From: David Laight <david.laight.linux@gmail.com>
To: Tony W Wang-oc <TonyWWang-oc@zhaoxin.com>
Cc: <me@ziyao.cc>, <andrew.cooper3@citrix.com>, <bp@alien8.de>,
<dave.hansen@linux.intel.com>, <hpa@zytor.com>,
<linux-kernel@vger.kernel.org>, <mingo@redhat.com>,
<stable@vger.kernel.org>, <tglx@kernel.org>, <x86@kernel.org>,
David Wang <davidwang@zhaoxin.com>, <lukelin@viacpu.com>,
<brucechang@via-alliance.com>,
"TimGuo@zhaoxin.com" <TimGuo@zhaoxin.com>,
<cooperyan@zhaoxin.com>, <benjaminpan@viatech.com>,
<TimGuo-oc@zhaoxin.com>, <QiyuanWang@zhaoxin.com>,
<HerryYang@zhaoxin.com>,
"CobeChen@zhaoxin.com" <CobeChen@zhaoxin.com>
Subject: Re: [PATCH] x86/cpu/centaur: Disable X86_FEATURE_FSGSBASE on Zhaoxin C4600
Date: Thu, 5 Mar 2026 14:11:58 +0000 [thread overview]
Message-ID: <20260305141158.294ee1e9@pumpkin> (raw)
In-Reply-To: <70139192-54e5-4a4b-bc96-1fe3ec4f7a0b@zhaoxin.com>
On Thu, 5 Mar 2026 17:03:07 +0800
Tony W Wang-oc <TonyWWang-oc@zhaoxin.com> wrote:
> Thank you for submitting the patch to fix the Zhaoxin CPU issue.
>
> After internal clarification, we have confirmed that this is an
> issue with the ZX-C CPU ucode:
> When modifying CR4.FSGSBASE bit 16, the ucode propagates its
> value to another MSR register. During execution of FSGSBASE-related
> instructions, the hardware actually checks whether this MSR
> register's bit is set to determine whether to generate a #UD
> exception.
> When the CPU enters SMM mode and then returns via RSM, the CR4
> register is restored but the value of CR4.FSGSBASE is not
> re-propagated to the MSR register.
> As a result, after enabling CR4.FSGSBASE, once the CPU goes
> through SMM mode, executing FSGSBASE-related instructions will
> trigger a #UD exception.
>
> This issue exists only on ZX-C CPUs, which have two different
> CPU vendor IDs and distinct FMS values. The following patch can
> be used to identify ZX-C CPUs and properly handle this issue:
>
> --- a/arch/x86/kernel/cpu/centaur.c
> +++ b/arch/x86/kernel/cpu/centaur.c
> @@ -201,6 +201,11 @@ static void init_centaur(struct cpuinfo_x86 *c)
> set_cpu_cap(c, X86_FEATURE_LFENCE_RDTSC);
> #endif
>
> + if (c->x86 == 6 && c->x86_model == 15 && c->x86_stepping >= 14) {
The '>= 14' looks odd to me.
It implies it all worked, got broken, and will never be fixed.
I'd also add a 1-line comment, something like:
/* CR4.FSGSBASE not copied to MSR on return from SMM mode. */
David
> + pr_warn_once("CPU has broken FSGSBASE support; clear
> FSGSBASE feature\n");
> + setup_clear_cpu_cap(X86_FEATURE_FSGSBASE);
> + }
> +
> init_ia32_feat_ctl(c);
> }
>
> diff --git a/arch/x86/kernel/cpu/zhaoxin.c b/arch/x86/kernel/cpu/zhaoxin.c
> index 031379b7d4fa..6a2d6df307ee 100644
> --- a/arch/x86/kernel/cpu/zhaoxin.c
> +++ b/arch/x86/kernel/cpu/zhaoxin.c
> @@ -89,6 +89,11 @@ static void init_zhaoxin(struct cpuinfo_x86 *c)
> set_cpu_cap(c, X86_FEATURE_LFENCE_RDTSC);
> #endif
>
> + if (c->x86 == 6 && c->x86_model == 25 && c->x86_stepping <= 3) {
> + pr_warn_once("CPU has broken FSGSBASE support; clear
> FSGSBASE feature\n");
> + setup_clear_cpu_cap(X86_FEATURE_FSGSBASE);
> + }
> +
> init_ia32_feat_ctl(c);
> }
>
> Sincerely
> TonyWWang-oc
>
next prev parent reply other threads:[~2026-03-05 14:12 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-28 17:37 [PATCH] x86/cpu/centaur: Disable X86_FEATURE_FSGSBASE on Zhaoxin C4600 Yao Zi
2026-02-28 19:06 ` Borislav Petkov
2026-03-01 9:27 ` Yao Zi
2026-03-01 18:37 ` David Laight
2026-03-02 5:09 ` Yao Zi
2026-03-01 0:33 ` Dave Hansen
2026-03-01 9:10 ` Yao Zi
2026-03-01 10:28 ` Borislav Petkov
2026-03-01 16:29 ` Andrew Cooper
2026-03-02 5:08 ` Yao Zi
2026-03-02 9:36 ` Andrew Cooper
2026-03-05 9:03 ` Tony W Wang-oc
2026-03-05 12:40 ` Andrew Cooper
2026-03-05 14:04 ` Yao Zi
2026-03-05 14:10 ` Andrew Cooper
2026-03-05 14:11 ` David Laight [this message]
2026-03-05 16:20 ` Dave Hansen
2026-03-12 2:14 ` Tony W Wang-oc
2026-03-12 15:52 ` Dave Hansen
2026-03-17 7:41 ` Tony W Wang-oc
2026-03-17 15:21 ` Dave Hansen
2026-03-18 3:44 ` Tony W Wang-oc
-- strict thread matches above, loose matches on Subject: below --
2026-03-05 20:26 Christian Ludloff
2026-03-12 2:18 ` Tony W Wang-oc
2026-03-12 16:31 ` Christian Ludloff
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260305141158.294ee1e9@pumpkin \
--to=david.laight.linux@gmail.com \
--cc=CobeChen@zhaoxin.com \
--cc=HerryYang@zhaoxin.com \
--cc=QiyuanWang@zhaoxin.com \
--cc=TimGuo-oc@zhaoxin.com \
--cc=TimGuo@zhaoxin.com \
--cc=TonyWWang-oc@zhaoxin.com \
--cc=andrew.cooper3@citrix.com \
--cc=benjaminpan@viatech.com \
--cc=bp@alien8.de \
--cc=brucechang@via-alliance.com \
--cc=cooperyan@zhaoxin.com \
--cc=dave.hansen@linux.intel.com \
--cc=davidwang@zhaoxin.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=lukelin@viacpu.com \
--cc=me@ziyao.cc \
--cc=mingo@redhat.com \
--cc=stable@vger.kernel.org \
--cc=tglx@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox