* [PATCH] x86/bugs: Fix GDS mitigation check for CPUs without ARCH_CAP_GDS_CTRL
@ 2025-08-15 3:53 lirongqing
2025-08-15 5:08 ` Pawan Gupta
0 siblings, 1 reply; 4+ messages in thread
From: lirongqing @ 2025-08-15 3:53 UTC (permalink / raw)
To: tglx, bp, peterz, jpoimboe, pawan.kumar.gupta, mingo, dave.hansen,
x86, hpa, david.kaplan, linux-kernel
Cc: Li RongQing
From: Li RongQing <lirongqing@baidu.com>
The commit 8c7261abcb7ad("x86/bugs: Add attack vector controls for GDS")
caused call traces during secondary CPU initialization because it didn't
properly handle CPUs that lack the ARCH_CAP_GDS_CTRL capability.
For CPUs without ARCH_CAP_GDS_CTRL support, we should set the mitigation
to GDS_MITIGATION_UCODE_NEEDED rather than GDS_MITIGATION_OFF, as these
CPUs may still be vulnerable but cannot disable mitigation.
Add the missing check for ARCH_CAP_GDS_CTRL to properly determine the
mitigation state for affected CPUs.
[ 2.809147] unchecked MSR access error: RDMSR from 0x123 at rIP: 0xffffffffb3452807 (update_gds_msr+0x87/0xe0)
(update_gds_msr+0x87/0xe0)
[ 2.809147] Call Trace:
[ 2.809147] <TASK>
[ 2.809147] identify_secondary_cpu+0x72/0x90
[ 2.809147] start_secondary+0x7a/0x140
[ 2.809147] common_startup_64+0x13e/0x141
[ 2.809147] </TASK>
[ 2.809147] unchecked MSR access error: WRMSR to 0x123 (tried to write 0x0000000000000010) at rIP: 0xffffffffb34527b8
(update_gds_msr+0x38/0xe0)
[ 2.809147] Call Trace:
[ 2.809147] <TASK>
[ 2.809147] identify_secondary_cpu+0x72/0x90
[ 2.809147] start_secondary+0x7a/0x140
[ 2.809147] common_startup_64+0x13e/0x141
[ 2.809147] </TASK>
[ 2.809147] ------------[ cut here ]------------
[ 2.809147] WARNING: CPU: 1 PID: 0 at arch/x86/kernel/cpu/bugs.c:1053 update_gds_msr+0x9b/0xe0
Fixes: 8c7261abcb7ad ("x86/bugs: Add attack vector controls for GDS")
Signed-off-by: Li RongQing <lirongqing@baidu.com>
---
arch/x86/kernel/cpu/bugs.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index b74bf93..3af911c 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -1071,6 +1071,8 @@ static void __init gds_select_mitigation(void)
gds_mitigation = GDS_MITIGATION_FULL;
else {
gds_mitigation = GDS_MITIGATION_OFF;
+ if (!(x86_arch_cap_msr & ARCH_CAP_GDS_CTRL))
+ gds_mitigation = GDS_MITIGATION_UCODE_NEEDED;
return;
}
}
--
2.9.4
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] x86/bugs: Fix GDS mitigation check for CPUs without ARCH_CAP_GDS_CTRL
2025-08-15 3:53 [PATCH] x86/bugs: Fix GDS mitigation check for CPUs without ARCH_CAP_GDS_CTRL lirongqing
@ 2025-08-15 5:08 ` Pawan Gupta
2025-08-15 5:28 ` [????] " Li,Rongqing
0 siblings, 1 reply; 4+ messages in thread
From: Pawan Gupta @ 2025-08-15 5:08 UTC (permalink / raw)
To: lirongqing
Cc: tglx, bp, peterz, jpoimboe, mingo, dave.hansen, x86, hpa,
david.kaplan, linux-kernel
On Fri, Aug 15, 2025 at 11:53:34AM +0800, lirongqing wrote:
> From: Li RongQing <lirongqing@baidu.com>
>
> The commit 8c7261abcb7ad("x86/bugs: Add attack vector controls for GDS")
> caused call traces during secondary CPU initialization because it didn't
> properly handle CPUs that lack the ARCH_CAP_GDS_CTRL capability.
>
> For CPUs without ARCH_CAP_GDS_CTRL support, we should set the mitigation
> to GDS_MITIGATION_UCODE_NEEDED rather than GDS_MITIGATION_OFF, as these
> CPUs may still be vulnerable but cannot disable mitigation.
>
> Add the missing check for ARCH_CAP_GDS_CTRL to properly determine the
> mitigation state for affected CPUs.
>
> [ 2.809147] unchecked MSR access error: RDMSR from 0x123 at rIP: 0xffffffffb3452807 (update_gds_msr+0x87/0xe0)
> (update_gds_msr+0x87/0xe0)
> [ 2.809147] Call Trace:
> [ 2.809147] <TASK>
> [ 2.809147] identify_secondary_cpu+0x72/0x90
> [ 2.809147] start_secondary+0x7a/0x140
> [ 2.809147] common_startup_64+0x13e/0x141
> [ 2.809147] </TASK>
> [ 2.809147] unchecked MSR access error: WRMSR to 0x123 (tried to write 0x0000000000000010) at rIP: 0xffffffffb34527b8
> (update_gds_msr+0x38/0xe0)
> [ 2.809147] Call Trace:
> [ 2.809147] <TASK>
> [ 2.809147] identify_secondary_cpu+0x72/0x90
> [ 2.809147] start_secondary+0x7a/0x140
> [ 2.809147] common_startup_64+0x13e/0x141
> [ 2.809147] </TASK>
> [ 2.809147] ------------[ cut here ]------------
> [ 2.809147] WARNING: CPU: 1 PID: 0 at arch/x86/kernel/cpu/bugs.c:1053 update_gds_msr+0x9b/0xe0
>
> Fixes: 8c7261abcb7ad ("x86/bugs: Add attack vector controls for GDS")
> Signed-off-by: Li RongQing <lirongqing@baidu.com>
> ---
> arch/x86/kernel/cpu/bugs.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
> index b74bf93..3af911c 100644
> --- a/arch/x86/kernel/cpu/bugs.c
> +++ b/arch/x86/kernel/cpu/bugs.c
> @@ -1071,6 +1071,8 @@ static void __init gds_select_mitigation(void)
> gds_mitigation = GDS_MITIGATION_FULL;
> else {
> gds_mitigation = GDS_MITIGATION_OFF;
> + if (!(x86_arch_cap_msr & ARCH_CAP_GDS_CTRL))
This check is already present few lines below.
> + gds_mitigation = GDS_MITIGATION_UCODE_NEEDED;
> return;
To avoid duplicating, a better fix could be to not return here, and let the
next block DTRT:
/* No microcode */
if (!(x86_arch_cap_msr & ARCH_CAP_GDS_CTRL)) {
if (gds_mitigation != GDS_MITIGATION_FORCE)
gds_mitigation = GDS_MITIGATION_UCODE_NEEDED;
return;
}
^ permalink raw reply [flat|nested] 4+ messages in thread
* RE: [????] Re: [PATCH] x86/bugs: Fix GDS mitigation check for CPUs without ARCH_CAP_GDS_CTRL
2025-08-15 5:08 ` Pawan Gupta
@ 2025-08-15 5:28 ` Li,Rongqing
2025-08-15 17:18 ` Pawan Gupta
0 siblings, 1 reply; 4+ messages in thread
From: Li,Rongqing @ 2025-08-15 5:28 UTC (permalink / raw)
To: Pawan Gupta
Cc: tglx@linutronix.de, bp@alien8.de, peterz@infradead.org,
jpoimboe@kernel.org, mingo@redhat.com,
dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com,
david.kaplan@amd.com, linux-kernel@vger.kernel.org
> -----Original Message-----
> From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
> Sent: 2025年8月15日 13:09
> To: Li,Rongqing <lirongqing@baidu.com>
> Cc: tglx@linutronix.de; bp@alien8.de; peterz@infradead.org;
> jpoimboe@kernel.org; mingo@redhat.com; dave.hansen@linux.intel.com;
> x86@kernel.org; hpa@zytor.com; david.kaplan@amd.com;
> linux-kernel@vger.kernel.org
> Subject: [????] Re: [PATCH] x86/bugs: Fix GDS mitigation check for CPUs without
> ARCH_CAP_GDS_CTRL
>
> On Fri, Aug 15, 2025 at 11:53:34AM +0800, lirongqing wrote:
> > From: Li RongQing <lirongqing@baidu.com>
> >
> > The commit 8c7261abcb7ad("x86/bugs: Add attack vector controls for
> > GDS") caused call traces during secondary CPU initialization because
> > it didn't properly handle CPUs that lack the ARCH_CAP_GDS_CTRL capability.
> >
> > For CPUs without ARCH_CAP_GDS_CTRL support, we should set the
> > mitigation to GDS_MITIGATION_UCODE_NEEDED rather than
> > GDS_MITIGATION_OFF, as these CPUs may still be vulnerable but cannot
> disable mitigation.
> >
> > Add the missing check for ARCH_CAP_GDS_CTRL to properly determine the
> > mitigation state for affected CPUs.
> >
> > [ 2.809147] unchecked MSR access error: RDMSR from 0x123 at rIP:
> 0xffffffffb3452807 (update_gds_msr+0x87/0xe0)
> > (update_gds_msr+0x87/0xe0)
> > [ 2.809147] Call Trace:
> > [ 2.809147] <TASK>
> > [ 2.809147] identify_secondary_cpu+0x72/0x90
> > [ 2.809147] start_secondary+0x7a/0x140
> > [ 2.809147] common_startup_64+0x13e/0x141
> > [ 2.809147] </TASK>
> > [ 2.809147] unchecked MSR access error: WRMSR to 0x123 (tried to write
> 0x0000000000000010) at rIP: 0xffffffffb34527b8
> > (update_gds_msr+0x38/0xe0)
> > [ 2.809147] Call Trace:
> > [ 2.809147] <TASK>
> > [ 2.809147] identify_secondary_cpu+0x72/0x90
> > [ 2.809147] start_secondary+0x7a/0x140
> > [ 2.809147] common_startup_64+0x13e/0x141
> > [ 2.809147] </TASK>
> > [ 2.809147] ------------[ cut here ]------------
> > [ 2.809147] WARNING: CPU: 1 PID: 0 at arch/x86/kernel/cpu/bugs.c:1053
> update_gds_msr+0x9b/0xe0
> >
> > Fixes: 8c7261abcb7ad ("x86/bugs: Add attack vector controls for GDS")
> > Signed-off-by: Li RongQing <lirongqing@baidu.com>
> > ---
> > arch/x86/kernel/cpu/bugs.c | 2 ++
> > 1 file changed, 2 insertions(+)
> >
> > diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
> > index b74bf93..3af911c 100644
> > --- a/arch/x86/kernel/cpu/bugs.c
> > +++ b/arch/x86/kernel/cpu/bugs.c
> > @@ -1071,6 +1071,8 @@ static void __init gds_select_mitigation(void)
> > gds_mitigation = GDS_MITIGATION_FULL;
> > else {
> > gds_mitigation = GDS_MITIGATION_OFF;
> > + if (!(x86_arch_cap_msr & ARCH_CAP_GDS_CTRL))
>
> This check is already present few lines below.
>
> > + gds_mitigation = GDS_MITIGATION_UCODE_NEEDED;
> > return;
>
> To avoid duplicating, a better fix could be to not return here, and let the next
> block DTRT:
But if cpu has ARCH_CAP_GDS_CTRL, the next block will be skipped, and the codes after checking ARCH_CAP_GDS_CTRL block will be run, this is not expected
So I add a duplicating check
Br
-Li
>
> /* No microcode */
> if (!(x86_arch_cap_msr & ARCH_CAP_GDS_CTRL)) {
> if (gds_mitigation != GDS_MITIGATION_FORCE)
> gds_mitigation =
> GDS_MITIGATION_UCODE_NEEDED;
> return;
> }
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [????] Re: [PATCH] x86/bugs: Fix GDS mitigation check for CPUs without ARCH_CAP_GDS_CTRL
2025-08-15 5:28 ` [????] " Li,Rongqing
@ 2025-08-15 17:18 ` Pawan Gupta
0 siblings, 0 replies; 4+ messages in thread
From: Pawan Gupta @ 2025-08-15 17:18 UTC (permalink / raw)
To: Li,Rongqing
Cc: tglx@linutronix.de, bp@alien8.de, peterz@infradead.org,
jpoimboe@kernel.org, mingo@redhat.com,
dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com,
david.kaplan@amd.com, linux-kernel@vger.kernel.org
On Fri, Aug 15, 2025 at 05:28:18AM +0000, Li,Rongqing wrote:
>
>
> > -----Original Message-----
> > From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
> > Sent: 2025年8月15日 13:09
> > To: Li,Rongqing <lirongqing@baidu.com>
> > Cc: tglx@linutronix.de; bp@alien8.de; peterz@infradead.org;
> > jpoimboe@kernel.org; mingo@redhat.com; dave.hansen@linux.intel.com;
> > x86@kernel.org; hpa@zytor.com; david.kaplan@amd.com;
> > linux-kernel@vger.kernel.org
> > Subject: [????] Re: [PATCH] x86/bugs: Fix GDS mitigation check for CPUs without
> > ARCH_CAP_GDS_CTRL
> >
> > On Fri, Aug 15, 2025 at 11:53:34AM +0800, lirongqing wrote:
> > > From: Li RongQing <lirongqing@baidu.com>
> > >
> > > The commit 8c7261abcb7ad("x86/bugs: Add attack vector controls for
> > > GDS") caused call traces during secondary CPU initialization because
> > > it didn't properly handle CPUs that lack the ARCH_CAP_GDS_CTRL capability.
> > >
> > > For CPUs without ARCH_CAP_GDS_CTRL support, we should set the
> > > mitigation to GDS_MITIGATION_UCODE_NEEDED rather than
> > > GDS_MITIGATION_OFF, as these CPUs may still be vulnerable but cannot
> > disable mitigation.
> > >
> > > Add the missing check for ARCH_CAP_GDS_CTRL to properly determine the
> > > mitigation state for affected CPUs.
> > >
> > > [ 2.809147] unchecked MSR access error: RDMSR from 0x123 at rIP:
> > 0xffffffffb3452807 (update_gds_msr+0x87/0xe0)
> > > (update_gds_msr+0x87/0xe0)
> > > [ 2.809147] Call Trace:
> > > [ 2.809147] <TASK>
> > > [ 2.809147] identify_secondary_cpu+0x72/0x90
> > > [ 2.809147] start_secondary+0x7a/0x140
> > > [ 2.809147] common_startup_64+0x13e/0x141
> > > [ 2.809147] </TASK>
> > > [ 2.809147] unchecked MSR access error: WRMSR to 0x123 (tried to write
> > 0x0000000000000010) at rIP: 0xffffffffb34527b8
> > > (update_gds_msr+0x38/0xe0)
> > > [ 2.809147] Call Trace:
> > > [ 2.809147] <TASK>
> > > [ 2.809147] identify_secondary_cpu+0x72/0x90
> > > [ 2.809147] start_secondary+0x7a/0x140
> > > [ 2.809147] common_startup_64+0x13e/0x141
> > > [ 2.809147] </TASK>
> > > [ 2.809147] ------------[ cut here ]------------
> > > [ 2.809147] WARNING: CPU: 1 PID: 0 at arch/x86/kernel/cpu/bugs.c:1053
> > update_gds_msr+0x9b/0xe0
> > >
> > > Fixes: 8c7261abcb7ad ("x86/bugs: Add attack vector controls for GDS")
> > > Signed-off-by: Li RongQing <lirongqing@baidu.com>
> > > ---
> > > arch/x86/kernel/cpu/bugs.c | 2 ++
> > > 1 file changed, 2 insertions(+)
> > >
> > > diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
> > > index b74bf93..3af911c 100644
> > > --- a/arch/x86/kernel/cpu/bugs.c
> > > +++ b/arch/x86/kernel/cpu/bugs.c
> > > @@ -1071,6 +1071,8 @@ static void __init gds_select_mitigation(void)
> > > gds_mitigation = GDS_MITIGATION_FULL;
> > > else {
> > > gds_mitigation = GDS_MITIGATION_OFF;
> > > + if (!(x86_arch_cap_msr & ARCH_CAP_GDS_CTRL))
> >
> > This check is already present few lines below.
> >
> > > + gds_mitigation = GDS_MITIGATION_UCODE_NEEDED;
> > > return;
> >
> > To avoid duplicating, a better fix could be to not return here, and let the next
> > block DTRT:
>
> But if cpu has ARCH_CAP_GDS_CTRL, the next block will be skipped, and the
> codes after checking ARCH_CAP_GDS_CTRL block will be run, this is not
> expected
How is that a problem? That is how it was originally implemented.
Infact, the following checks are required for the correct behavior:
if (mcu_ctrl & GDS_MITG_LOCKED) {
if (gds_mitigation == GDS_MITIGATION_OFF)
pr_warn("Mitigation locked. Disable failed.\n");
...
gds_mitigation = GDS_MITIGATION_FULL_LOCKED;
}
If the GDS microcode mitigation is locked before the kernel boot, MSR write
for OFF will not take effect anyways. And you report OFF when the
mitigation is locked to ON. While also triggering below WARN_ON_ONCE():
update_gds_msr()
{
...
/*
* Check to make sure that the WRMSR value was not ignored. Writes to
* GDS_MITG_DIS will be ignored if this processor is locked but the boot
* processor was not.
*/
rdmsrq(MSR_IA32_MCU_OPT_CTRL, mcu_ctrl_after);
WARN_ON_ONCE(mcu_ctrl != mcu_ctrl_after);
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2025-08-15 17:18 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-08-15 3:53 [PATCH] x86/bugs: Fix GDS mitigation check for CPUs without ARCH_CAP_GDS_CTRL lirongqing
2025-08-15 5:08 ` Pawan Gupta
2025-08-15 5:28 ` [????] " Li,Rongqing
2025-08-15 17:18 ` Pawan Gupta
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).