From: Greg KH <gregkh@linuxfoundation.org>
To: Mitchell Levy <levymitchell0@gmail.com>
Cc: stable@vger.kernel.org, Thomas Gleixner <tglx@linutronix.de>
Subject: Re: [PATCH 5.15.y] x86/fpu: Avoid writing LBR bit to IA32_XSS unless supported
Date: Fri, 11 Oct 2024 06:34:09 +0200 [thread overview]
Message-ID: <2024101158-olympics-onward-3e23@gregkh> (raw)
In-Reply-To: <20241010235731.10876-1-levymitchell0@gmail.com>
On Thu, Oct 10, 2024 at 04:57:31PM -0700, Mitchell Levy wrote:
> There are two distinct CPU features related to the use of XSAVES and LBR:
> whether LBR is itself supported and whether XSAVES supports LBR. The LBR
> subsystem correctly checks both in intel_pmu_arch_lbr_init(), but the
> XSTATE subsystem does not.
>
> The LBR bit is only removed from xfeatures_mask_independent when LBR is not
> supported by the CPU, but there is no validation of XSTATE support.
> If XSAVES does not support LBR the write to IA32_XSS causes a #GP fault,
> leaving the state of IA32_XSS unchanged, i.e. zero. The fault is handled
> with a warning and the boot continues.
>
> Consequently the next XRSTORS which tries to restore supervisor state fails
> with #GP because the RFBM has zero for all supervisor features, which does
> not match the XCOMP_BV field.
>
> As XFEATURE_MASK_FPSTATE includes supervisor features setting up the FPU
> causes a #GP, which ends up in fpu_reset_from_exception_fixup(). That fails
> due to the same problem resulting in recursive #GPs until the kernel runs
> out of stack space and double faults.
>
> Prevent this by storing the supported independent features in
> fpu_kernel_cfg during XSTATE initialization and use that cached value for
> retrieving the independent feature bits to be written into IA32_XSS.
>
> [ tglx: Massaged change log ]
>
> Fixes: f0dccc9da4c0 ("x86/fpu/xstate: Support dynamic supervisor feature for LBR")
> Suggested-by: Thomas Gleixner <tglx@linutronix.de>
> [ Mitchell Levy: Backport to 5.15, since struct fpu_config is not
> introduced until 578971f4e228 and feature masks are not included in
> said struct until 1c253ff2287f ]
> Signed-off-by: Mitchell Levy <levymitchell0@gmail.com>
> Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
> Cc: stable@vger.kernel.org
> Link: https://lore.kernel.org/all/20240812-xsave-lbr-fix-v3-1-95bac1bf62f4@gmail.com
> ---
> arch/x86/include/asm/fpu/xstate.h | 5 +++--
> arch/x86/kernel/fpu/xstate.c | 7 +++++++
> 2 files changed, 10 insertions(+), 2 deletions(-)
>
<formletter>
This is not the correct way to submit patches for inclusion in the
stable kernel tree. Please read:
https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html
for how to do this properly.
</formletter>
prev parent reply other threads:[~2024-10-11 4:40 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-08 12:16 FAILED: patch "[PATCH] x86/fpu: Avoid writing LBR bit to IA32_XSS unless supported" failed to apply to 5.15-stable tree gregkh
2024-10-10 23:57 ` [PATCH 5.15.y] x86/fpu: Avoid writing LBR bit to IA32_XSS unless supported Mitchell Levy
2024-10-11 4:34 ` Greg KH [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2024101158-olympics-onward-3e23@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=levymitchell0@gmail.com \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox