[PATCH BACKPORT 3.4 - 4.5] x86/traps: Ignore high word of regs->cs in early_idt_handler

stable.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH BACKPORT 3.4 - 4.5] x86/traps: Ignore high word of regs->cs in early_idt_handler_common
@ 2016-11-30 20:37 Andy Lutomirski
  2016-12-01  8:48 ` Jiri Slaby
  2016-12-01 14:51 ` Willy Tarreau
  0 siblings, 2 replies; 4+ messages in thread
From: Andy Lutomirski @ 2016-11-30 20:37 UTC (permalink / raw)
  To: stable; +Cc: Matthew Whitehead, Greg KH, Andy Lutomirski, H . Peter Anvin

This is a backport of:
commit cb32c69920e58a1a58e7b5cad975038a69c0ce7d upstream

On the 80486 DX, it seems that some exceptions may leave garbage in
the high bits of CS.  This causes sporadic failures in which
early_fixup_exception() refuses to fix up an exception.

As far as I can tell, this has been buggy for a long time, but the
problem seems to have been exacerbated by commit 1e02ce4cccdc ("x86:
Store a per-cpu shadow copy of CR4") and commit e1bfc11c5a6f
("x86/init: Fix cr4_init_shadow() on CR4-less machines").

This appears to have broken for as long as we've had early
exception handling.

[ This backport should apply to kernels from 3.4 - 4.5. ]

Fixes: 4c5023a3fa2e ("x86-32: Handle exception table entries during early boot")
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: stable@vger.kernel.org
Reported-by: Matthew Whitehead <tedheadster@gmail.com>
Signed-off-by: Andy Lutomirski <luto@kernel.org>
---
 arch/x86/kernel/head_32.S | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S
index af1112980dd4..99373aa0762a 100644
--- a/arch/x86/kernel/head_32.S
+++ b/arch/x86/kernel/head_32.S
@@ -571,7 +571,7 @@ early_idt_handler_common:
 	movl %eax,%ds
 	movl %eax,%es
 
-	cmpl $(__KERNEL_CS),32(%esp)
+	cmpw $(__KERNEL_CS),32(%esp)
 	jne 10f
 
 	leal 28(%esp),%eax	# Pointer to %eip
-- 
2.9.3


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH BACKPORT 3.4 - 4.5] x86/traps: Ignore high word of regs->cs in early_idt_handler_common
  2016-11-30 20:37 [PATCH BACKPORT 3.4 - 4.5] x86/traps: Ignore high word of regs->cs in early_idt_handler_common Andy Lutomirski
@ 2016-12-01  8:48 ` Jiri Slaby
  2016-12-01 17:26   ` Andy Lutomirski
  2016-12-01 14:51 ` Willy Tarreau
  1 sibling, 1 reply; 4+ messages in thread
From: Jiri Slaby @ 2016-12-01  8:48 UTC (permalink / raw)
  To: Andy Lutomirski, stable; +Cc: Matthew Whitehead, Greg KH, H . Peter Anvin

On 11/30/2016, 09:37 PM, Andy Lutomirski wrote:
> This is a backport of:
> commit cb32c69920e58a1a58e7b5cad975038a69c0ce7d upstream

This is in fact fc0e81b2bea0ebceb71889b61d2240856141c9ee, right?

And it appears to have a different commit log :/.

Can we have that corrected?

> On the 80486 DX, it seems that some exceptions may leave garbage in
> the high bits of CS.  This causes sporadic failures in which
> early_fixup_exception() refuses to fix up an exception.
> 
> As far as I can tell, this has been buggy for a long time, but the
> problem seems to have been exacerbated by commit 1e02ce4cccdc ("x86:
> Store a per-cpu shadow copy of CR4") and commit e1bfc11c5a6f
> ("x86/init: Fix cr4_init_shadow() on CR4-less machines").
> 
> This appears to have broken for as long as we've had early
> exception handling.
> 
> [ This backport should apply to kernels from 3.4 - 4.5. ]
> 
> Fixes: 4c5023a3fa2e ("x86-32: Handle exception table entries during early boot")
> Cc: H. Peter Anvin <hpa@zytor.com>
> Cc: stable@vger.kernel.org
> Reported-by: Matthew Whitehead <tedheadster@gmail.com>
> Signed-off-by: Andy Lutomirski <luto@kernel.org>
> ---
>  arch/x86/kernel/head_32.S | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S
> index af1112980dd4..99373aa0762a 100644
> --- a/arch/x86/kernel/head_32.S
> +++ b/arch/x86/kernel/head_32.S
> @@ -571,7 +571,7 @@ early_idt_handler_common:
>  	movl %eax,%ds
>  	movl %eax,%es
>  
> -	cmpl $(__KERNEL_CS),32(%esp)
> +	cmpw $(__KERNEL_CS),32(%esp)
>  	jne 10f
>  
>  	leal 28(%esp),%eax	# Pointer to %eip
> 

thanks,
-- 
js
suse labs

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH BACKPORT 3.4 - 4.5] x86/traps: Ignore high word of regs->cs in early_idt_handler_common
  2016-11-30 20:37 [PATCH BACKPORT 3.4 - 4.5] x86/traps: Ignore high word of regs->cs in early_idt_handler_common Andy Lutomirski
  2016-12-01  8:48 ` Jiri Slaby
@ 2016-12-01 14:51 ` Willy Tarreau
  1 sibling, 0 replies; 4+ messages in thread
From: Willy Tarreau @ 2016-12-01 14:51 UTC (permalink / raw)
  To: Andy Lutomirski; +Cc: stable, Matthew Whitehead, Greg KH, H . Peter Anvin

On Wed, Nov 30, 2016 at 12:37:53PM -0800, Andy Lutomirski wrote:
> This is a backport of:
> commit cb32c69920e58a1a58e7b5cad975038a69c0ce7d upstream
> 
> On the 80486 DX, it seems that some exceptions may leave garbage in
> the high bits of CS.  This causes sporadic failures in which
> early_fixup_exception() refuses to fix up an exception.
> 
> As far as I can tell, this has been buggy for a long time, but the
> problem seems to have been exacerbated by commit 1e02ce4cccdc ("x86:
> Store a per-cpu shadow copy of CR4") and commit e1bfc11c5a6f
> ("x86/init: Fix cr4_init_shadow() on CR4-less machines").
> 
> This appears to have broken for as long as we've had early
> exception handling.
> 
> [ This backport should apply to kernels from 3.4 - 4.5. ]

This morning before coffee took effect I read 3.4-3.5 so I classed
it, now I've queued it for 3.10.

Thanks Andy!
Willy

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH BACKPORT 3.4 - 4.5] x86/traps: Ignore high word of regs->cs in early_idt_handler_common
  2016-12-01  8:48 ` Jiri Slaby
@ 2016-12-01 17:26   ` Andy Lutomirski
  0 siblings, 0 replies; 4+ messages in thread
From: Andy Lutomirski @ 2016-12-01 17:26 UTC (permalink / raw)
  To: Jiri Slaby
  Cc: Andy Lutomirski, stable, Matthew Whitehead, Greg KH,
	H . Peter Anvin

On Thu, Dec 1, 2016 at 12:48 AM, Jiri Slaby <jslaby@suse.cz> wrote:
> On 11/30/2016, 09:37 PM, Andy Lutomirski wrote:
>> This is a backport of:
>> commit cb32c69920e58a1a58e7b5cad975038a69c0ce7d upstream
>
> This is in fact fc0e81b2bea0ebceb71889b61d2240856141c9ee, right?
>
> And it appears to have a different commit log :/.
>
> Can we have that corrected?

Sorry -- I grabbed the wrong git version.  The diff is correct but the
changelog was indeed out of date.  I'll send v2.  There will still be
small changelog differences because the buggy function is in a
different place and has a different name.

--Andy

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2016-12-01 17:27 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-11-30 20:37 [PATCH BACKPORT 3.4 - 4.5] x86/traps: Ignore high word of regs->cs in early_idt_handler_common Andy Lutomirski
2016-12-01  8:48 ` Jiri Slaby
2016-12-01 17:26   ` Andy Lutomirski
2016-12-01 14:51 ` Willy Tarreau

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).