Re: [PATCH] x86/cpu/centaur: Disable X86_FEATURE_FSGSBASE on Zhaoxin C4600

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Yao Zi <me@ziyao.cc>
To: Andrew Cooper <andrew.cooper3@citrix.com>,
	Thomas Gleixner <tglx@kernel.org>, Ingo Molnar <mingo@redhat.com>,
	Borislav Petkov <bp@alien8.de>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	"H. Peter Anvin" <hpa@zytor.com>
Cc: x86@kernel.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org
Subject: Re: [PATCH] x86/cpu/centaur: Disable X86_FEATURE_FSGSBASE on Zhaoxin C4600
Date: Mon, 2 Mar 2026 05:08:23 +0000	[thread overview]
Message-ID: <aaUbR-vuxmuRhAsC@pie> (raw)
In-Reply-To: <05f84fa5-d0df-4bab-80a6-5ff2c418b5ec@citrix.com>

On Sun, Mar 01, 2026 at 04:29:13PM +0000, Andrew Cooper wrote:
> On 28/02/2026 5:37 pm, Yao Zi wrote:
> > Zhaoxin C4600, which names itself as CentaurHauls, claims
> > X86_FEATURE_FSGSBASE support in CPUID, while execution of fsgsbase-
> > related instructions fails with #UD exception. This will cause kernel
> > to crash early in current_save_fsgs().
> 
> #UD is the expected behaviour of the FSGS instructions if they're not
> enabled.
> 
> Are you saying that this specific CPU enumerates FSGSBASE in CPUID, and
> permits setting CR4.FSGSBASE (without #GP for a reserved bit), and the
> FSGS instructions still do not function?

Yes. Without any workarounds, the kernel crashes in current_save_fsgs(),
which is the first use site of rdfsbase, instead of identify_cpu() where
CR4.FSGSBASE is set up.

> What happens if you read CR4 back after trying to set the bit?

CR4.FSGSBASE is set correctly, I wrote a small patch for testing,

diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index 1c3261cae40c..d89a2cc71147 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -2048,8 +2048,13 @@ static void identify_cpu(struct cpuinfo_x86 *c)
 	setup_lass(c);
 
 	/* Enable FSGSBASE instructions if available. */
-	if (cpu_has(c, X86_FEATURE_FSGSBASE)) {
+	if (1) {
+		pr_info("%s: enabling FSGSBASE\n", __func__);
+		pr_info("%s: before enabling, CR4 = 0x%lx\n",
+			__func__, native_read_cr4());
 		cr4_set_bits(X86_CR4_FSGSBASE);
+		pr_info("%s: after enabling, CR4 = 0x%lx\n",
+			__func__, native_read_cr4());
 		elf_hwcap2 |= HWCAP2_FSGSBASE;
 	}

On BSP I got,

[    0.298016] identify_cpu: enabling FSGSBASE
[    0.298021] identify_cpu: before enabling, CR4 = 0x1200b0
[    0.298027] identify_cpu: after enabling, CR4 = 0x1300b0

and on APs, CR4.FSGSBASE seems to be set by default,

[    0.414981] smp: Bringing up secondary CPUs ...
[    0.415211] smpboot: x86: Booting SMP configuration:
[    0.415219] .... node  #0, CPUs:      #1 #2 #3
[    0.001869] identify_cpu: enabling FSGSBASE
[    0.001869] identify_cpu: before enabling, CR4 = 0x1706b0
[    0.001869] identify_cpu: after enabling, CR4 = 0x1706b0

> ~Andrew

Regards,
Yao Zi

next prev parent reply	other threads:[~2026-03-02  5:09 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-02-28 17:37 [PATCH] x86/cpu/centaur: Disable X86_FEATURE_FSGSBASE on Zhaoxin C4600 Yao Zi
2026-02-28 19:06 ` Borislav Petkov
2026-03-01  9:27   ` Yao Zi
2026-03-01 18:37     ` David Laight
2026-03-02  5:09       ` Yao Zi
2026-03-01  0:33 ` Dave Hansen
2026-03-01  9:10   ` Yao Zi
2026-03-01 10:28   ` Borislav Petkov
2026-03-01 16:29 ` Andrew Cooper
2026-03-02  5:08   ` Yao Zi [this message]
2026-03-02  9:36     ` Andrew Cooper
2026-03-05  9:03 ` Tony W Wang-oc
2026-03-05 12:40   ` Andrew Cooper
2026-03-05 14:04   ` Yao Zi
2026-03-05 14:10     ` Andrew Cooper
2026-03-05 14:11   ` David Laight
2026-03-05 16:20   ` Dave Hansen
2026-03-12  2:14     ` Tony W Wang-oc
2026-03-12 15:52       ` Dave Hansen
2026-03-17  7:41         ` Tony W Wang-oc
2026-03-17 15:21           ` Dave Hansen
2026-03-18  3:44             ` Tony W Wang-oc
  -- strict thread matches above, loose matches on Subject: below --
2026-03-05 20:26 Christian Ludloff
2026-03-12  2:18 ` Tony W Wang-oc
2026-03-12 16:31   ` Christian Ludloff

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:1c3261cae40 dfblob:d89a2cc7114 )
 OR (
bs:"Re: [PATCH] x86/cpu/centaur: Disable X86_FEATURE_FSGSBASE on Zhaoxin C4600" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=aaUbR-vuxmuRhAsC@pie \
    --to=me@ziyao.cc \
    --cc=andrew.cooper3@citrix.com \
    --cc=bp@alien8.de \
    --cc=dave.hansen@linux.intel.com \
    --cc=hpa@zytor.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@redhat.com \
    --cc=stable@vger.kernel.org \
    --cc=tglx@kernel.org \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.