Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp1325244rwb; Fri, 23 Sep 2022 10:59:59 -0700 (PDT) X-Google-Smtp-Source: AMsMyM7e4igbbr3vu3ZcKn7QEnPR7NBq7IHAtzgfKdI+z9cKzeV4apBiHgKHAIXIvo3I2t2wQmLn X-Received: by 2002:a05:6a00:2181:b0:51b:560b:dd30 with SMTP id h1-20020a056a00218100b0051b560bdd30mr10449531pfi.44.1663955999563; Fri, 23 Sep 2022 10:59:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1663955999; cv=none; d=google.com; s=arc-20160816; b=CrTcQvuR90h1Ql++rgLMzzF2ogWnzaw1XYc/RiravdOANTIKe/Lp6Ht5pqWvZjnetp PQBgDSWpwAyxkyJRhMw3c4srzOk032kyAIOn8bwIKBGnA/LWa3/kScpo6oIrhFUnXTan k4tYK3mArITi2U2nv0+WseTuCiwSI/7xGUUrVnjQc4h486U3iyAAH5j62AlUSBLoeWbx tZQTzsDp9HWYB2BlICTrzb01odr6ZZVc9clbHbNqEQJ4gqKX+tCeg8wvcyQereKyMX5W bD8qrRPcHFP/MjPAXw8OfHzZ4BbdKNBTz7bnufv39QhQwbSay2citjlQlkvWkc3LWf2/ 1nrA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=Crb3s25Omqu1NAMWxHZm/yf1S27deYG0G+HS3v28Yio=; b=IALyrOU6OAL7fk2Lyr8gGkdRmoQW0syUQqrRZmqc2JXEo5qzXv/a6Knua71WFwU6xa xrEPPUh0mh1xa256AkWCKeS34MbfFW7HQ8R9Bu9Vl0bHHralDqeSndLsXr0vj/l1/tnu k8zvyu0/vUxgDPJTams0LKxHw8gFKOoNdb8FYHyp3HaIPm2b+V83sU/Z31oRNCol2EPm 6fYBzuYr7kIuTMooQUVGed1ECDCwywbP2vaOMZ4wPPg9L5TVRQU3MJPkcLsU6tL3KAIg ZVor2tsAunb4XIAu9BmCG94m9GG68U82W4tHbKoRjpp8S0xkt/bhJEHHrXa7waCKh/Qw HBlQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=FF14L68t; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 65-20020a630444000000b0043a107cd09esi10038376pge.377.2022.09.23.10.59.48; Fri, 23 Sep 2022 10:59:59 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=FF14L68t; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231218AbiIWRZi (ORCPT + 99 others); Fri, 23 Sep 2022 13:25:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36084 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229515AbiIWRZf (ORCPT ); Fri, 23 Sep 2022 13:25:35 -0400 Received: from mail-ej1-x62a.google.com (mail-ej1-x62a.google.com [IPv6:2a00:1450:4864:20::62a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AA966C9974 for ; Fri, 23 Sep 2022 10:25:34 -0700 (PDT) Received: by mail-ej1-x62a.google.com with SMTP id sb3so2078465ejb.9 for ; Fri, 23 Sep 2022 10:25:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date; bh=Crb3s25Omqu1NAMWxHZm/yf1S27deYG0G+HS3v28Yio=; b=FF14L68tVamaIMQiJeZWQgYZw39kd7bWTZap3dDOtHw7ZoVSg0M0OAN6/Ob/dPeGRu dAxapGSehv7iiwWcUPMvvF2aGZkvKEbGCjUxb81biAjzgP5n09odR+kq4YL1JTGXbA9D 4bAKDv3dbZ8SU4aVH4qs6Dlm+LMiW+EglP4vU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=Crb3s25Omqu1NAMWxHZm/yf1S27deYG0G+HS3v28Yio=; b=icDwSdTh7WBy6oH3SVc8sCNWDR8jf0777we3RHjyc3gbhaigODJdEaTzmyeUcHo0Fw S8vNNtW6UdOnmkJZQHwpGrQBCdG9Z62jcvLpg50JWl+5gbR8BYAKryiNdN4c2/Q/kGpq 4AYeLUzuq//Y0Gjtp3os4jjrVaDhb6Qs58HaqE/jwfpmY7DFWby+TOQ4LjaPV4KxnuWs dhnWKJqrDaBCfvqj5zEpxLN9bqN6bXVXDgIdCREv/qSI41PvPNL5srbIRpT+qvA7jF3A WZl5YutB5VERxvThqoZysYoBoILmFlI6KSOwLMUq7SEpQAmOXFyPI0PTKczVX2Zp9DBC bXgQ== X-Gm-Message-State: ACrzQf2zPMFy4ifRDWNzZr2cu6rZPUiCtCazUxRxQ7Z3J69R58Oo4jEO Wqo3NlTq4NSfser0mT+of++O9XGtllBHfA== X-Received: by 2002:a17:907:1c12:b0:782:a8d6:3f00 with SMTP id nc18-20020a1709071c1200b00782a8d63f00mr3130601ejc.187.1663953933076; Fri, 23 Sep 2022 10:25:33 -0700 (PDT) Received: from mail-ej1-f53.google.com (mail-ej1-f53.google.com. [209.85.218.53]) by smtp.gmail.com with ESMTPSA id r3-20020a1709067fc300b00780b1979adesm4222533ejs.218.2022.09.23.10.25.32 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 23 Sep 2022 10:25:32 -0700 (PDT) Received: by mail-ej1-f53.google.com with SMTP id hy2so2089329ejc.8 for ; Fri, 23 Sep 2022 10:25:32 -0700 (PDT) X-Received: by 2002:a17:907:75c5:b0:77a:fd9f:12d1 with SMTP id jl5-20020a17090775c500b0077afd9f12d1mr7985087ejc.82.1663953931699; Fri, 23 Sep 2022 10:25:31 -0700 (PDT) MIME-Version: 1.0 References: <20220923005827.1533380-1-dverkamp@chromium.org> In-Reply-To: From: Daniel Verkamp Date: Fri, 23 Sep 2022 10:25:05 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH] x86: also disable FSRM if ERMS is disabled To: Borislav Petkov Cc: x86@kernel.org, linux-kernel@vger.kernel.org, Tony Luck Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Sep 23, 2022 at 4:13 AM Borislav Petkov wrote: > > On Thu, Sep 22, 2022 at 05:58:27PM -0700, Daniel Verkamp wrote: > > In the "Fast Short REP MOVSB" path of memmove, if we take the path where > > the FSRM flag is enabled but the ERMS flag is not, there is no longer a > > check for length >= 0x20 (both alternatives will be replaced with NOPs). > > If a memmove() requiring a forward copy of less than 0x20 bytes happens > > in this case, the `sub $0x20, %rdx` will cause the length to roll around > > to a huge value and the copy will eventually hit a page fault. > > > > This is not intended to happen, as the comment above the alternatives > > mentions "FSRM implies ERMS". > > > > However, there is a check in early_init_intel() that can disable ERMS, > > so we should also be disabling FSRM in this path to maintain correctness > > of the memmove() optimization. > > Is this something you hit in a real-world scenario? If so, how exactly? > > Thx. Yes, we hit this in crosvm when booting the guest kernel with either OVMF or u-boot on an Intel 12th Gen CPU. The guest kernel boots fine when loaded directly (using the crosvm kernel loader and not running any firmware setup in the guest), but it crashes when booting with firmware inside the first forward memmove() after alternatives are set up (which happens to be in printk). I haven't gotten to the bottom of why exactly using firmware is causing this to be set up in an inconsistent way, but this is a real-world situation, not just a hypothetical. Now that I look at it with fresh eyes again, maybe we should instead directly patch the memmove FSRM alternative so that the flag-set version just does the same jmp as the ERMS one. I can prepare a patch for that instead of (or in addition to) this one if that sounds better. Thanks, -- Daniel