible. Pass it the romvec pointer.
*/
-void prom_init(void *cif_handler, void *cif_stack);
+void prom_init(void *cif_handler);

/* Boot argument acquisition, returns the boot command line string. */
char *prom_getbootargs(void);
diff --git a/arch/sparc/kernel/head_64.S b/arch/sparc/kernel/head_64.S
index 4fdeb80..b8d67c5 100644
--- a/arch/sparc/kernel/head_64.S
+++ b/arch/sparc/kernel/head_64.S
@@ -672,14 +672,12 @@ tlb_fixup_done:
sethi %hi(init_thread_union), %g6
or %g6, %lo(init_thread_union), %g6
ldx [%g6 + TI_TASK], %g4
- mov %sp, %l6

wr %g0, ASI_P, %asi
mov 1, %g1
sllx %g1, THREAD_SHIFT, %g1
sub %g1, (STACKFRAME_SZ + STACK_BIAS), %g1
add %g6, %g1, %sp
- mov 0, %fp

/* Set per-cpu pointer initially to zero, this makes
* the boot-cpu use the in-kernel-image per-cpu areas
@@ -706,7 +704,6 @@ tlb_fixup_done:
nop
#endif

- mov %l6, %o1 ! OpenPROM stack
call prom_init
mov %l7, %o0 ! OpenPROM cif handler

diff --git a/arch/sparc/prom/cif.S b/arch/sparc/prom/cif.S
index 9c86b4b..8050f38 100644
--- a/arch/sparc/prom/cif.S
+++ b/arch/sparc/prom/cif.S
@@ -11,11 +11,10 @@
.text
.globl prom_cif_direct
prom_cif_direct:
+ save %sp, -192, %sp
sethi %hi(p1275buf), %o1
or %o1, %lo(p1275buf), %o1
- ldx [%o1 + 0x0010], %o2 ! prom_cif_stack
- save %o2, -192, %sp
- ldx [%i1 + 0x0008], %l2 ! prom_cif_handler
+ ldx [%o1 + 0x0008], %l2 ! prom_cif_handler
mov %g4, %l0
mov %g5, %l1
mov %g6, %l3
diff --git a/arch/sparc/prom/init_64.c b/arch/sparc/prom/init_64.c
index d95db75..110b0d7 100644
--- a/arch/sparc/prom/init_64.c
+++ b/arch/sparc/prom/init_64.c
@@ -26,13 +26,13 @@ phandle prom_chosen_node;
* It gets passed the pointer to the PROM vector.
*/

-extern void prom_cif_init(void *, void *);
+extern void prom_cif_init(void *);

-void __init prom_init(void *cif_handler, void *cif_stack)
+void __init prom_init(void *cif_handler)
{
phandle node;

- prom_cif_init(cif_handler, cif_stack);
+ prom_cif_init(cif_handler);

prom_chosen_node = prom_finddevice(prom_chosen_path);
if (!prom_chosen_node || (s32)prom_chosen_node == -1)
diff --git a/arch/sparc/prom/p1275.c b/arch/sparc/prom/p1275.c
index b2340f0..545d8bb 100644
--- a/arch/sparc/prom/p1275.c
+++ b/arch/sparc/prom/p1275.c
@@ -20,7 +20,6 @@
struct {
long prom_callback; /* 0x00 */
void (*prom_cif_handler)(long *); /* 0x08 */
- unsigned long prom_cif_stack; /* 0x10 */
} p1275buf;

extern void prom_world(int);
@@ -52,5 +51,4 @@ void p1275_cmd_direct(unsigned long *args)
void prom_cif_init(void *cif_handler, void *cif_stack)
{
p1275buf.prom_cif_handler = (void (*)(long *))cif_handler;
- p1275buf.prom_cif_stack = (unsigned long)cif_stack;
}
--
To unsubscribe from this list: send the line "unsubscribe sparclinux" in
the body of a message to ***@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Meelis Roos
2014-10-22 23:22:36 UTC
Permalink
Post by David Miller
Whilst I don't have access to my reproducer machine until tomorrow in
order to test this myself, I wanted to toss this patch your way so you
could get a head start on me.
Unfortunately it fails earlier during the boot:

