Received: by 10.223.164.202 with SMTP id h10csp1365428wrb; Wed, 15 Nov 2017 18:51:24 -0800 (PST) X-Google-Smtp-Source: AGs4zMbXBx9iFtwfAoIw8P/Dv++XyEsvylvcvZOI7+zrH1Qzy1inGLiCh1hcVWK7UC2DyOzRG5aw X-Received: by 10.99.160.96 with SMTP id u32mr194751pgn.25.1510800684854; Wed, 15 Nov 2017 18:51:24 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510800684; cv=none; d=google.com; s=arc-20160816; b=LUmn/2swVKiZKJ8kWA7irIyoZGqLRtJiT8DGnUQ23oXGnleXSj+zfpGgG0Zez6Ab+g j/q0eONoSCb5fRxvPUfnvmnuIAf0vT1OGXcSptbAli+5c18T+z+rDcCaHnI3cUGHpQjQ dsikfZ7RUea7sHfmj59fuA4EKv9Wau4dqomwW1DsCMc2BOrm7x91LoBFHImRqZk5Ge/Z fQ9peTnEwVFZ1vI8iPF8xS4RDRdKsk7CqifCacfHrRWLAMMXszaNmdKlfVVzjIg9+lpR FeCo6NIjIet8Sx5iUWFKhiqSGDkSMWxGS5ZKNYg4vIQLd1JDZ67KOlnneWgfcMiUTnqI b0zw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:from:cc:to:subject :content-transfer-encoding:mime-version:references:in-reply-to :user-agent:date:arc-authentication-results; bh=WVD07LuTHAXX42fDtf8+m26PI1vb6TiEHGWu4pJFoIE=; b=eV42WDWj9Mc/enurcnuOVWZH+m6d0pJthXhLVdeU1ffqhCgaDHW/04cnaNyf1TvLHY KwPlKQ/xKIEoFe/Z7YwB5j9nt24qrm1MjyPcILYyahRxK/r4vc4/Lgnaumx+9jn5LAUG B148GD1yu1NISvsnrlB2G/HhkyiUVLn51QuftzQkjwI0hcUw2G0Nmv+R/++V+K/fRlsx tvU/NqUFCBBcZDHgxrdrxHCz/dzYdKv+hWT9x277IalnM2QWdHvWqxxgxHlKVzwEOMCh n/DZacJykhu3zCS7Fl4C6H9KJBF96ktyjX0udCoX4YItO7vAmDDJXWRhoc5QJ0ifEgxA QIHA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y23si83476pfa.140.2017.11.15.18.51.12; Wed, 15 Nov 2017 18:51:24 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1759009AbdKOXzG convert rfc822-to-8bit (ORCPT + 89 others); Wed, 15 Nov 2017 18:55:06 -0500 Received: from terminus.zytor.com ([65.50.211.136]:43355 "EHLO mail.zytor.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753346AbdKOXzB (ORCPT ); Wed, 15 Nov 2017 18:55:01 -0500 Received: from [IPv6:2607:fb90:84b8:93bd:f1f0:9f38:5ace:aa08] ([172.58.72.18]) (authenticated bits=0) by mail.zytor.com (8.15.2/8.15.2) with ESMTPSA id vAFNmHuP020145 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 15 Nov 2017 15:48:18 -0800 Date: Wed, 15 Nov 2017 15:48:09 -0800 User-Agent: K-9 Mail for Android In-Reply-To: References: <2DE32618-CB44-43C7-BAFB-F6967248F97C@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8BIT Subject: Re: x86: CR4 update when IRQs are enabled To: Nadav Amit , Dave Hansen , Thomas Gleixner , Borislav Petkov , the arch/x86 maintainers , Andy Lutomirski CC: LKML From: hpa@zytor.com Message-ID: Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On November 15, 2017 3:31:50 PM PST, Nadav Amit wrote: >Ping? > >Nadav Amit wrote: > >> CC’ing more people, and adding a patch to clarify... >> >> Nadav Amit wrote: >> >>> I am puzzled by the comment in tlb_state.cr4 , which says: >>> >>> /* >>> * Access to this CR4 shadow and to H/W CR4 is protected by >>> * disabling interrupts when modifying either one. >>> */ >>> >>> This does not seem to be true and adding a warning to CR4 writes >when >>> !irqs_disabled() immediately fires in identify_cpu() and >>> __mcheck_cpu_init_generic(). While these two are called during boot, >I think >>> there other CR4 changes with enabled IRQs, for example, PR_SET_TSC. >>> >>> So my question(s): Is the comment correct? Is the current behavior >correct? >> >> So here is what I have in mind. I am not sure whether >CONFIG_DEBUG_PREEMPT is >> the right #ifdef. Let me know what you think. >> >> -- >8 -- >> >> Subject: [PATCH] x86: disable IRQs before changing CR4 >> >> CR4 changes need to be performed while IRQs are disabled in order to >> update the CR4 shadow and the actual register atomically. >> >> Signed-off-by: Nadav Amit >> --- >> arch/x86/include/asm/tlbflush.h | 18 ++++++++++++------ >> arch/x86/kernel/cpu/common.c | 13 ++++++++++++- >> arch/x86/kernel/cpu/mcheck/mce.c | 3 +++ >> arch/x86/kernel/cpu/mcheck/p5.c | 4 ++++ >> arch/x86/kernel/cpu/mcheck/winchip.c | 3 +++ >> arch/x86/kernel/process.c | 14 ++++++++++++-- >> 6 files changed, 46 insertions(+), 9 deletions(-) >> >> diff --git a/arch/x86/include/asm/tlbflush.h >b/arch/x86/include/asm/tlbflush.h >> index 50ea3482e1d1..bc70dd1cc7c6 100644 >> --- a/arch/x86/include/asm/tlbflush.h >> +++ b/arch/x86/include/asm/tlbflush.h >> @@ -89,6 +89,15 @@ static inline void cr4_init_shadow(void) >> this_cpu_write(cpu_tlbstate.cr4, __read_cr4()); >> } >> >> +static inline void update_cr4(unsigned long cr4) >> +{ >> +#ifdef CONFIG_DEBUG_PREEMPT >> + WARN_ON_ONCE(!irqs_disabled()); >> +#endif >> + this_cpu_write(cpu_tlbstate.cr4, cr4); >> + __write_cr4(cr4); >> +} >> + >> /* Set in this cpu's CR4. */ >> static inline void cr4_set_bits(unsigned long mask) >> { >> @@ -97,8 +106,7 @@ static inline void cr4_set_bits(unsigned long >mask) >> cr4 = this_cpu_read(cpu_tlbstate.cr4); >> if ((cr4 | mask) != cr4) { >> cr4 |= mask; >> - this_cpu_write(cpu_tlbstate.cr4, cr4); >> - __write_cr4(cr4); >> + update_cr4(cr4); >> } >> } >> >> @@ -110,8 +118,7 @@ static inline void cr4_clear_bits(unsigned long >mask) >> cr4 = this_cpu_read(cpu_tlbstate.cr4); >> if ((cr4 & ~mask) != cr4) { >> cr4 &= ~mask; >> - this_cpu_write(cpu_tlbstate.cr4, cr4); >> - __write_cr4(cr4); >> + update_cr4(cr4); >> } >> } >> >> @@ -121,8 +128,7 @@ static inline void cr4_toggle_bits(unsigned long >mask) >> >> cr4 = this_cpu_read(cpu_tlbstate.cr4); >> cr4 ^= mask; >> - this_cpu_write(cpu_tlbstate.cr4, cr4); >> - __write_cr4(cr4); >> + update_cr4(cr4); >> } >> >> /* Read the CR4 shadow. */ >> diff --git a/arch/x86/kernel/cpu/common.c >b/arch/x86/kernel/cpu/common.c >> index c8b39870f33e..82e6b41fd5e9 100644 >> --- a/arch/x86/kernel/cpu/common.c >> +++ b/arch/x86/kernel/cpu/common.c >> @@ -318,6 +318,8 @@ static bool pku_disabled; >> >> static __always_inline void setup_pku(struct cpuinfo_x86 *c) >> { >> + unsigned long flags; >> + >> /* check the boot processor, plus compile options for PKU: */ >> if (!cpu_feature_enabled(X86_FEATURE_PKU)) >> return; >> @@ -327,7 +329,10 @@ static __always_inline void setup_pku(struct >cpuinfo_x86 *c) >> if (pku_disabled) >> return; >> >> + local_irq_save(flags); >> cr4_set_bits(X86_CR4_PKE); >> + local_irq_restore(flags); >> + >> /* >> * Seting X86_CR4_PKE will cause the X86_FEATURE_OSPKE >> * cpuid bit to be set. We need to ensure that we >> @@ -1069,6 +1074,7 @@ static void validate_apic_and_package_id(struct >cpuinfo_x86 *c) >> */ >> static void identify_cpu(struct cpuinfo_x86 *c) >> { >> + unsigned long flags; >> int i; >> >> c->loops_per_jiffy = loops_per_jiffy; >> @@ -1121,9 +1127,14 @@ static void identify_cpu(struct cpuinfo_x86 >*c) >> /* Disable the PN if appropriate */ >> squash_the_stupid_serial_number(c); >> >> - /* Set up SMEP/SMAP */ >> + /* >> + * Set up SMEP/SMAP. Disable interrupts to prevent triggering a >warning >> + * as CR4 changes must be done with disabled interrupts. >> + */ >> + local_irq_save(flags); >> setup_smep(c); >> setup_smap(c); >> + local_irq_restore(flags); >> >> /* >> * The vendor-specific functions might have changed features. >> diff --git a/arch/x86/kernel/cpu/mcheck/mce.c >b/arch/x86/kernel/cpu/mcheck/mce.c >> index 3b413065c613..497c07e33c25 100644 >> --- a/arch/x86/kernel/cpu/mcheck/mce.c >> +++ b/arch/x86/kernel/cpu/mcheck/mce.c >> @@ -1508,6 +1508,7 @@ static void __mcheck_cpu_init_generic(void) >> { >> enum mcp_flags m_fl = 0; >> mce_banks_t all_banks; >> + unsigned long flags; >> u64 cap; >> >> if (!mca_cfg.bootlog) >> @@ -1519,7 +1520,9 @@ static void __mcheck_cpu_init_generic(void) >> bitmap_fill(all_banks, MAX_NR_BANKS); >> machine_check_poll(MCP_UC | m_fl, &all_banks); >> >> + local_irq_save(flags); >> cr4_set_bits(X86_CR4_MCE); >> + local_irq_restore(flags); >> >> rdmsrl(MSR_IA32_MCG_CAP, cap); >> if (cap & MCG_CTL_P) >> diff --git a/arch/x86/kernel/cpu/mcheck/p5.c >b/arch/x86/kernel/cpu/mcheck/p5.c >> index 2a0717bf8033..d5d4963415e9 100644 >> --- a/arch/x86/kernel/cpu/mcheck/p5.c >> +++ b/arch/x86/kernel/cpu/mcheck/p5.c >> @@ -42,6 +42,7 @@ static void pentium_machine_check(struct pt_regs >*regs, long error_code) >> /* Set up machine check reporting for processors with Intel style >MCE: */ >> void intel_p5_mcheck_init(struct cpuinfo_x86 *c) >> { >> + unsigned long flags; >> u32 l, h; >> >> /* Default P5 to off as its often misconnected: */ >> @@ -62,7 +63,10 @@ void intel_p5_mcheck_init(struct cpuinfo_x86 *c) >> pr_info("Intel old style machine check architecture supported.\n"); >> >> /* Enable MCE: */ >> + local_irq_save(flags); >> cr4_set_bits(X86_CR4_MCE); >> + local_irq_restore(flags); >> + >> pr_info("Intel old style machine check reporting enabled on >CPU#%d.\n", >> smp_processor_id()); >> } >> diff --git a/arch/x86/kernel/cpu/mcheck/winchip.c >b/arch/x86/kernel/cpu/mcheck/winchip.c >> index c6a722e1d011..6dd985e3849d 100644 >> --- a/arch/x86/kernel/cpu/mcheck/winchip.c >> +++ b/arch/x86/kernel/cpu/mcheck/winchip.c >> @@ -26,6 +26,7 @@ static void winchip_machine_check(struct pt_regs >*regs, long error_code) >> /* Set up machine check reporting on the Winchip C6 series */ >> void winchip_mcheck_init(struct cpuinfo_x86 *c) >> { >> + unsigned long flags; >> u32 lo, hi; >> >> machine_check_vector = winchip_machine_check; >> @@ -37,7 +38,9 @@ void winchip_mcheck_init(struct cpuinfo_x86 *c) >> lo &= ~(1<<4); /* Enable MCE */ >> wrmsr(MSR_IDT_FCR1, lo, hi); >> >> + local_irq_save(flags); >> cr4_set_bits(X86_CR4_MCE); >> + local_irq_restore(flags); >> >> pr_info("Winchip machine check reporting enabled on CPU#0.\n"); >> } >> diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c >> index 3ca198080ea9..09e44e784745 100644 >> --- a/arch/x86/kernel/process.c >> +++ b/arch/x86/kernel/process.c >> @@ -127,25 +127,35 @@ void flush_thread(void) >> >> void disable_TSC(void) >> { >> + unsigned long flags; >> + >> preempt_disable(); >> - if (!test_and_set_thread_flag(TIF_NOTSC)) >> + if (!test_and_set_thread_flag(TIF_NOTSC)) { >> /* >> * Must flip the CPU state synchronously with >> * TIF_NOTSC in the current running context. >> */ >> + local_irq_save(flags); >> cr4_set_bits(X86_CR4_TSD); >> + local_irq_restore(flags); >> + } >> preempt_enable(); >> } >> >> static void enable_TSC(void) >> { >> + unsigned long flags; >> + >> preempt_disable(); >> - if (test_and_clear_thread_flag(TIF_NOTSC)) >> + if (test_and_clear_thread_flag(TIF_NOTSC)) { >> /* >> * Must flip the CPU state synchronously with >> * TIF_NOTSC in the current running context. >> */ >> + local_irq_save(flags); >> cr4_clear_bits(X86_CR4_TSD); >> + local_irq_restore(flags); >> + } >> preempt_enable(); >> } This is wrong on at least two levels colon first of all, this should not be wrapped around the abstracted operations but put inside them if relevant. Second, I suspect that this is not at all a requirement but rather that as long as the hardware register is written second, I think we should always be safe. -- Sent from my Android device with K-9 Mail. Please excuse my brevity. From 1584183050742675141@xxx Thu Nov 16 01:11:27 +0000 2017 X-GM-THRID: 1583536401885830151 X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread