* [PATCH] x86/kexec: Fix bug with call depth tracking
@ 2024-06-03 8:30 Borislav Petkov
2024-06-03 13:30 ` Tom Lendacky
2024-06-05 8:05 ` [tip: x86/urgent] " tip-bot2 for David Kaplan
0 siblings, 2 replies; 4+ messages in thread
From: Borislav Petkov @ 2024-06-03 8:30 UTC (permalink / raw)
To: X86 ML; +Cc: Tom Lendacky, LKML, David Kaplan, Borislav Petkov
From: David Kaplan <david.kaplan@amd.com>
The call to cc_platform_has() triggers a fault and system crash if call depth
tracking is active because the GS segment has been reset by load_segments() and
GS_BASE is now 0 but call depth tracking uses per-CPU variables to operate.
Call cc_platform_has() earlier in the function when GS is still valid.
[ bp: Massage. ]
Signed-off-by: David Kaplan <david.kaplan@amd.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
---
arch/x86/kernel/machine_kexec_64.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/arch/x86/kernel/machine_kexec_64.c b/arch/x86/kernel/machine_kexec_64.c
index b180d8e497c3..90b1946c06e5 100644
--- a/arch/x86/kernel/machine_kexec_64.c
+++ b/arch/x86/kernel/machine_kexec_64.c
@@ -295,8 +295,15 @@ void machine_kexec_cleanup(struct kimage *image)
void machine_kexec(struct kimage *image)
{
unsigned long page_list[PAGES_NR];
- void *control_page;
+ unsigned int host_mem_enc_active;
int save_ftrace_enabled;
+ void *control_page;
+
+ /*
+ * This must be done before load_segments() since if call depth tracking
+ * is used then GS must be valid to make any function calls.
+ */
+ host_mem_enc_active = cc_platform_has(CC_ATTR_HOST_MEM_ENCRYPT);
#ifdef CONFIG_KEXEC_JUMP
if (image->preserve_context)
@@ -358,7 +365,7 @@ void machine_kexec(struct kimage *image)
(unsigned long)page_list,
image->start,
image->preserve_context,
- cc_platform_has(CC_ATTR_HOST_MEM_ENCRYPT));
+ host_mem_enc_active);
#ifdef CONFIG_KEXEC_JUMP
if (image->preserve_context)
--
2.43.0
^ permalink raw reply related [flat|nested] 4+ messages in thread* Re: [PATCH] x86/kexec: Fix bug with call depth tracking
2024-06-03 8:30 [PATCH] x86/kexec: Fix bug with call depth tracking Borislav Petkov
@ 2024-06-03 13:30 ` Tom Lendacky
2024-06-03 15:18 ` Borislav Petkov
2024-06-05 8:05 ` [tip: x86/urgent] " tip-bot2 for David Kaplan
1 sibling, 1 reply; 4+ messages in thread
From: Tom Lendacky @ 2024-06-03 13:30 UTC (permalink / raw)
To: Borislav Petkov, X86 ML; +Cc: LKML, David Kaplan, Borislav Petkov
On 6/3/24 03:30, Borislav Petkov wrote:
> From: David Kaplan <david.kaplan@amd.com>
>
> The call to cc_platform_has() triggers a fault and system crash if call depth
> tracking is active because the GS segment has been reset by load_segments() and
> GS_BASE is now 0 but call depth tracking uses per-CPU variables to operate.
>
> Call cc_platform_has() earlier in the function when GS is still valid.
>
> [ bp: Massage. ]
>
> Signed-off-by: David Kaplan <david.kaplan@amd.com>
> Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Minor nit below, otherwise:
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Does it need a Fixes: tag for call depth tracking (before the change to
cc_platform_has() it was a call to sme_active())?
> ---
> arch/x86/kernel/machine_kexec_64.c | 11 +++++++++--
> 1 file changed, 9 insertions(+), 2 deletions(-)
>
> diff --git a/arch/x86/kernel/machine_kexec_64.c b/arch/x86/kernel/machine_kexec_64.c
> index b180d8e497c3..90b1946c06e5 100644
> --- a/arch/x86/kernel/machine_kexec_64.c
> +++ b/arch/x86/kernel/machine_kexec_64.c
> @@ -295,8 +295,15 @@ void machine_kexec_cleanup(struct kimage *image)
> void machine_kexec(struct kimage *image)
> {
> unsigned long page_list[PAGES_NR];
> - void *control_page;
> + unsigned int host_mem_enc_active;
Looks like spaces used here instead of tabs.
Thanks,
Tom
> int save_ftrace_enabled;
> + void *control_page;
> +
> + /*
> + * This must be done before load_segments() since if call depth tracking
> + * is used then GS must be valid to make any function calls.
> + */
> + host_mem_enc_active = cc_platform_has(CC_ATTR_HOST_MEM_ENCRYPT);
>
> #ifdef CONFIG_KEXEC_JUMP
> if (image->preserve_context)
> @@ -358,7 +365,7 @@ void machine_kexec(struct kimage *image)
> (unsigned long)page_list,
> image->start,
> image->preserve_context,
> - cc_platform_has(CC_ATTR_HOST_MEM_ENCRYPT));
> + host_mem_enc_active);
>
> #ifdef CONFIG_KEXEC_JUMP
> if (image->preserve_context)
^ permalink raw reply [flat|nested] 4+ messages in thread* [tip: x86/urgent] x86/kexec: Fix bug with call depth tracking
2024-06-03 8:30 [PATCH] x86/kexec: Fix bug with call depth tracking Borislav Petkov
2024-06-03 13:30 ` Tom Lendacky
@ 2024-06-05 8:05 ` tip-bot2 for David Kaplan
1 sibling, 0 replies; 4+ messages in thread
From: tip-bot2 for David Kaplan @ 2024-06-05 8:05 UTC (permalink / raw)
To: linux-tip-commits
Cc: David Kaplan, Borislav Petkov (AMD), Tom Lendacky, stable, x86,
linux-kernel
The following commit has been merged into the x86/urgent branch of tip:
Commit-ID: 93c1800b3799f17375989b0daf76497dd3e80922
Gitweb: https://git.kernel.org/tip/93c1800b3799f17375989b0daf76497dd3e80922
Author: David Kaplan <david.kaplan@amd.com>
AuthorDate: Sun, 02 Jun 2024 13:19:09 -05:00
Committer: Borislav Petkov (AMD) <bp@alien8.de>
CommitterDate: Mon, 03 Jun 2024 17:19:03 +02:00
x86/kexec: Fix bug with call depth tracking
The call to cc_platform_has() triggers a fault and system crash if call depth
tracking is active because the GS segment has been reset by load_segments() and
GS_BASE is now 0 but call depth tracking uses per-CPU variables to operate.
Call cc_platform_has() earlier in the function when GS is still valid.
[ bp: Massage. ]
Fixes: 5d8213864ade ("x86/retbleed: Add SKL return thunk")
Signed-off-by: David Kaplan <david.kaplan@amd.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Cc: <stable@kernel.org>
Link: https://lore.kernel.org/r/20240603083036.637-1-bp@kernel.org
---
arch/x86/kernel/machine_kexec_64.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/arch/x86/kernel/machine_kexec_64.c b/arch/x86/kernel/machine_kexec_64.c
index b180d8e..cc0f7f7 100644
--- a/arch/x86/kernel/machine_kexec_64.c
+++ b/arch/x86/kernel/machine_kexec_64.c
@@ -295,8 +295,15 @@ void machine_kexec_cleanup(struct kimage *image)
void machine_kexec(struct kimage *image)
{
unsigned long page_list[PAGES_NR];
- void *control_page;
+ unsigned int host_mem_enc_active;
int save_ftrace_enabled;
+ void *control_page;
+
+ /*
+ * This must be done before load_segments() since if call depth tracking
+ * is used then GS must be valid to make any function calls.
+ */
+ host_mem_enc_active = cc_platform_has(CC_ATTR_HOST_MEM_ENCRYPT);
#ifdef CONFIG_KEXEC_JUMP
if (image->preserve_context)
@@ -358,7 +365,7 @@ void machine_kexec(struct kimage *image)
(unsigned long)page_list,
image->start,
image->preserve_context,
- cc_platform_has(CC_ATTR_HOST_MEM_ENCRYPT));
+ host_mem_enc_active);
#ifdef CONFIG_KEXEC_JUMP
if (image->preserve_context)
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2024-06-05 8:05 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-06-03 8:30 [PATCH] x86/kexec: Fix bug with call depth tracking Borislav Petkov
2024-06-03 13:30 ` Tom Lendacky
2024-06-03 15:18 ` Borislav Petkov
2024-06-05 8:05 ` [tip: x86/urgent] " tip-bot2 for David Kaplan
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.