[ 25.232318] clocksource: mult[53555555] shift[24]
[ 25.288559] clockevent: mult[3126e98] shift[32]
[ 25.342813] Console: colour dummy device 80x25
[ 25.395990] console [tty0] enabled
[ 25.436726] bootconsole [earlyprom0] disabled
ERROR: Last Trap: Memory Address not Aligned

ok
--
Meelis Roos (***@linux.ee)
--
To unsubscribe from this list: send the line "unsubscribe sparclinux" in
the body of a message to ***@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
David Miller
2014-10-23 17:02:58 UTC
Permalink
From: Meelis Roos <***@linux.ee>
Date: Thu, 23 Oct 2014 02:22:36 +0300 (EEST)
Post by Meelis Roos
Post by David Miller
Whilst I don't have access to my reproducer machine until tomorrow in
order to test this myself, I wanted to toss this patch your way so you
could get a head start on me.
[ 25.232318] clocksource: mult[53555555] shift[24]
[ 25.288559] clockevent: mult[3126e98] shift[32]
[ 25.342813] Console: colour dummy device 80x25
[ 25.395990] console [tty0] enabled
[ 25.436726] bootconsole [earlyprom0] disabled
ERROR: Last Trap: Memory Address not Aligned
ok
I can reproduce and I know what the problem is, fixed patch coming up
shortly.

Thanks for all of your help so far!
--
To unsubscribe from this list: send the line "unsubscribe sparclinux" in
the body of a message to ***@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
David Miller
2014-10-23 21:22:58 UTC
Permalink
From: David Miller <***@davemloft.net>
Date: Thu, 23 Oct 2014 13:02:58 -0400 (EDT)
Post by David Miller
Date: Thu, 23 Oct 2014 02:22:36 +0300 (EEST)
Post by Meelis Roos
Post by David Miller
Whilst I don't have access to my reproducer machine until tomorrow in
order to test this myself, I wanted to toss this patch your way so you
could get a head start on me.
[ 25.232318] clocksource: mult[53555555] shift[24]
[ 25.288559] clockevent: mult[3126e98] shift[32]
[ 25.342813] Console: colour dummy device 80x25
[ 25.395990] console [tty0] enabled
[ 25.436726] bootconsole [earlyprom0] disabled
ERROR: Last Trap: Memory Address not Aligned
ok
I can reproduce and I know what the problem is, fixed patch coming up
shortly.
Ok, please test this patch below.

I tested the full matrix of pre-gcc-4.9, gcc-4.9, hypervisor boot
without HOTPLUG_CPU enabled, hypervisor boot with HOTPLUG_CPU enabled,
pre-hypervisor boot.

====================
[PATCH] sparc64: Fix register corruption in top-most kernel stack frame during boot.

Meelis Roos reported that kernels built with gcc-4.9 do not boot, we
eventually narrowed this down to only impacting machines using
UltraSPARC-III and derivitive cpus.

The crash happens right when the first user process is spawned:

[ 54.451346] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000004
[ 54.451346]
[ 54.571516] CPU: 1 PID: 1 Comm: init Not tainted 3.16.0-rc2-00211-gd7933ab #96
[ 54.666431] Call Trace:
[ 54.698453] [0000000000762f8c] panic+0xb0/0x224
[ 54.759071] [000000000045cf68] do_exit+0x948/0x960
[ 54.823123] [000000000042cbc0] fault_in_user_windows+0xe0/0x100
[ 54.902036] [0000000000404ad0] __handle_user_windows+0x0/0x10
[ 54.978662] Press Stop-A (L1-A) to return to the boot prom
[ 55.050713] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000004

Further investigation showed that compiling only per_cpu_patch() with
an older compiler fixes the boot.

Detailed analysis showed that the function is not being miscompiled by
gcc-4.9, but it is using a different register allocation ordering.

With the gcc-4.9 compiled function, something during the code patching
causes some of the %i* input registers to get corrupted. Perhaps
we have a TLB miss path into the firmware that is deep enough to
cause a register window spill and subsequent restore when we get
back from the TLB miss trap.

Let's plug this up by doing two things:

1) Stop using the firmware stack for client interface calls into
the firmware. Just use the kernel's stack.

2) As soon as we can, call into a new function "start_early_boot()"
to put a one-register-window buffer between the firmware's
deepest stack frame and the top-most initial kernel one.

Reported-by: Meelis Roos <***@linux.ee>
Signed-off-by: David S. Miller <***@davemloft.net>
---
arch/sparc/include/asm/oplib_64.h | 3 ++-
arch/sparc/kernel/entry.h | 3 ---
arch/sparc/kernel/head_64.S | 38 +-------------------------------------
arch/sparc/kernel/hvtramp.S | 1 -
arch/sparc/kernel/setup_64.c | 28 ++++++++++++++++++++--------
arch/sparc/kernel/trampoline_64.S | 12 +++++++-----
arch/sparc/prom/cif.S | 5 ++---
arch/sparc/prom/init_64.c | 6 +++---
arch/sparc/prom/p1275.c | 2 --
9 files changed, 35 insertions(+), 63 deletions(-)

diff --git a/arch/sparc/include/asm/oplib_64.h b/arch/sparc/include/asm/oplib_64.h
index f346824..2e3a4ad 100644
--- a/arch/sparc/include/asm/oplib_64.h
+++ b/arch/sparc/include/asm/oplib_64.h
@@ -62,7 +62,8 @@ struct linux_mem_p1275 {
/* You must call prom_init() before using any of the library services,
* preferably as early as possible. Pass it the romvec pointer.
*/
-void prom_init(void *cif_handler, void *cif_stack);
+void prom_init(void *cif_handler);
+void prom_init_report(void);

/* Boot argument acquisition, returns the boot command line string. */
char *prom_getbootargs(void);
diff --git a/arch/sparc/kernel/entry.h b/arch/sparc/kernel/entry.h
index ebaba61..88d322b 100644
--- a/arch/sparc/kernel/entry.h
+++ b/arch/sparc/kernel/entry.h
@@ -65,13 +65,10 @@ struct pause_patch_entry {
extern struct pause_patch_entry __pause_3insn_patch,
__pause_3insn_patch_end;

-void __init per_cpu_patch(void);
void sun4v_patch_1insn_range(struct sun4v_1insn_patch_entry *,
struct sun4v_1insn_patch_entry *);
void sun4v_patch_2insn_range(struct sun4v_2insn_patch_entry *,
struct sun4v_2insn_patch_entry *);
-void __init sun4v_patch(void);
-void __init boot_cpu_id_too_large(int cpu);
extern unsigned int dcache_parity_tl1_occurred;
extern unsigned int icache_parity_tl1_occurred;

diff --git a/arch/sparc/kernel/head_64.S b/arch/sparc/kernel/head_64.S
index 4fdeb80..43e27ce 100644
--- a/arch/sparc/kernel/head_64.S
+++ b/arch/sparc/kernel/head_64.S
@@ -672,14 +672,12 @@ tlb_fixup_done:
sethi %hi(init_thread_union), %g6
or %g6, %lo(init_thread_union), %g6
ldx [%g6 + TI_TASK], %g4
- mov %sp, %l6

wr %g0, ASI_P, %asi
mov 1, %g1
sllx %g1, THREAD_SHIFT, %g1
sub %g1, (STACKFRAME_SZ + STACK_BIAS), %g1
add %g6, %g1, %sp
- mov 0, %fp

/* Set per-cpu pointer initially to zero, this makes
* the boot-cpu use the in-kernel-image per-cpu areas
@@ -706,44 +704,10 @@ tlb_fixup_done:
nop
#endif

- mov %l6, %o1 ! OpenPROM stack
call prom_init
mov %l7, %o0 ! OpenPROM cif handler

- /* Initialize current_thread_info()->cpu as early as possible.
- * In order to do that accurately we have to patch up the get_cpuid()
- * assembler sequences. And that, in turn, requires that we know
- * if we are on a Starfire box or not. While we're here, patch up
- * the sun4v sequences as well.
- */
- call check_if_starfire
- nop
- call per_cpu_patch
- nop
- call sun4v_patch
- nop
-
-#ifdef CONFIG_SMP
- call hard_smp_processor_id
- nop
- cmp %o0, NR_CPUS
- blu,pt %xcc, 1f
- nop
- call boot_cpu_id_too_large
- nop
- /* Not reached... */
-
-1:
-#else
- mov 0, %o0
-#endif
- sth %o0, [%g6 + TI_CPU]
-
- call prom_init_report
- nop
-
- /* Off we go.... */
- call start_kernel
+ call start_early_boot
nop
/* Not reached... */

diff --git a/arch/sparc/kernel/hvtramp.S b/arch/sparc/kernel/hvtramp.S
index b7ddcdd..cdbfec2 100644
--- a/arch/sparc/kernel/hvtramp.S
+++ b/arch/sparc/kernel/hvtramp.S
@@ -109,7 +109,6 @@ hv_cpu_startup:
sllx %g5, THREAD_SHIFT, %g5
sub %g5, (STACKFRAME_SZ + STACK_BIAS), %g5
add %g6, %g5, %sp
- mov 0, %fp

call init_irqwork_curcpu
nop
diff --git a/arch/sparc/kernel/setup_64.c b/arch/sparc/kernel/setup_64.c
index e629b83..c38d19f 100644
--- a/arch/sparc/kernel/setup_64.c
+++ b/arch/sparc/kernel/setup_64.c
@@ -30,6 +30,7 @@
#include <linux/cpu.h>
#include <linux/initrd.h>
#include <linux/module.h>
+#include <linux/start_kernel.h>

#include <asm/io.h>
#include <asm/processor.h>
@@ -162,7 +163,7 @@ char reboot_command[COMMAND_LINE_SIZE];

static struct pt_regs fake_swapper_regs = { { 0, }, 0, 0, 0, 0 };

-void __init per_cpu_patch(void)
+static void __init per_cpu_patch(void)
{
struct cpuid_patch_entry *p;
unsigned long ver;
@@ -254,7 +255,7 @@ void sun4v_patch_2insn_range(struct sun4v_2insn_patch_entry *start,
}
}

-void __init sun4v_patch(void)
+static void __init sun4v_patch(void)
{
extern void sun4v_hvapi_init(void);

@@ -323,14 +324,25 @@ static void __init pause_patch(void)
}
}

-#ifdef CONFIG_SMP
-void __init boot_cpu_id_too_large(int cpu)
+void __init start_early_boot(void)
{
- prom_printf("Serious problem, boot cpu id (%d) >= NR_CPUS (%d)\n",
- cpu, NR_CPUS);
- prom_halt();
+ int cpu;
+
+ check_if_starfire();
+ per_cpu_patch();
+ sun4v_patch();
+
+ cpu = hard_smp_processor_id();
+ if (cpu >= NR_CPUS) {
+ prom_printf("Serious problem, boot cpu id (%d) >= NR_CPUS (%d)\n",
+ cpu, NR_CPUS);
+ prom_halt();
+ }
+ current_thread_info()->cpu = cpu;
+
+ prom_init_report();
+ start_kernel();
}
-#endif

/* On Ultra, we support all of the v8 capabilities. */
unsigned long sparc64_elf_hwcap = (HWCAP_SPARC_FLUSH | HWCAP_SPARC_STBAR |
diff --git a/arch/sparc/kernel/trampoline_64.S b/arch/sparc/kernel/trampoline_64.S
index 737f8cb..88ede1d 100644
--- a/arch/sparc/kernel/trampoline_64.S
+++ b/arch/sparc/kernel/trampoline_64.S
@@ -109,10 +109,13 @@ startup_continue:
brnz,pn %g1, 1b
nop

- sethi %hi(p1275buf), %g2
- or %g2, %lo(p1275buf), %g2
- ldx [%g2 + 0x10], %l2
- add %l2, -(192 + 128), %sp
+ /* Get onto temporary stack which will be in the locked
+ * kernel image.
+ */
+ sethi %hi(tramp_stack), %g1
+ or %g1, %lo(tramp_stack), %g1
+ add %g1, TRAMP_STACK_SIZE, %g1
+ sub %g1, STACKFRAME_SZ + STACK_BIAS + 256, %sp
flushw

/* Setup the loop variables:
@@ -394,7 +397,6 @@ after_lock_tlb:
sllx %g5, THREAD_SHIFT, %g5
sub %g5, (STACKFRAME_SZ + STACK_BIAS), %g5
add %g6, %g5, %sp
- mov 0, %fp

rdpr %pstate, %o1
or %o1, PSTATE_IE, %o1
diff --git a/arch/sparc/prom/cif.S b/arch/sparc/prom/cif.S
index 9c86b4b..8050f38 100644
--- a/arch/sparc/prom/cif.S
+++ b/arch/sparc/prom/cif.S
@@ -11,11 +11,10 @@
.text
.globl prom_cif_direct
prom_cif_direct:
+ save %sp, -192, %sp
sethi %hi(p1275buf), %o1
or %o1, %lo(p1275buf), %o1
- ldx [%o1 + 0x0010], %o2 ! prom_cif_stack
- save %o2, -192, %sp
- ldx [%i1 + 0x0008], %l2 ! prom_cif_handler
+ ldx [%o1 + 0x0008], %l2 ! prom_cif_handler
mov %g4, %l0
mov %g5, %l1
mov %g6, %l3
diff --git a/arch/sparc/prom/init_64.c b/arch/sparc/prom/init_64.c
index d95db75..110b0d7 100644
--- a/arch/sparc/prom/init_64.c
+++ b/arch/sparc/prom/init_64.c
@@ -26,13 +26,13 @@ phandle prom_chosen_node;
* It gets passed the pointer to the PROM vector.
*/

-extern void prom_cif_init(void *, void *);
+extern void prom_cif_init(void *);

-void __init prom_init(void *cif_handler, void *cif_stack)
+void __init prom_init(void *cif_handler)
{
phandle node;

- prom_cif_init(cif_handler, cif_stack);
+ prom_cif_init(cif_handler);

prom_chosen_node = prom_finddevice(prom_chosen_path);
if (!prom_chosen_node || (s32)prom_chosen_node == -1)
diff --git a/arch/sparc/prom/p1275.c b/arch/sparc/prom/p1275.c
index b2340f0..545d8bb 100644
--- a/arch/sparc/prom/p1275.c
+++ b/arch/sparc/prom/p1275.c
@@ -20,7 +20,6 @@
struct {
long prom_callback; /* 0x00 */
void (*prom_cif_handler)(long *); /* 0x08 */
- unsigned long prom_cif_stack; /* 0x10 */
} p1275buf;

extern void prom_world(int);
@@ -52,5 +51,4 @@ void p1275_cmd_direct(unsigned long *args)
void prom_cif_init(void *cif_handler, void *cif_stack)
{
p1275buf.prom_cif_handler = (void (*)(long *))cif_handler;
- p1275buf.prom_cif_stack = (unsigned long)cif_stack;
}
--
1.8.1.2
Meelis Roos
2014-10-16 07:02:57 UTC
Permalink
Post by David Miller
Post by m***@linux.ee
Post by David Miller
Post by Joonsoo Kim
I'd like to know that your another problem is related to commit
bf0dea23a9c0 ("mm/slab: use percpu allocator for cpu cache"). So,
if the commit is reverted, your another problem is also gone
completely?
The other problem has been present forever.
Umm? I am afraid I have been describing it badly. This random
SIGBUS+SIGSEGV problem is new - I have not seen it before.
Sorry, I thought it was the same bug that causes git corruptions
for you. I misunderstood.
Post by m***@linux.ee
I have been able to do kernel compiles for years on sparc64 (modulo
specific bugs in specific configurations) and 3.17 + start/end swap
patch seems also stable for most machine. With yesterdays git + align
patch, it dies with SIGBUS multiple times during compilation so it's a
new regression for me.
Will try reverting that commit tomorrow.
If that fails, please try to bisect, it will help us a lot.
Commit bf0dea23a9c0 is working OK with no revert needed (checked out
this revision and it tested OK).

So far I know that the breakage seems to have happened between
cadbb58039f7cab1def9c931012ab04c953a6997 (first sparc commit of
the batch, working OK on V100) and
bdcf81b658ebc4c2640c3c2c55c8b31c601b6996 (last sparc commit before the
merge, breaks on E3500). Will continue bisecting the sparc64 commits.

Also, I noticed that when the problem happens, it's deterministic - with
some kernels, sshd dies reproducibly on login. With most kernels,
building kernel breaks in one specific location, not randomly.

scripts/Makefile.build:352: recipe for target 'sound/modules.order' failed
make[1]: *** [sound/modules.order] Bus error
make[1]: *** Deleting file 'sound/modules.order'
Makefile:929: recipe for target 'sound' failed

Will tell when I get more details.
--
Meelis Roos (***@linux.ee)

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to ***@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"***@kvack.org"> ***@kvack.org </a>
David Miller
2014-10-16 20:07:42 UTC
Permalink
From: Meelis Roos <***@linux.ee>
Date: Thu, 16 Oct 2014 10:02:57 +0300 (EEST)
Post by Meelis Roos
scripts/Makefile.build:352: recipe for target 'sound/modules.order' failed
make[1]: *** [sound/modules.order] Bus error
make[1]: *** Deleting file 'sound/modules.order'
Makefile:929: recipe for target 'sound' failed
I just reproduced this on my Sun Blade 2500, so it can trigger on UltraSPARC-IIIi
systems too.

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to ***@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"***@kvack.org"> ***@kvack.org </a>
Meelis Roos
2014-10-16 20:16:44 UTC
Permalink
Post by David Miller
Post by Meelis Roos
scripts/Makefile.build:352: recipe for target 'sound/modules.order' failed
make[1]: *** [sound/modules.order] Bus error
make[1]: *** Deleting file 'sound/modules.order'
Makefile:929: recipe for target 'sound' failed
I just reproduced this on my Sun Blade 2500, so it can trigger on UltraSPARC-IIIi
systems too.
My bisection led to the folloowing commit but it seems irrelevant (I
have no sun4v on these machines):

