[PATCH] x86/kexec: Fix bug with call depth tracking

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] x86/kexec: Fix bug with call depth tracking
@ 2024-06-03  8:30 Borislav Petkov
  2024-06-03 13:30 ` Tom Lendacky
  2024-06-05  8:05 ` [tip: x86/urgent] " tip-bot2 for David Kaplan
  0 siblings, 2 replies; 4+ messages in thread
From: Borislav Petkov @ 2024-06-03  8:30 UTC (permalink / raw)
  To: X86 ML; +Cc: Tom Lendacky, LKML, David Kaplan, Borislav Petkov

From: David Kaplan <david.kaplan@amd.com>

The call to cc_platform_has() triggers a fault and system crash if call depth
tracking is active because the GS segment has been reset by load_segments() and
GS_BASE is now 0 but call depth tracking uses per-CPU variables to operate.

Call cc_platform_has() earlier in the function when GS is still valid.

  [ bp: Massage. ]

Signed-off-by: David Kaplan <david.kaplan@amd.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
---
 arch/x86/kernel/machine_kexec_64.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kernel/machine_kexec_64.c b/arch/x86/kernel/machine_kexec_64.c
index b180d8e497c3..90b1946c06e5 100644
--- a/arch/x86/kernel/machine_kexec_64.c
+++ b/arch/x86/kernel/machine_kexec_64.c
@@ -295,8 +295,15 @@ void machine_kexec_cleanup(struct kimage *image)
 void machine_kexec(struct kimage *image)
 {
 	unsigned long page_list[PAGES_NR];
-	void *control_page;
+        unsigned int host_mem_enc_active;
 	int save_ftrace_enabled;
+	void *control_page;
+
+	/*
+	 * This must be done before load_segments() since if call depth tracking
+	 * is used then GS must be valid to make any function calls.
+	 */
+	host_mem_enc_active = cc_platform_has(CC_ATTR_HOST_MEM_ENCRYPT);
 
 #ifdef CONFIG_KEXEC_JUMP
 	if (image->preserve_context)
@@ -358,7 +365,7 @@ void machine_kexec(struct kimage *image)
 				       (unsigned long)page_list,
 				       image->start,
 				       image->preserve_context,
-				       cc_platform_has(CC_ATTR_HOST_MEM_ENCRYPT));
+				       host_mem_enc_active);
 
 #ifdef CONFIG_KEXEC_JUMP
 	if (image->preserve_context)
-- 
2.43.0


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH] x86/kexec: Fix bug with call depth tracking
  2024-06-03  8:30 [PATCH] x86/kexec: Fix bug with call depth tracking Borislav Petkov
@ 2024-06-03 13:30 ` Tom Lendacky
  2024-06-03 15:18   ` Borislav Petkov
  2024-06-05  8:05 ` [tip: x86/urgent] " tip-bot2 for David Kaplan
  1 sibling, 1 reply; 4+ messages in thread
From: Tom Lendacky @ 2024-06-03 13:30 UTC (permalink / raw)
  To: Borislav Petkov, X86 ML; +Cc: LKML, David Kaplan, Borislav Petkov

On 6/3/24 03:30, Borislav Petkov wrote:
> From: David Kaplan <david.kaplan@amd.com>
> 
> The call to cc_platform_has() triggers a fault and system crash if call depth
> tracking is active because the GS segment has been reset by load_segments() and
> GS_BASE is now 0 but call depth tracking uses per-CPU variables to operate.
> 
> Call cc_platform_has() earlier in the function when GS is still valid.
> 
>    [ bp: Massage. ]
> 
> Signed-off-by: David Kaplan <david.kaplan@amd.com>
> Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>

Minor nit below, otherwise:

Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>

Does it need a Fixes: tag for call depth tracking (before the change to 
cc_platform_has() it was a call to sme_active())?

> ---
>   arch/x86/kernel/machine_kexec_64.c | 11 +++++++++--
>   1 file changed, 9 insertions(+), 2 deletions(-)
> 
> diff --git a/arch/x86/kernel/machine_kexec_64.c b/arch/x86/kernel/machine_kexec_64.c
> index b180d8e497c3..90b1946c06e5 100644
> --- a/arch/x86/kernel/machine_kexec_64.c
> +++ b/arch/x86/kernel/machine_kexec_64.c
> @@ -295,8 +295,15 @@ void machine_kexec_cleanup(struct kimage *image)
>   void machine_kexec(struct kimage *image)
>   {
>   	unsigned long page_list[PAGES_NR];
> -	void *control_page;
> +        unsigned int host_mem_enc_active;

Looks like spaces used here instead of tabs.

Thanks,
Tom

>   	int save_ftrace_enabled;
> +	void *control_page;
> +
> +	/*
> +	 * This must be done before load_segments() since if call depth tracking
> +	 * is used then GS must be valid to make any function calls.
> +	 */
> +	host_mem_enc_active = cc_platform_has(CC_ATTR_HOST_MEM_ENCRYPT);
>   
>   #ifdef CONFIG_KEXEC_JUMP
>   	if (image->preserve_context)
> @@ -358,7 +365,7 @@ void machine_kexec(struct kimage *image)
>   				       (unsigned long)page_list,
>   				       image->start,
>   				       image->preserve_context,
> -				       cc_platform_has(CC_ATTR_HOST_MEM_ENCRYPT));
> +				       host_mem_enc_active);
>   
>   #ifdef CONFIG_KEXEC_JUMP
>   	if (image->preserve_context)

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] x86/kexec: Fix bug with call depth tracking
  2024-06-03 13:30 ` Tom Lendacky
@ 2024-06-03 15:18   ` Borislav Petkov
  0 siblings, 0 replies; 4+ messages in thread
From: Borislav Petkov @ 2024-06-03 15:18 UTC (permalink / raw)
  To: Tom Lendacky; +Cc: Borislav Petkov, X86 ML, LKML, David Kaplan

On Mon, Jun 03, 2024 at 08:30:26AM -0500, Tom Lendacky wrote:
> Does it need a Fixes: tag for call depth tracking (before the change to
> cc_platform_has() it was a call to sme_active())?

Yeah, something like

Fixes: 5d8213864ade ("x86/retbleed: Add SKL return thunk")

I guess.

> Looks like spaces used here instead of tabs.

I was fixing those and forgot to refresh before sending - it is fixed
here locally.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [tip: x86/urgent] x86/kexec: Fix bug with call depth tracking
  2024-06-03  8:30 [PATCH] x86/kexec: Fix bug with call depth tracking Borislav Petkov
  2024-06-03 13:30 ` Tom Lendacky
@ 2024-06-05  8:05 ` tip-bot2 for David Kaplan
  1 sibling, 0 replies; 4+ messages in thread
From: tip-bot2 for David Kaplan @ 2024-06-05  8:05 UTC (permalink / raw)
  To: linux-tip-commits
  Cc: David Kaplan, Borislav Petkov (AMD), Tom Lendacky, stable, x86,
	linux-kernel

The following commit has been merged into the x86/urgent branch of tip:

Commit-ID:     93c1800b3799f17375989b0daf76497dd3e80922
Gitweb:        https://git.kernel.org/tip/93c1800b3799f17375989b0daf76497dd3e80922
Author:        David Kaplan <david.kaplan@amd.com>
AuthorDate:    Sun, 02 Jun 2024 13:19:09 -05:00
Committer:     Borislav Petkov (AMD) <bp@alien8.de>
CommitterDate: Mon, 03 Jun 2024 17:19:03 +02:00

x86/kexec: Fix bug with call depth tracking

The call to cc_platform_has() triggers a fault and system crash if call depth
tracking is active because the GS segment has been reset by load_segments() and
GS_BASE is now 0 but call depth tracking uses per-CPU variables to operate.

Call cc_platform_has() earlier in the function when GS is still valid.

  [ bp: Massage. ]

Fixes: 5d8213864ade ("x86/retbleed: Add SKL return thunk")
Signed-off-by: David Kaplan <david.kaplan@amd.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Cc: <stable@kernel.org>
Link: https://lore.kernel.org/r/20240603083036.637-1-bp@kernel.org
---
 arch/x86/kernel/machine_kexec_64.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kernel/machine_kexec_64.c b/arch/x86/kernel/machine_kexec_64.c
index b180d8e..cc0f7f7 100644
--- a/arch/x86/kernel/machine_kexec_64.c
+++ b/arch/x86/kernel/machine_kexec_64.c
@@ -295,8 +295,15 @@ void machine_kexec_cleanup(struct kimage *image)
 void machine_kexec(struct kimage *image)
 {
 	unsigned long page_list[PAGES_NR];
-	void *control_page;
+	unsigned int host_mem_enc_active;
 	int save_ftrace_enabled;
+	void *control_page;
+
+	/*
+	 * This must be done before load_segments() since if call depth tracking
+	 * is used then GS must be valid to make any function calls.
+	 */
+	host_mem_enc_active = cc_platform_has(CC_ATTR_HOST_MEM_ENCRYPT);
 
 #ifdef CONFIG_KEXEC_JUMP
 	if (image->preserve_context)
@@ -358,7 +365,7 @@ void machine_kexec(struct kimage *image)
 				       (unsigned long)page_list,
 				       image->start,
 				       image->preserve_context,
-				       cc_platform_has(CC_ATTR_HOST_MEM_ENCRYPT));
+				       host_mem_enc_active);
 
 #ifdef CONFIG_KEXEC_JUMP
 	if (image->preserve_context)

^ permalink raw reply related	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2024-06-05  8:05 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-06-03  8:30 [PATCH] x86/kexec: Fix bug with call depth tracking Borislav Petkov
2024-06-03 13:30 ` Tom Lendacky
2024-06-03 15:18   ` Borislav Petkov
2024-06-05  8:05 ` [tip: x86/urgent] " tip-bot2 for David Kaplan

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.