Received: by 10.223.164.202 with SMTP id h10csp542214wrb;
        Wed, 8 Nov 2017 22:30:33 -0800 (PST)
X-Google-Smtp-Source: ABhQp+S62fuJYt4sP4/sAJU8yxYtXfiikzY28Lw/yVduEGEokso/XQce26FiNZW4PWf/JTwyaYd2
X-Received: by 10.98.89.82 with SMTP id n79mr3056779pfb.133.1510209033155;
        Wed, 08 Nov 2017 22:30:33 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1510209033; cv=none;
        d=google.com; s=arc-20160816;
        b=BVL9iduh4P54MKgvvAMpnne17yt5wTj44LpPPg8G4YbNtJQ+ayH/tmErqMv24PCj5y
         9HDTXaIcwRZX+YNEFAO+4bl33Clgltf4xl3mmdofSMst1cJQV7/dovxeX+6enhRMlUMI
         Csde7KO9fDqTkoJdCpEImQAS9fS/gwjR2UCoOo3RRV4AtEqV0kCtu05hpqreXaqQs7QJ
         +YeNNNo2ygX7AAUgdTuxFK6ytYDDyqltngBy7Pi3D+rCdaFAfOLVEuEfO6KAn7nn2ADZ
         c8qd7aZ8ChQHLcegcvjoZMjujq/T6HBtpupK5py1/oIMUCSE3wSIHIK4uY083E0mT67/
         Ty6Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:to:references:message-id
         :content-transfer-encoding:cc:date:in-reply-to:from:subject
         :mime-version:dkim-signature:arc-authentication-results;
        bh=lK5fJWcXA5dK0g5eLf8NYY8QsbuHy3Q8lhlqhBpMbOA=;
        b=D37s1VgW/Cy2H6Ltu2bHTIWsZyY9kcS35v3R5iACk31FXuo9hKs5yZqWkID0nDVUSt
         BPjPzb8stRbfk19xIGMwaDYGBxuUZx1oj5ZD6bnke0Q8HgMluAF9eJFeCrq7S+hRR8h6
         SfrAI/k+cBxdKt3fnIrpM/2WuRqkRkylKGx2FA88SHMS4xIn/+mq/tAFCYTYeXDppwGq
         ifZQlup+7zCpZSQdavgJwwfkG27WSj3igO/wyVM7IX7egGycuMeg5q58NTQVDg/50m5d
         3Pl7/xfsQws/wpl3TaPqEVnnpWZpFNeUeapqkXE7P7hmqHH2Fp9a9unu6JbtS2Rx9YQF
         YYgA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=k0CFalXO;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id y69si5975948pfb.303.2017.11.08.22.30.22;
        Wed, 08 Nov 2017 22:30:33 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=k0CFalXO;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752431AbdKIG3k (ORCPT <rfc822;zjuysxie86@gmail.com>
        + 82 others); Thu, 9 Nov 2017 01:29:40 -0500
Received: from mail-pf0-f193.google.com ([209.85.192.193]:48520 "EHLO
        mail-pf0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1750736AbdKIG3i (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 9 Nov 2017 01:29:38 -0500
Received: by mail-pf0-f193.google.com with SMTP id b79so3604274pfk.5
        for <linux-kernel@vger.kernel.org>; Wed, 08 Nov 2017 22:29:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:subject:from:in-reply-to:date:cc
         :content-transfer-encoding:message-id:references:to;
        bh=lK5fJWcXA5dK0g5eLf8NYY8QsbuHy3Q8lhlqhBpMbOA=;
        b=k0CFalXOsNyGW5QBNn2M93EE4pC/7A5dn4iDLEfEwUEFBSQXfnULX1ImHbf/NONRcg
         fP3R3yCmVl0ALWaPqfB0FSJvjX9JnLIjtg5cuYvgEyJ65X8IzWyETBTVMrGASSqXwdZm
         rMveH09TNBw09bMspx2RpyA1P9xtUJlMtEGuHDeQCmHaq2sUV+9iUnB+iHW09aJyRh6K
         Ki5V+RLQqObBURV5k7qAxqsG9jCy55dP4E4nvnGxsdYxJmqlz8P0CBCQ5fB7o09jtfie
         HsPnclUuiSM5S7iReh6/OL2hcDYr63d0VI3FGsa1NyL9MCShPMo5rDk7h7IqRPoLGnac
         D18w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc
         :content-transfer-encoding:message-id:references:to;
        bh=lK5fJWcXA5dK0g5eLf8NYY8QsbuHy3Q8lhlqhBpMbOA=;
        b=ckAUZMvLQ67q2O1A9sAYsyfogj8gXQzU8831xJ7ooBMunkoBSx4jKqde3+up/U8yUU
         Rqj8IRfQmndEAY3SEZLOeL3j34APk15K/nRd59OtHBRxs3iD8fVTz1Nqeew+DH0HJobI
         tySaNjg1Rc5L3FbfkAL8BYtTS2OIRcwr6zzs6yPZrXykLgEd2dgXSRs08No/qXLldPRJ
         fuiva2fhwrvK3VxTqyEYbuL6JllQ27LodSKPgymr3wCFozIg8AEXrTx9Ba6TeplpWTGF
         /uFjL20yv+bJ17dVJ9W+zbruJCziXEzMOFakGvTDbGdlORNykpx0IzVSGf4HpJwVx6gT
         r61Q==
X-Gm-Message-State: AJaThX7krB+zQts3vGtXXMCGpBxrYIMyqiW/yPtyxXzAiUwJ+Z46Q858
        wCYHDg9mcroxGLfSOMAS0Gg=
X-Received: by 10.101.67.73 with SMTP id k9mr2855341pgq.188.1510208977445;
        Wed, 08 Nov 2017 22:29:37 -0800 (PST)
Received: from [10.2.44.15] ([208.91.2.2])
        by smtp.gmail.com with ESMTPSA id z17sm11128072pfd.124.2017.11.08.22.29.35
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 08 Nov 2017 22:29:36 -0800 (PST)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Subject: Re: x86: CR4 update when IRQs are enabled
From:   Nadav Amit <nadav.amit@gmail.com>
In-Reply-To: <E7DBFC7E-3904-483A-89E1-56EC17F14EF1@gmail.com>
Date:   Wed, 8 Nov 2017 22:29:34 -0800
Cc:     LKML <linux-kernel@vger.kernel.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <2DE32618-CB44-43C7-BAFB-F6967248F97C@gmail.com>
References: <E7DBFC7E-3904-483A-89E1-56EC17F14EF1@gmail.com>
To:     Dave Hansen <dave.hansen@linux.intel.com>,
        "H. Peter Anvin" <hpa@zytor.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Borislav Petkov <bp@alien8.de>,
        the arch/x86 maintainers <x86@kernel.org>,
        Andy Lutomirski <luto@kernel.org>
X-Mailer: Apple Mail (2.3273)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

CC=E2=80=99ing more people, and adding a patch to clarify...

Nadav Amit <nadav.amit@gmail.com> wrote:

> I am puzzled by the comment in tlb_state.cr4 , which says:
>=20
>        /*
>         * Access to this CR4 shadow and to H/W CR4 is protected by
>         * disabling interrupts when modifying either one.
>         */
>=20
> This does not seem to be true and adding a warning to CR4 writes when
> !irqs_disabled() immediately fires in identify_cpu() and
> __mcheck_cpu_init_generic(). While these two are called during boot, I =
think
> there other CR4 changes with enabled IRQs, for example, PR_SET_TSC.
>=20
> So my question(s): Is the comment correct? Is the current behavior =
correct?

So here is what I have in mind. I am not sure whether =
CONFIG_DEBUG_PREEMPT is
the right #ifdef. Let me know what you think.
=20
-- >8 --

Subject: [PATCH] x86: disable IRQs before changing CR4

CR4 changes need to be performed while IRQs are disabled in order to
update the CR4 shadow and the actual register atomically.

Signed-off-by: Nadav Amit <namit@vmware.com>
---
 arch/x86/include/asm/tlbflush.h      | 18 ++++++++++++------
 arch/x86/kernel/cpu/common.c         | 13 ++++++++++++-
 arch/x86/kernel/cpu/mcheck/mce.c     |  3 +++
 arch/x86/kernel/cpu/mcheck/p5.c      |  4 ++++
 arch/x86/kernel/cpu/mcheck/winchip.c |  3 +++
 arch/x86/kernel/process.c            | 14 ++++++++++++--
 6 files changed, 46 insertions(+), 9 deletions(-)