4ccb9272892c33ef1c19a783cfa87103b30c2784 is the first bad commit
commit 4ccb9272892c33ef1c19a783cfa87103b30c2784
Author: bob picco <***@meloft.net>
Date: Tue Sep 16 09:26:47 2014 -0400

sparc64: sun4v TLB error power off events


However, the following chunk sound slightly suspicious:

+ if (fault_code & FAULT_CODE_BAD_RA)
+ goto do_sigbus;
+

because SIGNUS is what I got. For some machines, it killed chekroot
during startup, for some shells under some circumstances, for some sshd.
--
Meelis Roos (***@linux.ee)
--
To unsubscribe from this list: send the line "unsubscribe sparclinux" in
the body of a message to ***@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
David Miller
2014-10-16 20:20:01 UTC
Permalink
From: Meelis Roos <***@linux.ee>
Date: Thu, 16 Oct 2014 23:16:44 +0300 (EEST)
Post by Meelis Roos
Post by David Miller
Post by Meelis Roos
scripts/Makefile.build:352: recipe for target 'sound/modules.order' failed
make[1]: *** [sound/modules.order] Bus error
make[1]: *** Deleting file 'sound/modules.order'
Makefile:929: recipe for target 'sound' failed
I just reproduced this on my Sun Blade 2500, so it can trigger on UltraSPARC-IIIi
systems too.
My bisection led to the folloowing commit but it seems irrelevant (I
4ccb9272892c33ef1c19a783cfa87103b30c2784 is the first bad commit
commit 4ccb9272892c33ef1c19a783cfa87103b30c2784
Date: Tue Sep 16 09:26:47 2014 -0400
sparc64: sun4v TLB error power off events
+ if (fault_code & FAULT_CODE_BAD_RA)
+ goto do_sigbus;
+
because SIGNUS is what I got. For some machines, it killed chekroot
during startup, for some shells under some circumstances, for some sshd.
Good catch!

So I'm going to audit all the code paths to make sure we don't put garbage
into the fault_code value.

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to ***@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"***@kvack.org"> ***@kvack.org </a>
David Miller
2014-10-16 20:50:17 UTC
Permalink
From: David Miller <***@redhat.com>
Date: Thu, 16 Oct 2014 16:20:01 -0400 (EDT)
Post by David Miller
So I'm going to audit all the code paths to make sure we don't put garbage
into the fault_code value.
There are two code paths where we can put garbage into the fault_code
value. And for the dtlb_prot.S case, the value we put in there is
TLB_TAG_ACCESS which is 0x30, which include bit 0x20 which is that
FAULT_CODE_BAD_RA indication which is erroneously triggering.

The other path is via hugepage TLB misses, for the situation where
we haven't allocated the huge TSB for the thread yet. That might
explain some other longer-term problems we've had.

I'm about to test the following fix:

diff --git a/arch/sparc/kernel/dtlb_prot.S b/arch/sparc/kernel/dtlb_prot.S
index b2c2c5b..d668ca14 100644
--- a/arch/sparc/kernel/dtlb_prot.S
+++ b/arch/sparc/kernel/dtlb_prot.S
@@ -24,11 +24,11 @@
mov TLB_TAG_ACCESS, %g4 ! For reload of vaddr

/* PROT ** ICACHE line 2: More real fault processing */
+ ldxa [%g4] ASI_DMMU, %g5 ! Put tagaccess in %g5
bgu,pn %xcc, winfix_trampoline ! Yes, perform winfixup
- ldxa [%g4] ASI_DMMU, %g5 ! Put tagaccess in %g5
- ba,pt %xcc, sparc64_realfault_common ! Nope, normal fault
mov FAULT_CODE_DTLB | FAULT_CODE_WRITE, %g4
- nop
+ ba,pt %xcc, sparc64_realfault_common ! Nope, normal fault
+ nop
nop
nop
nop
diff --git a/arch/sparc/kernel/tsb.S b/arch/sparc/kernel/tsb.S
index 14158d4..be98685 100644
--- a/arch/sparc/kernel/tsb.S
+++ b/arch/sparc/kernel/tsb.S
@@ -162,10 +162,10 @@ tsb_miss_page_table_walk_sun4v_fastpath:
nop
.previous

- rdpr %tl, %g3
- cmp %g3, 1
+ rdpr %tl, %g7
+ cmp %g7, 1
bne,pn %xcc, winfix_trampoline
- nop
+ mov %g3, %g4
ba,pt %xcc, etrap
rd %pc, %g7
call hugetlb_setup
Meelis Roos
2014-10-17 11:12:09 UTC
Permalink
Post by David Miller
Date: Thu, 16 Oct 2014 16:20:01 -0400 (EDT)
Post by David Miller
So I'm going to audit all the code paths to make sure we don't put garbage
into the fault_code value.
There are two code paths where we can put garbage into the fault_code
value. And for the dtlb_prot.S case, the value we put in there is
TLB_TAG_ACCESS which is 0x30, which include bit 0x20 which is that
FAULT_CODE_BAD_RA indication which is erroneously triggering.
The other path is via hugepage TLB misses, for the situation where
we haven't allocated the huge TSB for the thread yet. That might
explain some other longer-term problems we've had.
Thank you - it seems to work fine for me on E3500 on top of
3.17.0-07551-g052db7e + slab alignment fix.

However, on top of mainline HEAD 3.17.0-09670-g0429fbc it explodes with
scheduler BUG - just reported to LKML + sched maintainers.
--
Meelis Roos (***@linux.ee)
--
To unsubscribe from this list: send the line "unsubscribe sparclinux" in
the body of a message to ***@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
David Miller
2014-10-18 17:59:07 UTC
Permalink
From: Meelis Roos <***@linux.ee>
Date: Fri, 17 Oct 2014 14:12:09 +0300 (EEST)
Post by Meelis Roos
However, on top of mainline HEAD 3.17.0-09670-g0429fbc it explodes with
scheduler BUG - just reported to LKML + sched maintainers.
task_stack_end_corrupted() cannot work properly on sparc64.

It stores the magic value at "task_thread_info(p) + 1", but on
sparc64 that's where we store the nested array of FPU register
saves.

In fact this facility could be corrupting FPU register state in
certain circumstances.

The current sparc64 design is intentional, the CPU stack grows down
toward the thread_info, and the FPU stack saving area grows up from
the end of thread_info.

I don't want to define the array size of the fpregs save area
explicitly and thereby placing an artificial limit there.
--
To unsubscribe from this list: send the line "unsubscribe sparclinux" in
the body of a message to ***@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
David Miller
2014-10-18 18:23:35 UTC
Permalink
From: David Miller <***@davemloft.net>
Date: Sat, 18 Oct 2014 13:59:07 -0400 (EDT)
Post by David Miller
I don't want to define the array size of the fpregs save area
explicitly and thereby placing an artificial limit there.
Nevermind, it seems we have a hard limit of 7 FPU save areas anyways.

Meelis, please try this patch:

diff --git a/arch/sparc/include/asm/thread_info_64.h b/arch/sparc/include/asm/thread_info_64.h
index f85dc85..cc6275c 100644
--- a/arch/sparc/include/asm/thread_info_64.h
+++ b/arch/sparc/include/asm/thread_info_64.h
@@ -63,7 +63,8 @@ struct thread_info {
struct pt_regs *kern_una_regs;
unsigned int kern_una_insn;

- unsigned long fpregs[0] __attribute__ ((aligned(64)));
+ unsigned long fpregs[(7 * 256) / sizeof(unsigned long)]
+ __attribute__ ((aligned(64)));
};

#endif /* !(__ASSEMBLY__) */

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to ***@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"***@kvack.org"> ***@kvack.org </a>
Meelis Roos
2014-10-19 12:31:56 UTC
Permalink
Post by David Miller
Post by David Miller
I don't want to define the array size of the fpregs save area
explicitly and thereby placing an artificial limit there.
Nevermind, it seems we have a hard limit of 7 FPU save areas anyways.
Works fine with 3.17.0-09670-g0429fbc + fault patch.

Will try current git next to find any new problems :)
--
Meelis Roos (***@linux.ee)
--
To unsubscribe from this list: send the line "unsubscribe sparclinux" in
the body of a message to ***@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Meelis Roos
2014-10-19 17:12:43 UTC
Permalink
Post by Meelis Roos
Post by David Miller
Post by David Miller
I don't want to define the array size of the fpregs save area
explicitly and thereby placing an artificial limit there.
Nevermind, it seems we have a hard limit of 7 FPU save areas anyways.
Works fine with 3.17.0-09670-g0429fbc + fault patch.
Will try current git next to find any new problems :)
Works on all 3 machines, with latest git (only had to apply the no-ipv6
patch on one of them). Thank you for the good work!
--
Meelis Roos (***@linux.ee)

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to ***@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"***@kvack.org"> ***@kvack.org </a>
David Miller
2014-10-19 17:18:55 UTC
Permalink
From: Meelis Roos <***@linux.ee>
Date: Sun, 19 Oct 2014 20:12:43 +0300 (EEST)
Post by Meelis Roos
Post by Meelis Roos
Post by David Miller
Post by David Miller
I don't want to define the array size of the fpregs save area
explicitly and thereby placing an artificial limit there.
Nevermind, it seems we have a hard limit of 7 FPU save areas anyways.
Works fine with 3.17.0-09670-g0429fbc + fault patch.
Will try current git next to find any new problems :)
Works on all 3 machines, with latest git (only had to apply the no-ipv6
patch on one of them). Thank you for the good work!
Thanks for testing.

