[PATCH v2 0/2] x86: disable IRQs during CR4 changes

[Nadav Amit <namit@vmware.com>]

CR4 needs to be updated atomically with its shadow value, as CR4 updates are
performed in read-modify-write fashion which are based on the shadow value. If
CR4 is changed between the read and the write, CR4 might not be updated
correctly.

For this to happen, CR4 needs to be rewritten by an interrupt handler.
[Presumably, writes to CR4 take place while preemption is disabled, although
due to the experience with CR3 - who knows.] CR4.PGD can be updated by an
interrupt handler, but it is restored to its previous value, so it should not
introduce a race. However, it seems that allowing CR4 updates without disabling
IRQs may present a potential future bug.

Cc: Andy Lutomirski <luto@kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: x86@kernel.org
Cc: Tony Luck <tony.luck@intel.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: "Radim Krčmář" <rkrcmar@redhat.com>

v1 -> v2:
  - Break into two patches (Andy)
  - Rename refactored function to __cr4_set() (Andy) 

Nadav Amit (2):
  x86: refactor CR4 setting and shadow write
  x86: disable IRQs before changing CR4

 arch/x86/include/asm/mmu_context.h   |  4 ++--
 arch/x86/include/asm/tlbflush.h      | 40 +++++++++++++++++++++---------------
 arch/x86/include/asm/virtext.h       |  2 +-
 arch/x86/kernel/cpu/common.c         | 38 +++++++++++++++++++++++++---------
 arch/x86/kernel/cpu/mcheck/mce.c     |  5 ++++-
 arch/x86/kernel/cpu/mcheck/p5.c      |  6 +++++-
 arch/x86/kernel/cpu/mcheck/winchip.c |  5 ++++-
 arch/x86/kernel/fpu/init.c           |  2 +-
 arch/x86/kernel/fpu/xstate.c         |  4 ++--
 arch/x86/kernel/process.c            | 20 +++++++++++++-----
 arch/x86/kernel/reboot.c             |  2 +-
 arch/x86/kvm/vmx.c                   | 13 ++++++++++--
 arch/x86/mm/init.c                   |  6 +++++-
 13 files changed, 102 insertions(+), 45 deletions(-)

-- 
2.14.1