Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp582732pxf; Thu, 25 Mar 2021 09:35:13 -0700 (PDT) X-Google-Smtp-Source: ABdhPJygOWPkWgWoTwLppM6NMSvGco07tfQlH0250q6Dv+aAXGuCkm/KXVq0GEuxd41Dlt2uPV8N X-Received: by 2002:a05:6402:510f:: with SMTP id m15mr10196160edd.328.1616690113289; Thu, 25 Mar 2021 09:35:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1616690113; cv=none; d=google.com; s=arc-20160816; b=ZzBBa9T3RlRzi78Ntn0JsHZekDp6+ENTEhX+luJxeNsOwoUbYzKkdc0eCayGlV+r3R ST3Ope3YarFWWjgEUKpH/N+/H6L8jEu1mOTMlqUV4NsCM/ZxnsP0unRt+9QD+FSpu7SX DCSP20yYhy8GZtbH7HGOgRgE45Mmep8sPNjxb8hxkIRvOSAma2T//tG5Lx4KbuqjrLPZ 39o8NWYSQFihQEoY1lUJGaD6fqKiBdDZ6jOqkbIzww4wxIvxwlgHcmi18VOrjpuvBsGA imfsQDxXqEMT0tLwNcrzlGRg/YaUmojckxopc+VDnGY4bCfM1FTDDf4wGp1BSmEeOVZc OKzg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:user-agent:references:message-id :in-reply-to:subject:cc:to:from:date:dkim-signature; bh=icx8/ROiUGbXEvPXqjuw1B6ZehL0QY6lhCYqvdH4CJ8=; b=LNEYlu4GKrUUtts3vuv2VaBV5pGKGSHgs6edL+TuQsqnSWDhisQNANdXkGFJRGWBpJ L2b5TOpaPkxiB1WJYpveEUcfquUVscGcO/fvXdTtxSZ1q6waYF6OPT2gR4zBDXx/2bLh 4BsdmvVEAKdSuz84EESyD2oQ1ZWtFkU35UKhKsZwkQOCGNrd05OPwKs3wFYdGQP3utNe kTkqbA85CEv5LvsYyTj/1IcLGUN5pjJWZ9IAZxSDU6Ur3XXF6xkiGQRzj6/NJPuL50nS Mrb5iL44gI4D7eTHEoOxvcHfnuYXnF4TYmNos8vSVel/7VeYm2Kecpxf6tdE31unj/94 8S7w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=eUCzvhUo; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id qn25si4728393ejb.22.2021.03.25.09.34.49; Thu, 25 Mar 2021 09:35:13 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=eUCzvhUo; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229798AbhCYQdt (ORCPT + 99 others); Thu, 25 Mar 2021 12:33:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50368 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229760AbhCYQdh (ORCPT ); Thu, 25 Mar 2021 12:33:37 -0400 Received: from mail-oo1-xc2d.google.com (mail-oo1-xc2d.google.com [IPv6:2607:f8b0:4864:20::c2d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D1654C06175F for ; Thu, 25 Mar 2021 09:33:36 -0700 (PDT) Received: by mail-oo1-xc2d.google.com with SMTP id n12-20020a4ad12c0000b02901b63e7bc1b4so630481oor.5 for ; Thu, 25 Mar 2021 09:33:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:from:to:cc:subject:in-reply-to:message-id:references :user-agent:mime-version; bh=icx8/ROiUGbXEvPXqjuw1B6ZehL0QY6lhCYqvdH4CJ8=; b=eUCzvhUoDqhYbjAH/SCI1XADZLyN9X7jUMHfbTvpOy+csA1Cd9M43F9i7MlUaxXEz5 yjZ9APiih/xX2QvOayE8n2i48Pm03qMcm/gKdnnrSPrxls0mSoFpGG7OhwS9/mxLYnZw BHer52FF/fh/x1nUmykh3jFZQWB1CRBhXMAefu1mGtIWjD7OVai7eoZLk8lNe9MmofEh UqzW2fDxQU0jHq4ksI/9OZGcJ6DGWY4axXrtkMbrvBIgfhnctemnFSOIFa/BNTL049Dm +kyxe8PMkzbTxJlue49Lr2ed3MnhWbVbvpz+QaY9l7MhFUoG+4bw5YJcw+j548AvwYuY xtug== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:in-reply-to:message-id :references:user-agent:mime-version; bh=icx8/ROiUGbXEvPXqjuw1B6ZehL0QY6lhCYqvdH4CJ8=; b=oLhuKMUDZTPhbmUdIjUli4O15laex9oUPvw8q+RBo8tHs/QqoX3Xp7eNKrcOdwoRgj CTSvnKBdPRV5AzyHa9Ph+J2pJXUMBVYyWyWqEgalf14yt0bRjXTM/7pAHfpw7Q+uIbiL 33QNNUqIspsaNpMS9WEJXAvmnNNr5qy30K5+v8uS8VZWt5K5Ob8jmkKLu0+xkYFQP5ce tL6ql8S4bXGRGysFVkHCQYmcksSkVsAEwI88cCrc1LM0hZM8U1mkD8i7xjMSFo5k7F0C zoieMk4kdr0z1whQR20AlbVd71+D3CprQ3O4LCAmYSTXbYgGgWvtpdZBBrMtPGrNA+O9 1qYg== X-Gm-Message-State: AOAM5333Fd9EW6TtMdywJwvhkciWYblB2VkGv3pHasIxIGLxs4YkSNgb mjSp0dhgJ+CphgGojfNLpiyN3w== X-Received: by 2002:a4a:c316:: with SMTP id c22mr7878829ooq.65.1616690015522; Thu, 25 Mar 2021 09:33:35 -0700 (PDT) Received: from eggly.attlocal.net (172-10-233-147.lightspeed.sntcca.sbcglobal.net. [172.10.233.147]) by smtp.gmail.com with ESMTPSA id h24sm1442657otg.20.2021.03.25.09.33.34 (version=TLS1 cipher=ECDHE-ECDSA-AES128-SHA bits=128/128); Thu, 25 Mar 2021 09:33:35 -0700 (PDT) Date: Thu, 25 Mar 2021 09:33:18 -0700 (PDT) From: Hugh Dickins X-X-Sender: hugh@eggly.anvils To: Borislav Petkov cc: Hugh Dickins , Babu Moger , Paolo Bonzini , Jim Mattson , Vitaly Kuznetsov , Wanpeng Li , kvm list , Joerg Roedel , the arch/x86 maintainers , LKML , Ingo Molnar , "H . Peter Anvin" , Thomas Gleixner , Makarand Sonare , Sean Christopherson Subject: Re: [PATCH] x86/tlb: Flush global mappings when KAISER is disabled In-Reply-To: <20210325102959.GD31322@zn.tnic> Message-ID: References: <2ca37e61-08db-3e47-f2b9-8a7de60757e6@amd.com> <20210311214013.GH5829@zn.tnic> <4a72f780-3797-229e-a938-6dc5b14bec8d@amd.com> <20210311235215.GI5829@zn.tnic> <20210324212139.GN5010@zn.tnic> <20210325095619.GC31322@zn.tnic> <20210325102959.GD31322@zn.tnic> User-Agent: Alpine 2.11 (LSU 23 2013-08-11) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 25 Mar 2021, Borislav Petkov wrote: > Ok, > > I tried to be as specific as possible in the commit message so that we > don't forget. Please lemme know if I've missed something. > > Babu, Jim, I'd appreciate it if you ran this to confirm. > > Thx. > > --- > From: Borislav Petkov > Date: Thu, 25 Mar 2021 11:02:31 +0100 > > Jim Mattson reported that Debian 9 guests using a 4.9-stable kernel > are exploding during alternatives patching: > > kernel BUG at /build/linux-dqnRSc/linux-4.9.228/arch/x86/kernel/alternative.c:709! > invalid opcode: 0000 [#1] SMP > Modules linked in: > CPU: 1 PID: 1 Comm: swapper/0 Not tainted 4.9.0-13-amd64 #1 Debian 4.9.228-1 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 > Call Trace: > swap_entry_free > swap_entry_free > text_poke_bp > swap_entry_free > arch_jump_label_transform > set_debug_rodata > __jump_label_update > static_key_slow_inc > frontswap_register_ops > init_zswap > init_frontswap > do_one_initcall > set_debug_rodata > kernel_init_freeable > rest_init > kernel_init > ret_from_fork > > triggering the BUG_ON in text_poke() which verifies whether patched > instruction bytes have actually landed at the destination. > > Further debugging showed that the TLB flush before that check is > insufficient because there could be global mappings left in the TLB, > leading to a stale mapping getting used. > > I say "global mappings" because the hardware configuration is a new one: > machine is an AMD, which means, KAISER/PTI doesn't need to be enabled > there, which also means there's no user/kernel pagetables split and > therefore the TLB can have global mappings. > > And the configuration is new one for a second reason: because that AMD > machine supports PCID and INVPCID, which leads the CPU detection code to > set the synthetic X86_FEATURE_INVPCID_SINGLE flag. > > Now, __native_flush_tlb_single() does invalidate global mappings when > X86_FEATURE_INVPCID_SINGLE is *not* set and returns. > > When X86_FEATURE_INVPCID_SINGLE is set, however, it invalidates the > requested address from both PCIDs in the KAISER-enabled case. But if > KAISER is not enabled and the machine has global mappings in the TLB, > then those global mappings do not get invalidated, which would lead to > the above mismatch from using a stale TLB entry. > > So make sure to flush those global mappings in the KAISER disabled case. > > Co-debugged by Babu Moger . > > Reported-by: Jim Mattson > Signed-off-by: Borislav Petkov > Link: https://lkml.kernel.org/r/CALMp9eRDSW66%2BXvbHVF4ohL7XhThoPoT0BrB0TcS0cgk=dkcBg@mail.gmail.com Acked-by: Hugh Dickins Great write-up too: many thanks. > --- > arch/x86/include/asm/tlbflush.h | 11 +++++++---- > 1 file changed, 7 insertions(+), 4 deletions(-) > > diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h > index f5ca15622dc9..2bfa4deb8cae 100644 > --- a/arch/x86/include/asm/tlbflush.h > +++ b/arch/x86/include/asm/tlbflush.h > @@ -245,12 +245,15 @@ static inline void __native_flush_tlb_single(unsigned long addr) > * ASID. But, userspace flushes are probably much more > * important performance-wise. > * > - * Make sure to do only a single invpcid when KAISER is > - * disabled and we have only a single ASID. > + * In the KAISER disabled case, do an INVLPG to make sure > + * the mapping is flushed in case it is a global one. > */ > - if (kaiser_enabled) > + if (kaiser_enabled) { > invpcid_flush_one(X86_CR3_PCID_ASID_USER, addr); > - invpcid_flush_one(X86_CR3_PCID_ASID_KERN, addr); > + invpcid_flush_one(X86_CR3_PCID_ASID_KERN, addr); > + } else { > + asm volatile("invlpg (%0)" ::"r" (addr) : "memory"); > + } > } > > static inline void __flush_tlb_all(void) > -- > 2.29.2 > > -- > Regards/Gruss, > Boris. > > https://people.kernel.org/tglx/notes-about-netiquette