Machine Check in P2010(e500v2)

Joakim Tjernlund Joakim.Tjernlund at infinera.com
Fri Sep 15 02:55:40 AEST 2017


On Sat, 2017-09-09 at 14:59 +0200, Joakim Tjernlund wrote:
> On Sat, 2017-09-09 at 14:45 +0200, Joakim Tjernlund wrote:
> > On Fri, 2017-09-08 at 22:27 +0000, Leo Li wrote:
> > > > -----Original Message-----
> > > > From: Joakim Tjernlund [mailto:Joakim.Tjernlund at infinera.com]
> > > > Sent: Friday, September 08, 2017 7:51 AM
> > > > To: linuxppc-dev at lists.ozlabs.org; Leo Li <leoyang.li at nxp.com>; York Sun
> > > > <york.sun at nxp.com>
> > > > Subject: Re: Machine Check in P2010(e500v2)
> > > > 
> > > > On Fri, 2017-09-08 at 11:54 +0200, Joakim Tjernlund wrote:
> > > > > On Thu, 2017-09-07 at 18:54 +0000, Leo Li wrote:
> > > > > > > -----Original Message-----
> > > > > > > From: Joakim Tjernlund [mailto:Joakim.Tjernlund at infinera.com]
> > > > > > > Sent: Thursday, September 07, 2017 3:41 AM
> > > > > > > To: linuxppc-dev at lists.ozlabs.org; Leo Li <leoyang.li at nxp.com>;
> > > > > > > York Sun <york.sun at nxp.com>
> > > > > > > Subject: Re: Machine Check in P2010(e500v2)
> > > > > > > 
> > > > > > > On Thu, 2017-09-07 at 00:50 +0200, Joakim Tjernlund wrote:
> > > > > > > > On Wed, 2017-09-06 at 21:13 +0000, Leo Li wrote:
> > > > > > > > > > -----Original Message-----
> > > > > > > > > > From: Joakim Tjernlund
> > > > > > > > > > [mailto:Joakim.Tjernlund at infinera.com]
> > > > > > > > > > Sent: Wednesday, September 06, 2017 3:54 PM
> > > > > > > > > > To: linuxppc-dev at lists.ozlabs.org; Leo Li
> > > > > > > > > > <leoyang.li at nxp.com>; York Sun <york.sun at nxp.com>
> > > > > > > > > > Subject: Re: Machine Check in P2010(e500v2)
> > > > > > > > > > 
> > > > > > > > > > On Wed, 2017-09-06 at 20:28 +0000, Leo Li wrote:
> > > > > > > > > > > > -----Original Message-----
> > > > > > > > > > > > From: Joakim Tjernlund
> > > > > > > > > > > > [mailto:Joakim.Tjernlund at infinera.com]
> > > > > > > > > > > > Sent: Wednesday, September 06, 2017 3:17 PM
> > > > > > > > > > > > To: linuxppc-dev at lists.ozlabs.org; Leo Li
> > > > > > > > > > > > <leoyang.li at nxp.com>; York Sun <york.sun at nxp.com>
> > > > > > > > > > > > Subject: Re: Machine Check in P2010(e500v2)
> > > > > > > > > > > > 
> > > > > > > > > > > > On Wed, 2017-09-06 at 19:31 +0000, Leo Li wrote:
> > > > > > > > > > > > > > -----Original Message-----
> > > > > > > > > > > > > > From: York Sun
> > > > > > > > > > > > > > Sent: Wednesday, September 06, 2017 10:38 AM
> > > > > > > > > > > > > > To: Joakim Tjernlund
> > > > > > > > > > > > > > <Joakim.Tjernlund at infinera.com>;
> > > > > > > > > > > > > > linuxppc- dev at lists.ozlabs.org; Leo Li
> > > > > > > > > > > > > > <leoyang.li at nxp.com>
> > > > > > > > > > > > > > Subject: Re: Machine Check in P2010(e500v2)
> > > > > > > > > > > > > > 
> > > > > > > > > > > > > > Scott is no longer with Freescale/NXP. Adding Leo.
> > > > > > > > > > > > > > 
> > > > > > > > > > > > > > On 09/05/2017 01:40 AM, Joakim Tjernlund wrote:
> > > > > > > > > > > > > > > So after some debugging I found this bug:
> > > > > > > > > > > > > > > @@ -996,7 +998,7 @@ int
> > > > > > > > > > > > > > > fsl_pci_mcheck_exception(struct pt_regs
> > > > > > > > > > 
> > > > > > > > > > *regs)
> > > > > > > > > > > > > > >          if (is_in_pci_mem_space(addr)) {
> > > > > > > > > > > > > > >                  if (user_mode(regs)) {
> > > > > > > > > > > > > > >                          pagefault_disable();
> > > > > > > > > > > > > > > -                       ret = get_user(regs->nip, &inst);
> > > > > > > > > > > > > > > +                       ret = get_user(inst,
> > > > > > > > > > > > > > > + (__u32 __user *)regs->nip);
> > > > > > > > > > > > > > >                          pagefault_enable();
> > > > > > > > > > > > > > >                  } else {
> > > > > > > > > > > > > > >                          ret =
> > > > > > > > > > > > > > > probe_kernel_address(regs->nip, inst);
> > > > > > > > > > > > > > > 
> > > > > > > > > > > > > > > However, the kernel still locked up after fixing that.
> > > > > > > > > > > > > > > Now I wonder why this fixup is there in the first place?
> > > > > > > > > > > > > > > The routine will not really fixup the insn, just
> > > > > > > > > > > > > > > return 0xffffffff for the failing read and then advance the
> > > > 
> > > > process NIP.
> > > > > > > > > > > > > 
> > > > > > > > > > > > > You are right.  The code here only gives 0xffffffff to
> > > > > > > > > > > > > the load instructions and
> > > > > > > > > > > > 
> > > > > > > > > > > > continue with the next instruction when the load
> > > > > > > > > > > > instruction is causing the machine check.  This will
> > > > > > > > > > > > prevent a system lockup when reading from PCI/RapidIO device
> > > > 
> > > > which is link down.
> > > > > > > > > > > > > 
> > > > > > > > > > > > > I don't know what is actual problem in your case.
> > > > > > > > > > > > > Maybe it is a write
> > > > > > > > > > > > 
> > > > > > > > > > > > instruction instead of read?   Or the code is in a infinite loop
> > > > 
> > > > waiting for
> > > > > > > 
> > > > > > > a
> > > > > > > > > > 
> > > > > > > > > > valid
> > > > > > > > > > > > read result?  Are you able to do some further debugging
> > > > > > > > > > > > with the NIP correctly printed?
> > > > > > > > > > > > > 
> > > > > > > > > > > > 
> > > > > > > > > > > > According to the MC it is a Read and the NIP also leads
> > > > > > > > > > > > to a read in the
> > > > > > > > > > 
> > > > > > > > > > program.
> > > > > > > > > > > > ATM, I have disabled the fixup but I will enable that again.
> > > > > > > > > > > > Question, is it safe add a small printk when this MC
> > > > > > > > > > > > happens(after fixing up)? I need to see that it has
> > > > > > > > > > > > happened as the error is somewhat
> > > > > > > > > > 
> > > > > > > > > > random.
> > > > > > > > > > > 
> > > > > > > > > > > I think it is safe to add printk as the current machine
> > > > > > > > > > > check handlers are also
> > > > > > > > > > 
> > > > > > > > > > using printk.
> > > > > > > > > > 
> > > > > > > > > > I hope so, but if the fixup fires there is no printk at all so I was a bit
> > > > 
> > > > unsure.
> > > > > > > > > > Don't like this fixup though, is there not a better way than
> > > > > > > > > > faking a read to user space(or kernel for that matter) ?
> > > > > > > > > 
> > > > > > > > > I don't have a better idea.  Without the fixup, the offending
> > > > > > > > > load instruction
> > > > > > > 
> > > > > > > will never finish if there is anything wrong with the backing
> > > > > > > device and freeze the whole system.  Do you have any suggestion in mind?
> > > > > > > > > 
> > > > > > > > 
> > > > > > > > But it never finishes the load, it just fakes a load of
> > > > > > > > 0xfffffffff, for user space I rather have it signal a SIGBUS but
> > > > > > > > that does not seem to work either, at least not for us but that
> > > > > > > > could be a bug in general MC code
> > > > > > > 
> > > > > > > maybe.
> > > > > > > > This fixup might be valid for kernel only as it has never worked
> > > > > > > > for user space
> > > > > > > 
> > > > > > > due to the bug I found.
> > > > > > > > 
> > > > > > > > Where can I read about this errata ?
> > > > > > > 
> > > > > > > I have look high and low an cannot find an errata which maps to this fixup.
> > > > > > > The closest I get is A-005125 which seems to have another
> > > > > > > workaround, I cannot find any evidence that this workaround has been
> > > > 
> > > > applied in Linux, can you?
> > > > > > 
> > > > > > This is not A-005125.  There was an erratum for this issue with older silicons
> > > > 
> > > > (e.g. erratum PCI-ex 3 for MPC8572).
> > > > > > " When its link goes down, the PCI Express controller clears all
> > > > > > outstanding transactions with an error indicator and sends a link
> > > > > > down exception to the interrupt controller if PEX_PME_MES_DISR[LDDD]
> > > > > > = 0. If, however, any transactions are sent to the controller after
> > > > > > the link down event, they are accepted by the controller and wait
> > > > > > for the link to come back up before starting any timeout counters (for
> > > > 
> > > > example, completion timeout). There is no mechanism to cancel the new
> > > > transactions short of a device HRESET. "
> > > > > > 
> > > > > > But it was removed in newer silicon like P2020/P2010 probably because a
> > > > 
> > > > Machine Check will be triggered in this situation to deal with the stalled
> > > > instruction and no longer considered it as a hardware issue.
> > > > > > 
> > > > > 
> > > > > Maybe this fixup should be configurable then?
> > > 
> > > No.  My point is that the problem was no longer considered a hardware issue because of the machine check mechanism is in place to handle it.  If there is no handling of this special case, we would still experience a system hang if this situation really occurs.
> > > 
> > > > > 
> > > > > > The A-005125 is dealt with in u-boot.
> > > > 
> > > > https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.de
> > > > nx.de%2Fpipermail%2Fu-boot%2F2013-
> > > > August%2F161185.html&data=01%7C01%7Cleoyang.li%40nxp.com%7Ccb8a93e
> > > > 0090e48eb53a008d4f6b84235%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0&
> > > > sdata=8sR4yoXA4adqMHz6TY%2BvmYpfCBTcYEZHjPuANjz%2F1EQ%3D&reserve
> > > > d=0
> > > > > 
> > > > > Yes, I found it eventually :)
> > > > > 
> > > > > However, I cannot return to normal execution. I can follow the code to
> > > > > returning from
> > > > > machine_check_exception() and moving into ASM handler for returning
> > > > > from a ME but then I am a bit lost. It does not seem to be any problem
> > > > > executing, it feels more like a SW bug dealing with machine checks. Don't
> > > > 
> > > > known how to diagnose this further and could use some pointers.
> > > 
> > > Is the execution returned to the user application?  I doubt the system hang is caused by the machine check handling.
> > > You can try to comment out the machine check handling code and check if there is any improvement and see if
> > > this is related to the machine check handling.
> > 
> > It tries to return to user app but I cannot see what happens as the system lock up when the
> > MC returns.
> > How do you mean comment out MC handling? The simplest path is the PCI fixup which will
> > just do regs->nip += 4; and then return to user space. That still does not work as
> > as soon MC handling returns, the system is locked up.
> > 
> > > 
> > > Machine check is a serious situation and not always possible to be recovered from. 
> > 
> > This one should at least not kill the whole system. It is a simple bus error in user space and
> > the app should get SIGBUS and the the system should carry on. 
> > 
> > > I would focus more on debugging why the machine check is triggered by the user space application.
> > > Can you locate what code is causing this machine check from user space?  
> > > Is it accessing some hardware related space which is not ready? 
> > > Or is it accessing address that it shouldn't have accessed?
> > 
> > of course, this is ongoing and getting closer a solution. The MC looking the machine completely
> > does not make this any easier though.
> > These are 2 separate things, fixing the cause and not having a simple bus error lock up the machine.
> > I am focusing on fixing the lockup.
> > 
> > I have been following the execution in the kernel and I always end up in the ASM returning
> > from the MC.
> > The other day we got a similar PCI MC(bus error) on T1042 CPU(e5500/e500mc) and there
> > the system survived. The one thing I see different there is that MSR RI is set
> > when entering MC, why is that?
> 
> Before you ask, I have tried to add MSR_RI to both msr and mcsrr1. Didn't help.

I managed to provoke another Machine Check, much earlier this time:
[   15.047108] Machine check in kernel mode.
[   15.051120] Caused by (from MCSR=10008): Bus - Read Data Bus Error
[   15.057302] Oops: Machine check, sig: 7 [#1]
[   15.061567] P1010 RDB
[   15.063832] Modules linked in: linux_bcm_knet(PO) linux_user_bde(PO) linux_kernel_bde(PO)
[   15.072022] CPU: 0 PID: 472 Comm: emxp2_hw_bl Tainted: P           O    4.1.43+ #52
[   15.079680] task: db1a7990 ti: df18c000 task.ti: df18c000
[   15.085075] NIP: 00000000 LR: 109e7648 CTR: 00000000
[   15.090036] REGS: df18df10 TRAP: 0204   Tainted: P           O     (4.1.43+)
[   15.097082] MSR: 0002d000 <CE,EE,PR,ME>  CR: 280004e8  XER: 20000000
[   15.103448] DEAR: b6e44140 ESR: 00000000 
GPR00: 10ac1160 bfa44010 b79734a0 136eb4a0 bfa44030 01010101 bfa44038 00000020 
GPR08: 00000000 b6e13000 063e521e 0f9ed9c4 22000422 11db7334 00000000 00000000 
GPR16: 10f8b054 10f895e5 10f8a8bf 00031150 136eb4d0 00030000 00031140 00031140 
GPR24: 00000000 00000000 136f10a0 00000000 00000000 00000000 00031140 136eb4a0 
[   15.135690] NIP [00000000]   (null)
[   15.139174] LR [109e7648] 0x109e7648
[   15.142743] Call Trace:
[   15.145184] ---[ end trace c00af6117685cb6e ]---

The fun part is that now the OS did NOT lock up!

Looking that the faulting process, emxp2_hw_bl, I see it is in Zombie state(cd /proc/472):
cat status 
Name:	emxp2_hw_bl
State:	Z (zombie)
Tgid:	472
Ngid:	0
Pid:	472
PPid:	468
TracerPid:	0
Uid:	0	0	0	0
Gid:	0	0	0	0
FDSize:	0
Groups:	
Threads:	8
SigQ:	0/3462
SigPnd:	0000000000000000
ShdPnd:	0000000000000000
SigBlk:	0000000000000000
SigIgn:	0000000000001000
SigCgt:	00000001c0000628
CapInh:	0000000000000000
CapPrm:	0000003fffffffff
CapEff:	0000003fffffffff
CapBnd:	0000003fffffffff
Cpus_allowed:	1
Cpus_allowed_list:	0
voluntary_ctxt_switches:	1126
nonvoluntary_ctxt_switches:	376

This even after parent process has called waitid(2) for emxp2_hw_bl
If I now do a kill -s SIGBUS/TERM <pid of emxp2_hw_bl> this
signal is propagated to the parent and emxp2_hw_bl goes away.

Stack:
cat stack 
[<c0071c04>] do_futex+0x150/0x874
[<c0027670>] do_exit+0x4e8/0x7d0
[<c000a164>] die+0x178/0x1d8
[<c000a7c8>] machine_check_exception+0xcc/0x17c
[<c000dd94>] ret_from_mcheck_exc+0x0/0x144

So emxp2_hw_bl is stuck somewhere in down in machine_check_exception().
This all looks like Linux bugs when asked to kill a user process
from Machine Check.

I don't think I will get any further without some pointers now.

 Jocke


More information about the Linuxppc-dev mailing list