[1/1] UBUNTU: Disable 4MB page tables for Atom, work around errata AAE44

From: Colin Ian King <colin.king@canonical.com>

BugLink: https://bugs.launchpad.net/bugs/523112

This patch addresses Intel errata AAE44 by totally disabling 4MB
pages and thus avoiding avoiding large pages being split into
smaller 4K pages and thus never tripping this CPU feature.

The bug can manifests itself as instruction fetch oopses on seemingly
legitimate executable pages.

Errata AAE44 (http://download.intel.com/design/processor/specupdt/319536.pdf
page 33) states:

"If software clears the PS (page size) bit in a present PDE (page directory
entry), that will cause linear addresses mapped through this PDE to use
4-KByte pages instead of using a large page after old TLB entries are
invalidated. Due to this erratum, if a code fetch uses this PDE before the
TLB entry for the large page is invalidated then it may fetch from a different
physical address than specified by either the old large page translation or
the new 4-KByte page translation. This erratum may also cause speculative code
fetches from incorrect addresses."

Signed-off-by: Colin Ian King <colin.king@canonical.com>
---
 arch/x86/kernel/cpu/bugs.c |   17 +++++++++++++++++
 1 files changed, 17 insertions(+), 0 deletions(-)

Tested this patch and also the workaround option (mem=nopentium) on the Acer
Aspire one and it has resolved booting issues with kernels otherwise showing the
boot failure in all cases.

Colin King wrote:
> From: Colin Ian King <colin.king@canonical.com>
> 
> BugLink: https://bugs.launchpad.net/bugs/523112
https://bugs.launchpad.net/bugs/322867
> 
> This patch addresses Intel errata AAE44 by totally disabling 4MB
> pages and thus avoiding avoiding large pages being split into
> smaller 4K pages and thus never tripping this CPU feature.
> 
> The bug can manifests itself as instruction fetch oopses on seemingly
> legitimate executable pages.
> 
> Errata AAE44 (http://download.intel.com/design/processor/specupdt/319536.pdf
> page 33) states:
> 
> "If software clears the PS (page size) bit in a present PDE (page directory
> entry), that will cause linear addresses mapped through this PDE to use
> 4-KByte pages instead of using a large page after old TLB entries are
> invalidated. Due to this erratum, if a code fetch uses this PDE before the
> TLB entry for the large page is invalidated then it may fetch from a different
> physical address than specified by either the old large page translation or
> the new 4-KByte page translation. This erratum may also cause speculative code
> fetches from incorrect addresses."
> 
> Signed-off-by: Colin Ian King <colin.king@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
> ---
>  arch/x86/kernel/cpu/bugs.c |   17 +++++++++++++++++
>  1 files changed, 17 insertions(+), 0 deletions(-)
> 
> diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
> index 205fd5b..524db95 100644
> --- a/arch/x86/kernel/cpu/bugs.c
> +++ b/arch/x86/kernel/cpu/bugs.c
> @@ -173,6 +173,22 @@ static void __init check_config(void)
>  #endif
>  }
>  
> +static void __init check_atom(void)
> +{	
> +	extern int disable_pse;
> +
> +	/* 
> +	 *  Disable 4MB page tables to work around Intel errata AAE44 for
> +	 *  Atom. We cannot guarantee stopping undefined processor behaviour
> +	 *  when two pageing structure translations differ with respect to
> +	 *  page frame sizes.  Hence, for Atoms we disable the PSE.
> +	 */
> +	if (boot_cpu_data.x86_model == 0x1c) {
> +		clear_bit(X86_FEATURE_PSE, boot_cpu_data.x86_capability);
> +		disable_pse = 1;
> +		printk(KERN_INFO "Disabling 4MB page tables to avoid TLB bug\n");
> +	}
> +}
>  
>  void __init check_bugs(void)
>  {
> @@ -185,6 +201,7 @@ void __init check_bugs(void)
>  	check_fpu();
>  	check_hlt();
>  	check_popad();
> +	check_atom();
>  	init_utsname()->machine[1] = '0' + (boot_cpu_data.x86 > 6 ? 6 : boot_cpu_data.x86);
>  	alternative_instructions();
>  }

Colin King wrote:
> From: Colin Ian King <colin.king@canonical.com>
> 
> BugLink: https://bugs.launchpad.net/bugs/523112
> 
> This patch addresses Intel errata AAE44 by totally disabling 4MB
> pages and thus avoiding avoiding large pages being split into
> smaller 4K pages and thus never tripping this CPU feature.
> 
> The bug can manifests itself as instruction fetch oopses on seemingly
> legitimate executable pages.
> 
> Errata AAE44 (http://download.intel.com/design/processor/specupdt/319536.pdf
> page 33) states:
> 
> "If software clears the PS (page size) bit in a present PDE (page directory
> entry), that will cause linear addresses mapped through this PDE to use
> 4-KByte pages instead of using a large page after old TLB entries are
> invalidated. Due to this erratum, if a code fetch uses this PDE before the
> TLB entry for the large page is invalidated then it may fetch from a different
> physical address than specified by either the old large page translation or
> the new 4-KByte page translation. This erratum may also cause speculative code
> fetches from incorrect addresses."
> 
> Signed-off-by: Colin Ian King <colin.king@canonical.com>
> ---
>  arch/x86/kernel/cpu/bugs.c |   17 +++++++++++++++++
>  1 files changed, 17 insertions(+), 0 deletions(-)
> 

Methinks you should send this to Ingo and hpa as I believe its worthy of
a stable update as well as upstream inclusion.

rtg

Applied to Hardy master