Commit 90128378 authored by Thomas Gleixner's avatar Thomas Gleixner Committed by Stefan Bader

Revert "x86/apic: Ignore secondary threads if nosmt=force"

Dave Hansen reported, that it's outright dangerous to keep SMT siblings
disabled completely so they are stuck in the BIOS and wait for SIPI.

The reason is that Machine Check Exceptions are broadcasted to siblings and
the soft disabled sibling has CR4.MCE = 0. If a MCE is delivered to a
logical core with CR4.MCE = 0, it asserts IERR#, which shuts down or
reboots the machine. The MCE chapter in the SDM contains the following
blurb:

    Because the logical processors within a physical package are tightly
    coupled with respect to shared hardware resources, both logical
    processors are notified of machine check errors that occur within a
    given physical processor. If machine-check exceptions are enabled when
    a fatal error is reported, all the logical processors within a physical
    package are dispatched to the machine-check exception handler. If
    machine-check exceptions are disabled, the logical processors enter the
    shutdown state and assert the IERR# signal. When enabling machine-check
    exceptions, the MCE flag in control register CR4 should be set for each
    logical processor.

Reverting the commit which ignores siblings at enumeration time solves only
half of the problem. The core cpuhotplug logic needs to be adjusted as
well.

This thoughtful engineered mechanism also turns the boot process on all
Intel HT enabled systems into a MCE lottery. MCE is enabled on the boot CPU
before the secondary CPUs are brought up. Depending on the number of
physical cores the window in which this situation can happen is smaller or
larger. On a HSW-EX it's about 750ms:

MCE is enabled on the boot CPU:

[    0.244017] mce: CPU supports 22 MCE banks

The corresponding sibling #72 boots:

[    1.008005] .... node  #0, CPUs:    #72

That means if an MCE hits on physical core 0 (logical CPUs 0 and 72)
between these two points the machine is going to shutdown. At least it's a
known safe state.

It's obvious that the early boot can be hit by an MCE as well and then runs
into the same situation because MCEs are not yet enabled on the boot CPU.
But after enabling them on the boot CPU, it does not make any sense to
prevent the kernel from recovering.

Adjust the nosmt kernel parameter documentation as well.

Reverts: 2207def7 ("x86/apic: Ignore secondary threads if nosmt=force")
Reported-by: default avatarDave Hansen <dave.hansen@intel.com>
Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
Tested-by: default avatarTony Luck <tony.luck@intel.com>

CVE-2018-3620
CVE-2018-3646

[smb: Adjust doc path, minor context adjustments]
Signed-off-by: default avatarStefan Bader <stefan.bader@canonical.com>
parent 2e165c34
......@@ -2476,12 +2476,8 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
nohugeiomap [KNL,x86] Disable kernel huge I/O mappings.
[KNL,x86] Disable symmetric multithreading (SMT).
nosmt=force: Force disable SMT, similar to disabling
it in the BIOS except that some of the
resource partitioning effects which are
caused by having SMT enabled in the BIOS
cannot be undone. Depending on the CPU
type this might have a performance impact.
nosmt=force: Force disable SMT, cannot be undone
via the sysfs control file.
nospectre_v2 [X86] Disable all mitigations for the Spectre variant 2
(indirect branch prediction) vulnerability. System may
......
......@@ -629,10 +629,8 @@ extern int default_check_phys_apicid_present(int phys_apicid);
#ifdef CONFIG_SMP
bool apic_id_is_primary_thread(unsigned int id);
bool apic_id_disabled(unsigned int id);
#else
static inline bool apic_id_is_primary_thread(unsigned int id) { return false; }
static inline bool apic_id_disabled(unsigned int id) { return false; }
#endif
extern void irq_enter(void);
......
......@@ -175,7 +175,6 @@ static int acpi_register_lapic(int id, u8 enabled)
}
if (!enabled) {
if (!apic_id_disabled(id))
++disabled_cpus;
return -EINVAL;
}
......
......@@ -2006,16 +2006,6 @@ bool apic_id_is_primary_thread(unsigned int apicid)
return !(apicid & mask);
}
/**
* apic_id_disabled - Check whether APIC ID is disabled via SMT control
* @id: APIC ID to check
*/
bool apic_id_disabled(unsigned int id)
{
return (cpu_smt_control == CPU_SMT_FORCE_DISABLED &&
!apic_id_is_primary_thread(id));
}
int generic_processor_info(int apicid, int version)
{
int cpu, max = nr_cpu_ids;
......@@ -2082,15 +2072,6 @@ int generic_processor_info(int apicid, int version)
return -EINVAL;
}
/*
* If SMT is force disabled and the APIC ID belongs to
* a secondary thread, ignore it.
*/
if (apic_id_disabled(apicid)) {
pr_info_once("Ignoring secondary SMT threads\n");
return -EINVAL;
}
num_processors++;
if (apicid == boot_cpu_physical_apicid) {
/*
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment