From: "Lendacky, Thomas" <Thomas.Lendacky@amd.com>
To: Paul Menzel <pmenzel@molgen.mpg.de>, Borislav Petkov <bp@alien8.de>
Cc: Thomas Gleixner <tglx@linutronix.de>,
Jiri Kosina <jikos@kernel.org>, "x86@kernel.org" <x86@kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
Tim Chen <tim.c.chen@linux.intel.com>
Subject: Re: General protection fault in `switch_mm_irqs_off()`
Date: Thu, 10 Jan 2019 15:53:11 +0000 [thread overview]
Message-ID: <79744a6a-91c9-9318-3155-c1942cccf5f2@amd.com> (raw)
In-Reply-To: <9bbcbaa7-b164-fcef-0588-7c5f25aa2440@molgen.mpg.de>
On 1/10/19 7:57 AM, Paul Menzel wrote:
> Dear Borislav,
>
>
> On 01/09/19 22:11, Borislav Petkov wrote:
>> On Wed, Jan 09, 2019 at 05:34:11PM +0100, Paul Menzel wrote:
>>> Is there a way to trace the value of `boot_cpu_data` from
>>> `arch/x86/include/asm/cpufeature.h` with some Linux Kernel magic?
>>>
>>> #define boot_cpu_has(bit) cpu_has(&boot_cpu_data, bit)
>>>
>>> Or is rebuilding with print statements the only solution?
>>
>> Yes. Just apply this and catch output. It is a wild guess anyway as
>> this whole deal looks really strange but at least it should not #GP the
>> machine.
>>
>> ---
>> diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h
>> index dad12b767ba0..ec4688779900 100644
>> --- a/arch/x86/include/asm/nospec-branch.h
>> +++ b/arch/x86/include/asm/nospec-branch.h
>> @@ -284,6 +284,9 @@ static inline void indirect_branch_prediction_barrier(void)
>> {
>> u64 val = PRED_CMD_IBPB;
>>
>> + if (WARN_ON(boot_cpu_has(X86_FEATURE_USE_IBPB)))
>> + return;
>> +
>> alternative_msr_write(MSR_IA32_PRED_CMD, val, X86_FEATURE_USE_IBPB);
>> }
>>
>> diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
>> index 1de0f4170178..4ed4cc99a2c0 100644
>> --- a/arch/x86/kernel/cpu/bugs.c
>> +++ b/arch/x86/kernel/cpu/bugs.c
>> @@ -371,6 +371,8 @@ spectre_v2_user_select_mitigation(enum spectre_v2_mitigation_cmd v2_cmd)
>> if (boot_cpu_has(X86_FEATURE_IBPB)) {
>> setup_force_cpu_cap(X86_FEATURE_USE_IBPB);
>>
>> + pr_err("%s: set X86_FEATURE_USE_IBPB\n", __func__);
>> +
>> switch (cmd) {
>> case SPECTRE_V2_USER_CMD_FORCE:
>> case SPECTRE_V2_USER_CMD_PRCTL_IBPB:
>
> Thank you very much. Indeed, the machine does not crash. I used Linus’
> master branch for testing, and applied your patch on top. Please find
> the full log attached.
Checking the original log file again, it showed the mitigation message
for IBPB that is just after the above switch statement, so this print
output is expected. What about applying this patch on top of the patch
from Boris:
---
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index cb28e98a0659..b0ea6886ef15 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -779,6 +779,7 @@ static void init_speculation_control(struct cpuinfo_x86 *c)
set_cpu_cap(c, X86_FEATURE_IBRS);
set_cpu_cap(c, X86_FEATURE_IBPB);
set_cpu_cap(c, X86_FEATURE_MSR_SPEC_CTRL);
+ pr_err("%s: set X86_FEATURE_IBPB via X86_FEATURE_SPEC_CTRL: cpuid 0x07[EDX]=%#x\n", __func__, cpuid_edx(0x07));
}
if (cpu_has(c, X86_FEATURE_INTEL_STIBP))
@@ -793,8 +794,10 @@ static void init_speculation_control(struct cpuinfo_x86 *c)
set_cpu_cap(c, X86_FEATURE_MSR_SPEC_CTRL);
}
- if (cpu_has(c, X86_FEATURE_AMD_IBPB))
+ if (cpu_has(c, X86_FEATURE_AMD_IBPB)) {
set_cpu_cap(c, X86_FEATURE_IBPB);
+ pr_err("%s: set X86_FEATURE_IBPB via X86_FEATURE_AMD_IBPB: cpuid 0x80000008[EBX]=%#x\n", __func__, cpuid_ebx(0x80000008));
+ }
if (cpu_has(c, X86_FEATURE_AMD_STIBP)) {
set_cpu_cap(c, X86_FEATURE_STIBP);
--
Thanks,
Tom
>
> ```
> $ git describe --tags origin/master
> v5.0-rc1-26-g500cf822f80f
> $ dmesg
> […]
> [ 7.262018] microcode: CPU0: patch_level=0x0600063e
> […]
> [ 3.198107] Spectre V2 : mitigation: Enabling conditional Indirect Branch Prediction Barrier
> […]
> [ 8.786863] Run /init as init process
> [ 8.792006] WARNING: CPU: 1 PID: 0 at ./arch/x86/include/asm/nospec-branch.h:287 switch_mm_irqs_off+0x5ec/0x680
> [ 8.802384] Modules linked in:
> [ 8.805586] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.0.0-rc1.mx64.236-00027-ged01f563987a #1
> [ 8.814529] Hardware name: ASUS KGPE-D16/KGPE-D16, BIOS 4.9-213-gdb866ba200 01/08/2019
> [ 8.822677] RIP: 0010:switch_mm_irqs_off+0x5ec/0x680
> [ 8.827801] Code: 31 d2 31 f6 e8 95 4a da 00 49 8b 06 48 85 c0 75 e7 e8 88 ee 06 00 44 89 fe 48 c7 c7 c0 a1 46 82 e8 69 88 06 00 e9 57 fc ff ff <0f> 0b e9 d3 fa ff ff 0f 0b e9 6b ff ff ff 0f 0b e9 22 fe ff ff 0f
> [ 8.847001] RSP: 0018:ffffc900062bfe20 EFLAGS: 00010003
> [ 8.852374] RAX: 052a310401c13fff RBX: ffff88881b748800 RCX: 0000000000000000
> [ 8.859655] RDX: 0000000000000001 RSI: ffff88881caed080 RDI: ffff88881b748800
> [ 8.866952] RBP: ffffc900062bfe70 R08: 000000020c098c00 R09: 0000000000000000
> [ 8.874237] R10: ffffc900062bfe88 R11: 0000000000000000 R12: ffffffff8247e460
> [ 8.881529] R13: 0000000000000000 R14: 0000000000000001 R15: ffff88881db28f00
> [ 8.888810] FS: 0000000000000000(0000) GS:ffff88881fa40000(0000) knlGS:0000000000000000
> [ 8.897146] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 8.903066] CR2: 0000000000000000 CR3: 000000000240e000 CR4: 00000000000406e0
> [ 8.910398] Call Trace:
> [ 8.912994] ? __schedule+0x1b9/0x7b0
> [ 8.916795] __schedule+0x1b9/0x7b0
> [ 8.920436] schedule_idle+0x1e/0x40
> [ 8.924155] do_idle+0x146/0x200
> [ 8.927577] cpu_startup_entry+0x19/0x20
> [ 8.931641] start_secondary+0x183/0x1b0
> [ 8.935722] secondary_startup_64+0xa4/0xb0
> [ 8.940066] ---[ end trace 948cf50690b0f4b1 ]---
> ```
>
>
> Kind regards,
>
> Paul
>
next prev parent reply other threads:[~2019-01-10 15:56 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-03 21:45 General protection fault in `switch_mm_irqs_off()` Paul Menzel
2019-01-04 12:41 ` Paul Menzel
2019-01-04 15:47 ` Borislav Petkov
2019-01-04 17:32 ` Lendacky, Thomas
2019-01-04 16:42 ` Jiri Kosina
[not found] ` <cb7ba667-562b-1e4c-f16e-7c11804bc98a@molgen.mpg.de>
2019-01-09 13:16 ` Thomas Gleixner
2019-01-09 13:35 ` Paul Menzel
2019-01-09 14:29 ` Lendacky, Thomas
2019-01-09 14:34 ` Paul Menzel
2019-01-09 16:15 ` Lendacky, Thomas
2019-01-09 16:34 ` Paul Menzel
2019-01-09 21:11 ` Borislav Petkov
[not found] ` <9bbcbaa7-b164-fcef-0588-7c5f25aa2440@molgen.mpg.de>
2019-01-10 15:53 ` Lendacky, Thomas [this message]
2019-01-10 16:02 ` Borislav Petkov
2019-01-10 16:00 ` Borislav Petkov
2019-01-10 16:49 ` Paul Menzel
2019-01-10 18:34 ` Lendacky, Thomas
2019-01-14 17:00 ` Lendacky, Thomas
2019-01-14 17:09 ` Paul Menzel
2019-01-14 17:37 ` Lendacky, Thomas
2019-10-02 15:52 ` Paul Menzel
2019-01-09 13:19 ` Paul Menzel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=79744a6a-91c9-9318-3155-c1942cccf5f2@amd.com \
--to=thomas.lendacky@amd.com \
--cc=bp@alien8.de \
--cc=jikos@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pmenzel@molgen.mpg.de \
--cc=tglx@linutronix.de \
--cc=tim.c.chen@linux.intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox