commit 3dd083255ddcfa87751fa8e32f61a9547a15a541 · tjh.dev/kernel

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

[PATCH] x86_64: Set up safe page tables during resume

The following patch makes swsusp avoid the possible temporary corruption
of page translation tables during resume on x86-64. This is achieved by
creating a copy of the relevant page tables that will not be modified by
swsusp and can be safely used by it on resume.

The problem is that during resume on x86-64 swsusp may temporarily
corrupt the page tables used for the direct mapping of RAM. If that
happens, a page fault occurs and cannot be handled properly, which leads
to the solid hang of the affected system. This leads to the loss of the
system's state from before suspend and may result in the loss of data or
the corruption of filesystems, so it is a serious issue. Also, it
appears to happen quite often (for me, as often as 50% of the time).

The problem is related to the fact that (at least) one of the PMD
entries used in the direct memory mapping (starting at PAGE_OFFSET)
points to a page table the physical address of which is much greater
than the physical address of the PMD entry itself. Moreover,
unfortunately, the physical address of the page table before suspend
(i.e. the one stored in the suspend image) happens to be different to
the physical address of the corresponding page table used during resume
(i.e. the one that is valid right before swsusp_arch_resume() in
arch/x86_64/kernel/suspend_asm.S is executed). Thus while the image is
restored, the "offending" PMD entry gets overwritten, so it does not
point to the right physical address any more (i.e. there's no page
table at the address pointed to by it, because it points to the address
the page table has been at during suspend). Consequently, if the PMD
entry is used later on, and it _is_ used in the process of copying the
image pages, a page fault occurs, but it cannot be handled in the normal
way and the system hangs.

In principle we can call create_resume_mapping() from
swsusp_arch_resume() (ie. from suspend_asm.S), but then the memory
allocations in create_resume_mapping(), resume_pud_mapping(), and
resume_pmd_mapping() must be made carefully so that we use _only_
NosaveFree pages in them (the other pages are overwritten by the loop in
swsusp_arch_resume()). Additionally, we are in atomic context at that
time, so we cannot use GFP_KERNEL. Moreover, if one of the allocations
fails, we should free all of the allocated pages, so we need to trace
them somehow.

All of this is done in the appended patch, except that the functions
populating the page tables are located in arch/x86_64/kernel/suspend.c
rather than in init.c. It may be done in a more elegan way in the
future, with the help of some swsusp patches that are in the works now.

[AK: move some externs into headers, renamed a function]

Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

authored by Rafael J. Wysocki and committed by Linus Torvalds 20 years ago 3dd08325 52a2d3e4

+144 -9

4 changed files

expand all

unified split

arch

x86_64

kernel

suspend.c

suspend_asm.S

include

linux

suspend.h

kernel

power

swsusp.c

+127

arch/x86_64/kernel/suspend.c

··· 11 #include <linux/smp.h> 12 #include <linux/suspend.h> 13 #include <asm/proto.h> 14 15 struct saved_context saved_context; 16 ··· 142 143 } 144 145

··· 11 #include <linux/smp.h> 12 #include <linux/suspend.h> 13 #include <asm/proto.h> 14 + #include <asm/page.h> 15 + #include <asm/pgtable.h> 16 17 struct saved_context saved_context; 18 ··· 140 141 } 142 143 + #ifdef CONFIG_SOFTWARE_SUSPEND 144 + /* Defined in arch/x86_64/kernel/suspend_asm.S */ 145 + extern int restore_image(void); 146 147 + pgd_t *temp_level4_pgt; 148 + 149 + static void **pages; 150 + 151 + static inline void *__add_page(void) 152 + { 153 + void **c; 154 + 155 + c = (void **)get_usable_page(GFP_ATOMIC); 156 + if (c) { 157 + *c = pages; 158 + pages = c; 159 + } 160 + return c; 161 + } 162 + 163 + static inline void *__next_page(void) 164 + { 165 + void **c; 166 + 167 + c = pages; 168 + if (c) { 169 + pages = *c; 170 + *c = NULL; 171 + } 172 + return c; 173 + } 174 + 175 + /* 176 + * Try to allocate as many usable pages as needed and daisy chain them. 177 + * If one allocation fails, free the pages allocated so far 178 + */ 179 + static int alloc_usable_pages(unsigned long n) 180 + { 181 + void *p; 182 + 183 + pages = NULL; 184 + do 185 + if (!__add_page()) 186 + break; 187 + while (--n); 188 + if (n) { 189 + p = __next_page(); 190 + while (p) { 191 + free_page((unsigned long)p); 192 + p = __next_page(); 193 + } 194 + return -ENOMEM; 195 + } 196 + return 0; 197 + } 198 + 199 + static void res_phys_pud_init(pud_t *pud, unsigned long address, unsigned long end) 200 + { 201 + long i, j; 202 + 203 + i = pud_index(address); 204 + pud = pud + i; 205 + for (; i < PTRS_PER_PUD; pud++, i++) { 206 + unsigned long paddr; 207 + pmd_t *pmd; 208 + 209 + paddr = address + i*PUD_SIZE; 210 + if (paddr >= end) 211 + break; 212 + 213 + pmd = (pmd_t *)__next_page(); 214 + set_pud(pud, __pud(__pa(pmd) | _KERNPG_TABLE)); 215 + for (j = 0; j < PTRS_PER_PMD; pmd++, j++, paddr += PMD_SIZE) { 216 + unsigned long pe; 217 + 218 + if (paddr >= end) 219 + break; 220 + pe = _PAGE_NX | _PAGE_PSE | _KERNPG_TABLE | paddr; 221 + pe &= __supported_pte_mask; 222 + set_pmd(pmd, __pmd(pe)); 223 + } 224 + } 225 + } 226 + 227 + static void set_up_temporary_mappings(void) 228 + { 229 + unsigned long start, end, next; 230 + 231 + temp_level4_pgt = (pgd_t *)__next_page(); 232 + 233 + /* It is safe to reuse the original kernel mapping */ 234 + set_pgd(temp_level4_pgt + pgd_index(__START_KERNEL_map), 235 + init_level4_pgt[pgd_index(__START_KERNEL_map)]); 236 + 237 + /* Set up the direct mapping from scratch */ 238 + start = (unsigned long)pfn_to_kaddr(0); 239 + end = (unsigned long)pfn_to_kaddr(end_pfn); 240 + 241 + for (; start < end; start = next) { 242 + pud_t *pud = (pud_t *)__next_page(); 243 + next = start + PGDIR_SIZE; 244 + if (next > end) 245 + next = end; 246 + res_phys_pud_init(pud, __pa(start), __pa(next)); 247 + set_pgd(temp_level4_pgt + pgd_index(start), 248 + mk_kernel_pgd(__pa(pud))); 249 + } 250 + } 251 + 252 + int swsusp_arch_resume(void) 253 + { 254 + unsigned long n; 255 + 256 + n = ((end_pfn << PAGE_SHIFT) + PUD_SIZE - 1) >> PUD_SHIFT; 257 + n += (n + PTRS_PER_PUD - 1) / PTRS_PER_PUD + 1; 258 + pr_debug("swsusp_arch_resume(): pages needed = %lu\n", n); 259 + if (alloc_usable_pages(n)) { 260 + free_eaten_memory(); 261 + return -ENOMEM; 262 + } 263 + /* We have got enough memory and from now on we cannot recover */ 264 + set_up_temporary_mappings(); 265 + restore_image(); 266 + return 0; 267 + } 268 + #endif /* CONFIG_SOFTWARE_SUSPEND */

+11 -6

arch/x86_64/kernel/suspend_asm.S

··· 39 call swsusp_save 40 ret 41 42 - ENTRY(swsusp_arch_resume) 43 - /* set up cr3 */ 44 - leaq init_level4_pgt(%rip),%rax 45 - subq $__START_KERNEL_map,%rax 46 - movq %rax,%cr3 47 - 48 movq mmu_cr4_features(%rip), %rax 49 movq %rax, %rdx 50 andq $~(1<<7), %rdx # PGE ··· 70 movq pbe_next(%rdx), %rdx 71 jmp loop 72 done: 73 /* Flush TLB, including "global" things (vmalloc) */ 74 movq mmu_cr4_features(%rip), %rax 75 movq %rax, %rdx

··· 39 call swsusp_save 40 ret 41 42 + ENTRY(restore_image) 43 + /* switch to temporary page tables */ 44 + movq $__PAGE_OFFSET, %rdx 45 + movq temp_level4_pgt(%rip), %rax 46 + subq %rdx, %rax 47 + movq %rax, %cr3 48 + /* Flush TLB */ 49 movq mmu_cr4_features(%rip), %rax 50 movq %rax, %rdx 51 andq $~(1<<7), %rdx # PGE ··· 69 movq pbe_next(%rdx), %rdx 70 jmp loop 71 done: 72 + /* go back to the original page tables */ 73 + leaq init_level4_pgt(%rip), %rax 74 + subq $__START_KERNEL_map, %rax 75 + movq %rax, %cr3 76 /* Flush TLB, including "global" things (vmalloc) */ 77 movq mmu_cr4_features(%rip), %rax 78 movq %rax, %rdx

include/linux/suspend.h

··· 71 struct saved_context; 72 void __save_processor_state(struct saved_context *ctxt); 73 void __restore_processor_state(struct saved_context *ctxt); 74 75 #endif /* _LINUX_SWSUSP_H */

··· 71 struct saved_context; 72 void __save_processor_state(struct saved_context *ctxt); 73 void __restore_processor_state(struct saved_context *ctxt); 74 + extern unsigned long get_usable_page(unsigned gfp_mask); 75 + extern void free_eaten_memory(void); 76 77 #endif /* _LINUX_SWSUSP_H */

+4 -3

kernel/power/swsusp.c

··· 1095 *eaten_memory = c; 1096 } 1097 1098 - static unsigned long get_usable_page(unsigned gfp_mask) 1099 { 1100 unsigned long m; 1101 ··· 1109 return m; 1110 } 1111 1112 - static void free_eaten_memory(void) 1113 { 1114 unsigned long m; 1115 void **c; ··· 1481 /* Allocate memory for the image and read the data from swap */ 1482 1483 error = check_pagedir(pagedir_nosave); 1484 - free_eaten_memory(); 1485 if (!error) 1486 error = data_read(pagedir_nosave); 1487 1488 if (error) { /* We fail cleanly */ 1489 for_each_pbe (p, pagedir_nosave) 1490 if (p->address) { 1491 free_page(p->address);

··· 1095 *eaten_memory = c; 1096 } 1097 1098 + unsigned long get_usable_page(unsigned gfp_mask) 1099 { 1100 unsigned long m; 1101 ··· 1109 return m; 1110 } 1111 1112 + void free_eaten_memory(void) 1113 { 1114 unsigned long m; 1115 void **c; ··· 1481 /* Allocate memory for the image and read the data from swap */ 1482 1483 error = check_pagedir(pagedir_nosave); 1484 + 1485 if (!error) 1486 error = data_read(pagedir_nosave); 1487 1488 if (error) { /* We fail cleanly */ 1489 + free_eaten_memory(); 1490 for_each_pbe (p, pagedir_nosave) 1491 if (p->address) { 1492 free_page(p->address);