Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Bug Linux

Closure On the Linux Lockup Bug 115

jones_supa writes: Dave Jones from Red Hat has written a wrap-up of the strange bug that has made some machines running Linux to freeze. (Previous discussion.) Right down to his final week at Red Hat before Dave gave all his hardware back, Linus Torvalds managed to reproduce similar symptoms, by scribbling directly to the HPET timer. He came up with a hack that at least made the kernel survive for him. When Dave tried the same patch, the machine ran for three days before he interrupted it, which was a promising result. The question remains, what was scribbling over the HPET in his case? The only two plausible scenarios Dave could think of were that Trinity generated 0xFED000F0 as a random address and passed that to a syscall which wrote to it, or a hardware bug. That's where the story ends for now. Linus' hacky workaround didn't get committed, but him and John Stultz continue to back and forth on hardening the clock management code in the face of screwed up hardware, so maybe soon we'll see something real get committed on that area.
This discussion has been archived. No new comments can be posted.

Closure On the Linux Lockup Bug

Comments Filter:
  • by Narcocide ( 102829 ) on Friday January 09, 2015 @09:12PM (#48778913) Homepage

    "probably a hardware bug" is code for "well, we bought new hardware and threw out all the old stuff, sorry"

    • by thegarbz ( 1787294 ) on Friday January 09, 2015 @09:34PM (#48779019)

      Re-read the summary. They know what is causing the lockup, they don't know what is making the system call which is triggering the bug. Once you know what is causing the lockup it can be fixed, and the hack that was written made the lock-ups stop. At no point did anyone throw out or try new hardware, though one thought is everything is originating from a hardware bug.

    • by Anonymous Coward

      "probably firmware SMM code messing with the HPET counter behind our back" != "probably a hardware bug"

      • Maybe kernel or driver code writing to HPET counter accidentally. Kernel and drivers both have access to same unlimited memory space, right ?
    • by sjames ( 1099 ) on Friday January 09, 2015 @10:06PM (#48779163) Homepage Journal

      RTFA, they have good reason to point at the hardware. Then there's the bazillions of servers running on different hardware that have never seen the bug.

      Many teams would have written it off as a hardware bug a long time ago, but the linux kernel team was willing to consider and investigate the possibility that it was a rarely triggered bug in the software before they passed the buck.

      Sometimes it really is a hardware bug.

      • >. Many teams would have written it off as a hardware bug a long time ago, but the linux kernel team was willing to consider and investigate the possibility that it was a rarely triggered bug in the software before they passed the buck.

        And try to avoid crashing due to hardware bugs, if possible.
        A contractor once hotplugged one of the CPUs in one of my servers. That's right, they took the processor out and replaced it with the machine running. The box did not crash. It kept running at least for the f

        • by sjames ( 1099 )

          Hot swapping the CPU without an immediate crash had to be a million to one shot!

          But yes, resilient software is always a good thing.

          I do hope Linus's patch goes in in some form to at least make it clear what the problem is if someone with similarly borked hardware sees the problem.

          • by TechyImmigrant ( 175943 ) on Saturday January 10, 2015 @12:19AM (#48779629) Homepage Journal

            >Hot swapping the CPU without an immediate crash had to be a million to one shot!

            With QPI interconnect and the voltage and temp supervisory circuits on chip, it's not such a long shot these days, especially on Xeons with failover support that is explicitly intended to cope with a neighbor CPU going down.

            • by pasamio ( 737659 )

              Yes it's great to support hotplugged CPUs! 1969 called and they want to let you know they supported online reconfiguration back then too: http://en.wikipedia.org/wiki/M... [wikipedia.org]

              • That's interesting. Apparently it was supported well enough that they actually did hotplug CPUs regularly, as standard practice. I wonder if they "unmounted" the components before removal and "mounted" them upon insertion. That's a much easier approach, especially for CPUs, than handling a CPU suddenly going AWOL.

              • by raymorris ( 2726007 ) on Saturday January 10, 2015 @03:05AM (#48779977) Journal

                Replying to myself, but I figured someone reading this might be interested. Linux does support CPU hotplug where you disable the CPU before removing it. Your motherboard might get mad about it if it's not supported by the board, though.

                http://www.cyberciti.biz/faq/d... [cyberciti.biz]

                • by sjames ( 1099 )

                  Yes. It's mostly used for reconfiguring VMs, but it is possible to do it with real hardware if the board supports it.

                  It's interesting how as time goes on, PC hardware is slowly coming to resemble an affordable version of the mainframes they replaced.

              • by hitmark ( 640295 )

                Was not one reason why mainframes was so highly valued that one could hotswap virtually anything without interrupting workflow?

            • by sjames ( 1099 )

              Yes, I can see that would limit the damage, but it still leaves the OS surprised to have running tasks just go away.

              It would likely work less well with AMD processors since a chunk of memory would also go away.

        • by cerberusss ( 660701 ) on Saturday January 10, 2015 @01:37AM (#48779815) Journal

          Sometimes it

          Sometimes it -- what? Did someone attempt to hot-swap your CPU again? (-:

        • Solaris supported hot pluggable CPUs in the last century!

      • It's still not a given that it's the hardware. It's likely that something is scribbling over the HPET timer. As to whether that's due to faulty hardware or a software bug is still undetermined.

        Random memory corruption is oh so painful. :(

      • by tippen ( 704534 ) on Saturday January 10, 2015 @11:47AM (#48781427)

        One of the more memorable quotes I heard while developing embedded systems: if you can fix it in software, it isn't a hardware bug

        Annoying as hell to the software team when it is clearly a bug in the hardware, but very true at a practical level for the engineering team trying to get product out the door.

        • by sjames ( 1099 )

          I'm famioliar with that one. Same thing happens in boot ROMs.

        • by Anonymous Coward

          if you can fix it in software, it isn't a hardware bug

          I'm a hardware and software guy, and I can tell you that is entirely bullshit. While I understand it may seem this way because sometimes software guys can't write a driver to save their lives, there are many bugs in hardware which are actual hardware bugs (race conditions, dropped interrupts, whatever) that have workarounds in software.

          I've seen buggy hardware NAND flash ECC units "fixed" by doing ECC entirely in software, leaving the hardware unit unused, and taking a bit throughput hit.

          I also seem to reca

  • by Anonymous Coward

    Closed NOTABUG?

  • by msauve ( 701917 ) on Friday January 09, 2015 @09:25PM (#48778973)
    "has made some machines running Linux to freeze... but him and John Stultz continue to back and forth"

    Really?
    • by SeaFox ( 739806 )

      The second sentence isn't much better:

      Right down to his final week at Red Hat before Dave gave all his hardware back, Linus Torvalds managed to reproduce similar symptoms, by scribbling directly to the HPET timer.

      Was Linus at Dave's place working on the issue? Is the first part a sentence fragment and Dave did something before he gave his hardware back we aren't being told? Or is the first part really a continuation of the first sentence, and Dave was working on his writeup all the way until the deadline for returning his hardware?

  • by Anonymous Coward

    him and John Stultz

    Hey youse editors, you want I should take the mug out?

  • by dltaylor ( 7510 ) on Friday January 09, 2015 @09:33PM (#48779011)

    Too many clueless comments already that don't understand the difference between "blaming the hardware" and hardening to deal with demonstrably-broken hardware (and/or firmware for devices). I've spent years writing drivers for various OS', including Windows and Linux. It is rare for any complex device to be bug-free at the hardware level (look how many patches are BIOS-applied to CPUs, for example). Sometimes, under NDA, of course, the Windows driver writers are apprised of the deficiencies, or, at least, get better response from the vendor when an anomaly appears. Linux rarely gets that same assistance.

    My favorite example, though, is all-IBM. We were porting AIX to the PS/2s and 370s. We consistently had problems with the diskette interface under AIX and the response from Boca Raton was always "it works in MS-DOS, so it's your code, not our hardware". When OS-2 came around, they ran into exactly the same problem in the hardware. By then, we had a work-around (slower, more locks, but no more glitches) which was how OS-2 got around it, as well.

    • Too many clueless comments already

      Not bad given you were the ~4th poster and 2 of them didn't mention the hardware.

      • Re: (Score:3, Funny)

        by kad77 ( 805601 )

        What you posted about his being the 4th post struck me as wrong, given how far it was down the page. I'm bored, so I took a moment to look at how many posts have an earlier timestamp than the one you are slamming (at least 8), and 2 make dismissive statements about hardware, including the first comment of article at 8:12, and another at 8:19 seemingly dismissing hardware as a possibility.

        So your snide comment is not based in fact. It's like you are reading a different page. Maybe you need glasses. An attitu

        • by Dog-Cow ( 21281 )

          The other posts were, in fact, made later, but someone was messing around with the HPET timer and, well, bugs.

    • I wish Slashdot would allow me to mark users not just as "friend" or "foe", but as "neckbeard". :) That must have been 1986 or 1987?

      • by dltaylor ( 7510 )

        0: I do shave my neck. :) In fact, the beard has been gone for more than a year.

        1: a bit later, early 1990; we all got a big laugh out of the 486SX/487 when those came out. https://en.wikipedia.org/wiki/Intel_80486SX [wikipedia.org]

      • Re: (Score:2, Funny)

        by Anonymous Coward

        AC here, no longer posting as myself since I've long lost my SO account, can't be bothered to find the password for the ancient yahoo email address, and after working on the inside in finance will probably never post an opinion (as my own) again. (Yes, that was a run on sentence.)

        If 1986 qualifies as a "neckbeard" you missed the mark, unless he's a Berkley neckbeard. The 80's were a magical time when power ties, very bad print shirts, and driving your overpriced car with women and blow was available to an

      • by Lehk228 ( 705449 )
        marking users a "neckbeard" on slashdot has been available since the beginning. all you need to do is check if the user has an account on slashdot, if so, neckbeard is present.
    • by Anonymous Coward

      Obviously, it's folds in the space time continuum that is causing HPET (the high precision hardware timer) to jump backwards, causing negative deltas and lockups.

      Perhaps a future version of ourselves has transcended space-time and is trying to contact us to help us with our bad harvests? Did Linus try to determine any kind of co-ordinates from the glitch?

      Has NASA seen any kind of weird portholes near Jupiter?

  • by Anonymous Coward
    Windows still BSOD's and always will.
    • No it doesn't. Maybe you should upgrade past XP already and use a windows made in this century
      • by Osgeld ( 1900440 )

        hell I cant recall the last time I saw XP BSOD

  • by Anonymous Coward

    About as much as this year being the year of the linux desktop... no really, it's gonna be THIS year... promise.

  • by seyyah ( 986027 ) on Friday January 09, 2015 @10:00PM (#48779135)

    "... him and John Stultz continue to back and forth ..."

    What in the world is happening, editors?

    • "... him and John Stultz continue to back and forth ..."

      What in the world is happening, editors?

      The only editors on slashdot are some vi's, some pines, and a couple of notepads and textedit. Certainly, no human editors....

    • by Anonymous Coward

      They have obviously outsourced the editing to India.

  • Call me crazy (Score:5, Interesting)

    by Nyall ( 646782 ) on Friday January 09, 2015 @10:55PM (#48779371) Homepage

    Sorry if I've found the wrong stuff. I'm doing this via a quick googling...

    Is this really the code for reading and writing the HPET?

    http://www.cs.fsu.edu/~baker/d... [fsu.edu]

    I've been a powerpc programmer in aviation for a while. If you need to read the time base register (also a 64 bit up counter) you have to be aware that your read might coincide with the lower 32 bits incrementing and carrying into the upper 32 bits. So you read the upper 32 bits, read the lower 32 bits, then re-read the upper bits and make sure the upper bits didn't change. If they did repeat this process. But if they are the same then you combine the 32 bit halves into a 64 bit time and call it good.

    • And what does writel do?
    • by Anonymous Coward

      Is this really the code for reading and writing the HPET?

      Yup.

      I've been a powerpc programmer in aviation for a while. If you need to read the time base register (also a 64 bit up counter) you have to be aware that your read might coincide with the lower 32 bits incrementing and carrying into the upper 32 bits. So you read the upper 32 bits, read the lower 32 bits, then re-read the upper bits and make sure the upper bits didn't change. If they did repeat this process. But if they are the same then you combine the 32 bit halves into a 64 bit time and call it good.

      That would be entirely wrong here.
      The upper 32 bits of the current timer value are latched into the register at the upper address when the lower 32 bits are read from the lower address.

      • by Nyall ( 646782 )

        OK then. Where in this return statement are the lower 32 bits read first? I don't believe the bitwise or operator is a sequence point. (The logical one is)

        return readl(addr) | (((unsigned long long)readl(addr + 4)) http://www.intel.com/hardwared [intel.com]...

        but I did find the following, which documents the race condition I explained above.

        http://www.intel.com/content/d... [intel.com]

        I will search for newer documentation than a 1.0a.

        • Might want to check your first link.

          • by Nyall ( 646782 )

            Sorry for the bad post. Yes, the first link does not work, but it is what is documented in hpet.c as the reference. A sentence went missing somewhere saying that I couldn't find it. The second link, which does work, is what I've found so far. I have yet to find something newer which documents the latching behavior that was claimed.

            Sorry again for the bad post.
            -Nyall

      • by _merlin ( 160982 )

        The upper 32 bits of the current timer value are latched into the register at the upper address when the lower 32 bits are read from the lower address.

        Well in that case, you'd need to ensure the lower 32 bits are read first so you're reading the upper 32 bits that you latched this time through, not last time through. And if that's the case, the code is still wrong because there's nothing to force a sequence point between the two reads. The compiler is free to re-order the two reads in that expression.

    • That code doesn't suffer from the problem you think it does.

      readq is only defined in that code if undefined elsewhere, and is only used to read counters on 64-bit architectures.

      on 32-bit architectures, that code uses readl to read the counter.

      readq is undefined in some 32-bit architectures, so is defined there- but only used there to read the configuration register (not likely to roll over ;)

      Also, the actual reading of the counter is done indirectly: it's returned from the IRQ handler for the HPET.
      • by hendric ( 30596 ) *

        http://www.cs.fsu.edu/~baker/devices/lxr/http/source/linux/arch/x86/include/asm/io.h#L49

        Line 49 looks like where readq is defined for x64 architecture.

  • I had the freeze bug in a VM system on a Mac running Parallels. I downloaded Ubuntu 14.04 from Parallels and could not get around it. Then I downloaded directly from Canonical and it worked just find. I assumed it was a bad download from Parallels, but perhaps it is more subtle. The virtual machine has the same vulnerabilities - is that a clue?

  • I am affected by this bug, but can't seem to find any real place to follow it. I searched https://bugzilla.kernel.org/ [kernel.org] but that didn't turn up anything. Anyone know where the source of truth for tracking this issue might be located?

It is better to travel hopefully than to fly Continental.

Working...