git: kernel - Lower VM_MAX_USER_ADDRESS to finalize work-around for Ryzen bug

Matthew Dillon dillon at crater.dragonflybsd.org
Wed Aug 9 22:53:54 PDT 2017 

commit 11ba7f73d6e534d54da55d5c4a1ac1553cc62b45
Author: Matthew Dillon <dillon at apollo.backplane.com>
Date:   Wed Aug 9 22:20:52 2017 -0700

    kernel - Lower VM_MAX_USER_ADDRESS to finalize work-around for Ryzen bug
    
    * Reduce VM_MAX_USER_ADDRESS by 2MB, effectively making the top 2MB of the
      user address space unmappable.  The user stack now starts 2MB down from
      where it did before.  Theoretically we only need to reduce the top of
      the user address space by 4KB, but doing it by 2MB may be more useful for
      future page table optimizations.
    
    * As per AMD, Ryzen has an issue when the instruction pre-fetcher crosses
      from canonical to non-canonical address space.  This can only occur at
      the top of the user stack.
    
      In DragonFlyBSD, the signal trampoline resides at the top of the user stack
      and an IRETQ into it can cause a Ryzen box to lockup and destabilize due
      to this action.  The bug case was, basically two cpu threads on the same
      core, one in a cpu-bound loop of some sort while the other takes a normal
      UNIX signal (causing the IRETQ into the signal trampoline).  The IRETQ
      microcode freezes until the cpu-bound loop terminates, preventing the
      cpu thread from being able to take any interrupt or IPI whatsoever for
      the duration, and the cpu may destabilize afterwords as well.
    
    * The pre-fetcher is somewhat heuristical, so just moving the trampoline
      down is no guarantee if the top 4KB of the user stack is mapped or mappable.
      It is better to make the boundary unmappable by userland.
    
    * Bug first tracked down by myself in early 2017.  AMD validated the bug
      and determined that unmapping the boundary page completely solves the
      issue.
    
    * Also retain the code which places the signal trampoline in its own page
      so we can maintain separate protection settings for the code, and make it
      read-only (R+X).

Summary of changes:
 sys/cpu/x86_64/include/signal.h          |  5 +++++
 sys/kern/kern_exec.c                     | 10 ++--------
 sys/platform/pc64/include/vmparam.h      | 10 +++++++++-
 sys/platform/vkernel64/include/vmparam.h |  9 ++++++++-
 4 files changed, 24 insertions(+), 10 deletions(-)

http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/11ba7f73d6e534d54da55d5c4a1ac1553cc62b45


-- 
DragonFly BSD source repository

More information about the Commits mailing list