Hopefully we can kill the gcc-4.9 bug next, and then see if that
exit_mmap() crash is still happening.
--
To unsubscribe from this list: send the line "unsubscribe sparclinux" in
the body of a message to ***@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Sam Ravnborg
2014-10-19 15:32:20 UTC
Permalink
Post by David Miller
Date: Sat, 18 Oct 2014 13:59:07 -0400 (EDT)
Post by David Miller
I don't want to define the array size of the fpregs save area
explicitly and thereby placing an artificial limit there.
Nevermind, it seems we have a hard limit of 7 FPU save areas anyways.
diff --git a/arch/sparc/include/asm/thread_info_64.h b/arch/sparc/include/asm/thread_info_64.h
index f85dc85..cc6275c 100644
--- a/arch/sparc/include/asm/thread_info_64.h
+++ b/arch/sparc/include/asm/thread_info_64.h
@@ -63,7 +63,8 @@ struct thread_info {
struct pt_regs *kern_una_regs;
unsigned int kern_una_insn;
- unsigned long fpregs[0] __attribute__ ((aligned(64)));
+ unsigned long fpregs[(7 * 256) / sizeof(unsigned long)]
+ __attribute__ ((aligned(64)));
Could be written as __aligned(64)

Sam
--
To unsubscribe from this list: send the line "unsubscribe sparclinux" in
the body of a message to ***@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
David Miller
2014-10-19 17:27:37 UTC
Permalink
From: Sam Ravnborg <***@ravnborg.org>
Date: Sun, 19 Oct 2014 17:32:20 +0200
Post by Sam Ravnborg
Post by David Miller
+ __attribute__ ((aligned(64)));
Could be written as __aligned(64)
I'll try to remember to sweep this up in sparc-next, thanks Sam.

We probably use this long-hand form in a lot of other places in
the sparc code too, so I'll try to do a full sweep.

Thanks again.

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to ***@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"***@kvack.org"> ***@kvack.org </a>
Sam Ravnborg
2014-10-19 19:55:53 UTC
Permalink
Post by David Miller
Date: Sun, 19 Oct 2014 17:32:20 +0200
Post by Sam Ravnborg
Post by David Miller
+ __attribute__ ((aligned(64)));
Could be written as __aligned(64)
I'll try to remember to sweep this up in sparc-next, thanks Sam.
We probably use this long-hand form in a lot of other places in
the sparc code too, so I'll try to do a full sweep.
Another related one would be a full sweep of "__asm__ __volatile__"
to the shorter version "asm volatile".

The latter is used in a few places in sparc already - so toolchain supports it.

I got hits in:
include/asm/irqflags_32.h: asm volatile("rd %%psr, %0" : "=r" (flags));
include/asm/processor_64.h:#define cpu_relax() asm volatile("\n99:\n\t" \
kernel/kprobes.c: asm volatile(".global kretprobe_trampoline\n"

But this would touch 93 files. Thats too much crunch :-(

Sam

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to ***@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"***@kvack.org"> ***@kvack.org </a>
Meelis Roos
2014-10-16 20:20:11 UTC
Permalink
Post by David Miller
I just reproduced this on my Sun Blade 2500, so it can trigger on UltraSPARC-IIIi
systems too.
I looked it up - V210 and V440 are also IIIi, not plain III. So I do not
have information about real USIII, sorry for confusion.
--
Meelis Roos (***@linux.ee)
--
To unsubscribe from this list: send the line "unsubscribe sparclinux" in
the body of a message to ***@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Meelis Roos
2014-10-16 20:40:49 UTC
Permalink
Post by Meelis Roos
Post by David Miller
I just reproduced this on my Sun Blade 2500, so it can trigger on UltraSPARC-IIIi
systems too.
I looked it up - V210 and V440 are also IIIi, not plain III. So I do not
have information about real USIII, sorry for confusion.
Brr, I just understood I confused 2 problems with the same subject. You
are talking about SIGBUS problem that is also happening on IIIi, my last
comment is about gcc-4.9 problem so please just ignore it.
--
Meelis Roos (***@linux.ee)

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to ***@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"***@kvack.org"> ***@kvack.org </a>
Loading...