Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp303517rwb;
        Thu, 22 Sep 2022 18:36:47 -0700 (PDT)
X-Google-Smtp-Source: AMsMyM63ag+BrwRoNgkHuMCp20RlxhmV3eZYAeR1aybB9HqRmOHFtWjtSZs2MIP+Y7JdXsg38Cob
X-Received: by 2002:a63:86c6:0:b0:43a:bd68:5075 with SMTP id x189-20020a6386c6000000b0043abd685075mr5504190pgd.512.1663897007645;
        Thu, 22 Sep 2022 18:36:47 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1663897007; cv=none;
        d=google.com; s=arc-20160816;
        b=i44CKNI+Xm4Q5W2KRkepAlQtOePq1xF8GWLoxrIYh3doJlRWMDnjbEAp2NooDARBqw
         YLEoXRtPoPvbMKSSTdIDScGMwfleWoV2fioLM7mzEMCBg5lZXHSYukY/pWxNVfxjopfS
         /hY8SsCaAiawvHqT0sb2ylkCnnpa/UNL+SbOcTijA84K9gxAl5zRetOPH0zAoXhQltV8
         Qj4p+MGE7LuKx0A522LCzfnObDrJv9pLNNjzCZ4MizaUMLAMtjerwdtQXPUwl2hJBsQv
         zmZ/HTSICHZ0znc+Hh/PG2kX5INCQpZ0ISR89mWvWkt4H8Tc1vDKJuZkUN58PuUCVSwL
         C3pw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from:dkim-signature;
        bh=zUURCqFsPJ0++1UISwKVFigZFjRPyYFwg3WX49XZqB0=;
        b=VK6Tb7Pk6HR3w28PSmIPj86jzil+4TkT500wgLHvm7qVwiEp1GZ0JzIwOhwzq4m7MB
         KlXQF4kQhLwVnzDX3eHVxcmxMCLkE+SXtemS2c4GABDNAqnZfCePx4rjT2CnBQvHgomJ
         8o8AwG5KVU8f2HHtmwYRqxtYobIKQjjZeVyhN3LXDjXESDrQy9GxAyrfryrqkQib9p98
         4+rm0pSbJvE3lx8QVnBNXcAIGXz7IzC/qtWQc2iWjjdmabQPkzdQ2XTClgycfNhoTkEw
         4RSROy7LciLJR/D7jVKsc3H7P9dJL8Rog1eOoOON6FX5KDlHqi5E7Zz901VsoGGrIyNF
         2INQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@chromium.org header.s=google header.b=fm+3chTm;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id m1-20020a170902f64100b00172f8a4b3e1si1536929plg.81.2022.09.22.18.36.35;
        Thu, 22 Sep 2022 18:36:47 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@chromium.org header.s=google header.b=fm+3chTm;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229521AbiIWA7g (ORCPT <rfc822;andrey.bzh.r@gmail.com>
        + 99 others); Thu, 22 Sep 2022 20:59:36 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43732 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229552AbiIWA7e (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 22 Sep 2022 20:59:34 -0400
Received: from mail-pf1-x430.google.com (mail-pf1-x430.google.com [IPv6:2607:f8b0:4864:20::430])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 92897FD7
        for <linux-kernel@vger.kernel.org>; Thu, 22 Sep 2022 17:59:31 -0700 (PDT)
Received: by mail-pf1-x430.google.com with SMTP id a29so10916487pfk.5
        for <linux-kernel@vger.kernel.org>; Thu, 22 Sep 2022 17:59:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:from:to:cc:subject:date;
        bh=zUURCqFsPJ0++1UISwKVFigZFjRPyYFwg3WX49XZqB0=;
        b=fm+3chTmqI62okWG0kjgJIfWMf5N0zHMQ5ViiaK0O3QpRW1tfmCkPQdYvX1265kzMF
         4wG1JJFpAx6xkb/kl5ViWHvCXt80CcJBcOPRwA02jgctV554ZhijstpICZU0yycnCw8A
         bz1iym1Owjvo4okvjhR5qSfw0bd+24Ljukg2E=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:x-gm-message-state:from:to:cc:subject:date;
        bh=zUURCqFsPJ0++1UISwKVFigZFjRPyYFwg3WX49XZqB0=;
        b=wRePNeDKjIzTvJNCv8PEQBUoXd+ncmOqL8H6+u7ma01KbdItoHgA/Yr+MzndV/CJdJ
         JaXg1LjY9D9L9NUcZ3v5GWdUBluwda97n5RfKcNJgOB1P+19xPQnFn+E1MI3jzyH0ZdX
         vtu2eHD1h2V3hA61nCvsG4kuZb2zNx4tGlVwphS8YjOANhzePg2NyMaibP8p7TqWHHS4
         6lpADuAJdvaTLJe6lEiZc1cLaEHZS17GiSvyHRAGb0Ks1bnQVocAtXg1fHHm0iRC8jhp
         CfzNmH7ybMgA/fZhSpUBGmXqlnwvO/6TNGbcEP1/MLzsfuZa1T7Pjqluo51HvpZihyIA
         vhDw==
X-Gm-Message-State: ACrzQf09phItVzS/f+vYvQoCQRgq4w2QKWfL36/aUZC8Ff2Iu/BvTQdG
        ZxFnIx/GwiLUdCyvpVah4m+HcQ==
X-Received: by 2002:a63:1554:0:b0:43b:f03d:8651 with SMTP id 20-20020a631554000000b0043bf03d8651mr5269327pgv.422.1663894771119;
        Thu, 22 Sep 2022 17:59:31 -0700 (PDT)
Received: from localhost ([2620:15c:202:201:626:f1d5:7c9d:6576])
        by smtp.gmail.com with UTF8SMTPSA id e16-20020a056a0000d000b0053b208b55d1sm5066933pfj.85.2022.09.22.17.59.30
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Thu, 22 Sep 2022 17:59:30 -0700 (PDT)
From:   Daniel Verkamp <dverkamp@chromium.org>
To:     x86@kernel.org, linux-kernel@vger.kernel.org
Cc:     Tony Luck <tony.luck@intel.com>, Borislav Petkov <bp@suse.de>,
        Daniel Verkamp <dverkamp@chromium.org>, stable@vger.kernel.org
Subject: [PATCH] x86: also disable FSRM if ERMS is disabled
Date:   Thu, 22 Sep 2022 17:58:27 -0700
Message-Id: <20220923005827.1533380-1-dverkamp@chromium.org>
X-Mailer: git-send-email 2.37.3.998.g577e59143f-goog
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
        SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

In the "Fast Short REP MOVSB" path of memmove, if we take the path where
the FSRM flag is enabled but the ERMS flag is not, there is no longer a
check for length >= 0x20 (both alternatives will be replaced with NOPs).
If a memmove() requiring a forward copy of less than 0x20 bytes happens
in this case, the `sub $0x20, %rdx` will cause the length to roll around
to a huge value and the copy will eventually hit a page fault.

This is not intended to happen, as the comment above the alternatives
mentions "FSRM implies ERMS".

However, there is a check in early_init_intel() that can disable ERMS,
so we should also be disabling FSRM in this path to maintain correctness
of the memmove() optimization.

Cc: stable@vger.kernel.org
Fixes: f444a5ff95dc ("x86/cpufeatures: Add support for fast short REP; MOVSB")
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
---
 arch/x86/kernel/cpu/intel.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c
index 2d7ea5480ec3..71b412f820c7 100644
--- a/arch/x86/kernel/cpu/intel.c
+++ b/arch/x86/kernel/cpu/intel.c
@@ -328,6 +328,7 @@ static void early_init_intel(struct cpuinfo_x86 *c)
 			pr_info("Disabled fast string operations\n");
 			setup_clear_cpu_cap(X86_FEATURE_REP_GOOD);
 			setup_clear_cpu_cap(X86_FEATURE_ERMS);
+			setup_clear_cpu_cap(X86_FEATURE_FSRM);
 		}
 	}
 
-- 
2.37.3.998.g577e59143f-goog