[+Cc x86 maintainers] On Mon, Mar 29, 2021 at 11:11AM +0000, Sarvela, Tomi P wrote: > Hello, > > I'm Tomi Sarvela, maintainer and original creator of linux i915-CI: > https://intel-gfx-ci.01.org/ > > I got a hint from Martin Peres about kfence functionality in kernel, and it > looked > something we'd like to enable in future CI runs so I made a trial run on > DRM-Tip. > We've had regular KASAN-enabled runs, so the expectation was that there > wouldn't be too many new problems exposed. > > On this run two issues were found, where one is clearly kernel (GUC) issue, > but another looked a lot like kfence issue on old platforms. Affected > were IVB, SNB and ILK, with bug signature being: > > <3> [31.556004] BUG: using smp_processor_id() in preemptible [00000000] code: > ... > <4> [31.556070] caller is invalidate_user_asid+0x13/0x50 > > I'm not a kernel developer myself, so I can't make hard assertions > where the issue originates. In comparison to kernel without kfence, > it looks like the newly enabled code is the cause because the > "BUG: KFENCE" signature is missing from the trace > > Can someone take a look at the traces and verify if the kfence issue > exists and is not related to the rest of the kernel? > > If there is an issue tracker, I can add this information there. > > Example traces: > https://intel-gfx-ci.01.org/tree/drm-tip/kfence_1/fi-ivb-3770/igt@gem_ctx_cre...@basic-files.html > > https://intel-gfx-ci.01.org/tree/drm-tip/kfence_1/fi-snb-2520m/igt@gem_ctx_cre...@basic-files.html > > https://intel-gfx-ci.01.org/tree/drm-tip/kfence_1/fi-ilk-650/igt@gem_exec_cre...@basic.html > > Kfence-exposed possible GUC issue: > https://intel-gfx-ci.01.org/tree/drm-tip/kfence_1/fi-kbl-guc/igt@kms_addfb_ba...@addfb25-modifier-no-flag.html > > All results can be seen at: > https://intel-gfx-ci.01.org/tree/drm-tip/kfence_1/index.html > > CI_DRM_9910 is recent DRM-Tip commit without -rc5 pulled in yet. > kfence_1 is same commit with kfence defaults turned on: [...]
It looks like the code path from flush_tlb_one_kernel() to invalidate_user_asid()'s this_cpu_ptr() has several feature checks, so probably some feature difference between systems where it triggers and it doesn't. As far as I'm aware, there is no restriction on where flush_tlb_one_kernel() is called. We could of course guard it but I think that's wrong. Other than that, I hope the x86 maintainers know what's going on here. Just for reference, the stack traces in the above logs start with: | <3> [31.556004] BUG: using smp_processor_id() in preemptible [00000000] code: dmesg/1075 | <4> [31.556070] caller is invalidate_user_asid+0x13/0x50 | <4> [31.556078] CPU: 6 PID: 1075 Comm: dmesg Not tainted 5.12.0-rc4-gda4a2b1a5479-kfence_1+ #1 | <4> [31.556081] Hardware name: Hewlett-Packard HP Pro 3500 Series/2ABF, BIOS 8.11 10/24/2012 | <4> [31.556084] Call Trace: | <4> [31.556088] dump_stack+0x7f/0xad | <4> [31.556097] check_preemption_disabled+0xc8/0xd0 | <4> [31.556104] invalidate_user_asid+0x13/0x50 | <4> [31.556109] flush_tlb_one_kernel+0x5/0x20 | <4> [31.556113] kfence_protect+0x56/0x80 | ........... Thanks, -- Marco
