aboutsummaryrefslogtreecommitdiffstats
path: root/arch/ia64/kernel
diff options
context:
space:
mode:
authorHidetoshi Seto <[seto.hidetoshi@jp.fujitsu.com]>2009-08-06 17:51:56 -0400
committerTony Luck <tony.luck@intel.com>2009-09-14 19:17:05 -0400
commit4295ab34883d2070b1145e14f4619478e9788807 (patch)
tree59a0060b2bd74abcc5e972bf8b4fe569fc137f62 /arch/ia64/kernel
parent74fca6a42863ffacaf7ba6f1936a9f228950f657 (diff)
[IA64] kdump: Mask MCA/INIT on frozen cpus
Summary: INIT asserted on kdump kernel invokes INIT handler not only on a cpu that running on the kdump kernel, but also BSP of the panicked kernel, because the (badly) frozen BSP can be thawed by INIT. Description: The kdump_cpu_freeze() is called on cpus except one that initiates panic and/or kdump, to stop/offline the cpu (on ia64, it means we pass control of cpus to SAL, or put them in spinloop). Note that CPU0(BSP) always go to spinloop, so if panic was happened on an AP, there are at least 2cpus (= the AP and BSP) which not back to SAL. On the spinning cpus, interrupts are disabled (rsm psr.i), but INIT is still interruptible because psr.mc for mask them is not set unless kdump_cpu_freeze() is not called from MCA/INIT context. Therefore, assume that a panic was happened on an AP, kdump was invoked, new INIT handlers for kdump kernel was registered and then an INIT is asserted. From the viewpoint of SAL, there are 2 online cpus, so INIT will be delivered to both of them. It likely means that not only the AP (= a cpu executing kdump) enters INIT handler which is newly registered, but also BSP (= another cpu spinning in panicked kernel) enters the same INIT handler. Of course setting of registers in BSP are still old (for panicked kernel), so what happen with running handler with wrong setting will be extremely unexpected. I believe this is not desirable behavior. How to Reproduce: Start kdump on one of APs (e.g. cpu1) # taskset 0x2 echo c > /proc/sysrq-trigger Then assert INIT after kdump kernel is booted, after new INIT handler for kdump kernel is registered. Expected results: An INIT handler is invoked only on the AP. Actual results: An INIT handler is invoked on the AP and BSP. Sample of results: I got following console log by asserting INIT after prompt "root:/>". It seems that two monarchs appeared by one INIT, and one panicked at last. And it also seems that the panicked one supposed there were 4 online cpus and no one did rendezvous: : [ 0 %]dropping to initramfs shell exiting this shell will reboot your system root:/> Entered OS INIT handler. PSP=fff301a0 cpu=0 monarch=0 ia64_init_handler: Promoting cpu 0 to monarch. Delaying for 5 seconds... All OS INIT slaves have reached rendezvous Processes interrupted by INIT - 0 (cpu 0 task 0xa000000100af0000) : <<snip>> : Entered OS INIT handler. PSP=fff301a0 cpu=0 monarch=1 Delaying for 5 seconds... mlogbuf_finish: printing switched to urgent mode, MCA/INIT might be dodgy or fail. OS INIT slave did not rendezvous on cpu 1 2 3 INIT swapper 0[0]: bugcheck! 0 [1] : <<snip>> : Kernel panic - not syncing: Attempted to kill the idle task! Proposed fix: To avoid this problem, this patch inserts ia64_set_psr_mc() to mask INIT on cpus going to be frozen. This masking have no effect if the kdump_cpu_freeze() is called from INIT handler when kdump_on_init == 1, because psr.mc is already turned on to 1 before entering OS_INIT. I confirmed that weird log like above are disappeared after applying this patch. Signed-off-by: Hidetoshi Seto <seto.hidetoshi@jp.fujitsu.com> Cc: Vivek Goyal <vgoyal@redhat.com> Cc: Haren Myneni <hbabu@us.ibm.com> Cc: kexec@lists.infradead.org Acked-by: Fenghua Yu <fenghua.yu@intel.com> Signed-off-by: Tony Luck <tony.luck@intel.com>
Diffstat (limited to 'arch/ia64/kernel')
-rw-r--r--arch/ia64/kernel/crash.c4
-rw-r--r--arch/ia64/kernel/head.S2
-rw-r--r--arch/ia64/kernel/mca_asm.S27
3 files changed, 32 insertions, 1 deletions
diff --git a/arch/ia64/kernel/crash.c b/arch/ia64/kernel/crash.c
index f065093f8e9b..3f3a5797d198 100644
--- a/arch/ia64/kernel/crash.c
+++ b/arch/ia64/kernel/crash.c
@@ -129,10 +129,14 @@ void
129kdump_cpu_freeze(struct unw_frame_info *info, void *arg) 129kdump_cpu_freeze(struct unw_frame_info *info, void *arg)
130{ 130{
131 int cpuid; 131 int cpuid;
132
132 local_irq_disable(); 133 local_irq_disable();
133 cpuid = smp_processor_id(); 134 cpuid = smp_processor_id();
134 crash_save_this_cpu(); 135 crash_save_this_cpu();
135 current->thread.ksp = (__u64)info->sw - 16; 136 current->thread.ksp = (__u64)info->sw - 16;
137
138 ia64_set_psr_mc(); /* mask MCA/INIT and stop reentrance */
139
136 atomic_inc(&kdump_cpu_frozen); 140 atomic_inc(&kdump_cpu_frozen);
137 kdump_status[cpuid] = 1; 141 kdump_status[cpuid] = 1;
138 mb(); 142 mb();
diff --git a/arch/ia64/kernel/head.S b/arch/ia64/kernel/head.S
index 23f846de62d5..e1f97ac9eefd 100644
--- a/arch/ia64/kernel/head.S
+++ b/arch/ia64/kernel/head.S
@@ -1242,7 +1242,7 @@ GLOBAL_ENTRY(ia64_jump_to_sal)
1242 movl r16=SAL_PSR_BITS_TO_SET;; 1242 movl r16=SAL_PSR_BITS_TO_SET;;
1243 mov cr.ipsr=r16 1243 mov cr.ipsr=r16
1244 mov cr.ifs=r0;; 1244 mov cr.ifs=r0;;
1245 rfi;; 1245 rfi;; // note: this unmask MCA/INIT (psr.mc)
12461: 12461:
1247 /* 1247 /*
1248 * Invalidate all TLB data/inst 1248 * Invalidate all TLB data/inst
diff --git a/arch/ia64/kernel/mca_asm.S b/arch/ia64/kernel/mca_asm.S
index a06d46548ff9..8d2eabe3119f 100644
--- a/arch/ia64/kernel/mca_asm.S
+++ b/arch/ia64/kernel/mca_asm.S
@@ -1073,3 +1073,30 @@ GLOBAL_ENTRY(ia64_get_rnat)
1073 mov ar.rsc=3 1073 mov ar.rsc=3
1074 br.ret.sptk.many rp 1074 br.ret.sptk.many rp
1075END(ia64_get_rnat) 1075END(ia64_get_rnat)
1076
1077
1078// void ia64_set_psr_mc(void)
1079//
1080// Set psr.mc bit to mask MCA/INIT.
1081GLOBAL_ENTRY(ia64_set_psr_mc)
1082 rsm psr.i | psr.ic // disable interrupts
1083 ;;
1084 srlz.d
1085 ;;
1086 mov r14 = psr // get psr{36:35,31:0}
1087 movl r15 = 1f
1088 ;;
1089 dep r14 = -1, r14, PSR_MC, 1 // set psr.mc
1090 ;;
1091 dep r14 = -1, r14, PSR_IC, 1 // set psr.ic
1092 ;;
1093 dep r14 = -1, r14, PSR_BN, 1 // keep bank1 in use
1094 ;;
1095 mov cr.ipsr = r14
1096 mov cr.ifs = r0
1097 mov cr.iip = r15
1098 ;;
1099 rfi
11001:
1101 br.ret.sptk.many rp
1102END(ia64_set_psr_mc)