Sorry, I missedy our original email.
This specific one looks like a bug: we're trying to fill out the page table for
the vmalloc region, but we'll just continue trapping without an "sfence.vma".
The path between poking the page tables and the sret is pretty short and
doesn't appear to ever have an "sfence.vma", so I'm not sure how this could
work.
>>
>> Are they bugs or I just misunderstand the instruction? As the kernel has
>> already been stable for quite a while now, it is not likely to be a critical
>> bug.
>>
>> Any clarification will highly appreciated.
Well, certainly from this it looks pretty broken -- and in a manner I'd expect
to trigger frequently. There are no fences in any of the other similar-looking
implementations.
Maybe I'm missing something here?
FWIW, if I apply the following diff
diff --git a/arch/riscv/kernel/reset.c b/arch/riscv/kernel/reset.c
index 2a53d26ffdd6..fbd132d388fb 100644
--- a/arch/riscv/kernel/reset.c
+++ b/arch/riscv/kernel/reset.c
@@ -15,6 +15,8 @@
#include <linux/export.h>
#include <asm/sbi.h>
+extern long vmalloc_faults;
+
void (*pm_power_off)(void) = machine_power_off;
EXPORT_SYMBOL(pm_power_off);
@@ -31,6 +33,7 @@ void machine_halt(void)
void machine_power_off(void)
{
+ printk("vmalloc faults: %ld\n", vmalloc_faults);
sbi_shutdown();
while (1);
}
diff --git a/arch/riscv/mm/fault.c b/arch/riscv/mm/fault.c
index 88401d5125bc..61ef1128632c 100644
--- a/arch/riscv/mm/fault.c
+++ b/arch/riscv/mm/fault.c
@@ -30,6 +30,8 @@
#include <asm/pgalloc.h>
#include <asm/ptrace.h>
+long vmalloc_faults = 0;
+
/*
* This routine handles page faults. It determines the address and the
* problem, and then passes it off to one of the appropriate routines.
@@ -281,6 +283,8 @@ asmlinkage void do_page_fault(struct pt_regs *regs)
pte_k = pte_offset_kernel(pmd_k, addr);
if (!pte_present(*pte_k))
goto no_context;
+
+ vmalloc_faults++;
return;
}
}
I get only a single vmalloc fault when doing a boot+shutdown of Fedora in QEMU,
so maybe this just slipped through the cracks?