diff --git a/arch/x86/include/asm/tlbflush.h =
b/arch/x86/include/asm/tlbflush.h
index 50ea3482e1d1..bc70dd1cc7c6 100644
--- a/arch/x86/include/asm/tlbflush.h
+++ b/arch/x86/include/asm/tlbflush.h
@@ -89,6 +89,15 @@ static inline void cr4_init_shadow(void)
 	this_cpu_write(cpu_tlbstate.cr4, __read_cr4());
 }
=20
+static inline void update_cr4(unsigned long cr4)
+{
+#ifdef CONFIG_DEBUG_PREEMPT
+	WARN_ON_ONCE(!irqs_disabled());
+#endif
+	this_cpu_write(cpu_tlbstate.cr4, cr4);
+	__write_cr4(cr4);
+}
+
 /* Set in this cpu's CR4. */
 static inline void cr4_set_bits(unsigned long mask)
 {
@@ -97,8 +106,7 @@ static inline void cr4_set_bits(unsigned long mask)
 	cr4 =3D this_cpu_read(cpu_tlbstate.cr4);
 	if ((cr4 | mask) !=3D cr4) {
 		cr4 |=3D mask;
-		this_cpu_write(cpu_tlbstate.cr4, cr4);
-		__write_cr4(cr4);
+		update_cr4(cr4);
 	}
 }
=20
@@ -110,8 +118,7 @@ static inline void cr4_clear_bits(unsigned long =
mask)
 	cr4 =3D this_cpu_read(cpu_tlbstate.cr4);
 	if ((cr4 & ~mask) !=3D cr4) {
 		cr4 &=3D ~mask;
-		this_cpu_write(cpu_tlbstate.cr4, cr4);
-		__write_cr4(cr4);
+		update_cr4(cr4);
 	}
 }
=20
@@ -121,8 +128,7 @@ static inline void cr4_toggle_bits(unsigned long =
mask)
=20
 	cr4 =3D this_cpu_read(cpu_tlbstate.cr4);
 	cr4 ^=3D mask;
-	this_cpu_write(cpu_tlbstate.cr4, cr4);
-	__write_cr4(cr4);
+	update_cr4(cr4);
 }
=20
 /* Read the CR4 shadow. */
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index c8b39870f33e..82e6b41fd5e9 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -318,6 +318,8 @@ static bool pku_disabled;
=20
 static __always_inline void setup_pku(struct cpuinfo_x86 *c)
 {
+	unsigned long flags;
+
 	/* check the boot processor, plus compile options for PKU: */
 	if (!cpu_feature_enabled(X86_FEATURE_PKU))
 		return;
@@ -327,7 +329,10 @@ static __always_inline void setup_pku(struct =
cpuinfo_x86 *c)
 	if (pku_disabled)
 		return;
=20
+	local_irq_save(flags);
 	cr4_set_bits(X86_CR4_PKE);
+	local_irq_restore(flags);
+
 	/*
 	 * Seting X86_CR4_PKE will cause the X86_FEATURE_OSPKE
 	 * cpuid bit to be set.  We need to ensure that we
@@ -1069,6 +1074,7 @@ static void validate_apic_and_package_id(struct =
cpuinfo_x86 *c)
  */
 static void identify_cpu(struct cpuinfo_x86 *c)
 {
+	unsigned long flags;
 	int i;
=20
 	c->loops_per_jiffy =3D loops_per_jiffy;
@@ -1121,9 +1127,14 @@ static void identify_cpu(struct cpuinfo_x86 *c)
 	/* Disable the PN if appropriate */
 	squash_the_stupid_serial_number(c);
=20
-	/* Set up SMEP/SMAP */
+	/*
+	 * Set up SMEP/SMAP. Disable interrupts to prevent triggering a =
warning
+	 * as CR4 changes must be done with disabled interrupts.
+	 */
+	local_irq_save(flags);
 	setup_smep(c);
 	setup_smap(c);
+	local_irq_restore(flags);
=20
 	/*
 	 * The vendor-specific functions might have changed features.
diff --git a/arch/x86/kernel/cpu/mcheck/mce.c =
b/arch/x86/kernel/cpu/mcheck/mce.c
index 3b413065c613..497c07e33c25 100644
--- a/arch/x86/kernel/cpu/mcheck/mce.c
+++ b/arch/x86/kernel/cpu/mcheck/mce.c
@@ -1508,6 +1508,7 @@ static void __mcheck_cpu_init_generic(void)
 {
 	enum mcp_flags m_fl =3D 0;
 	mce_banks_t all_banks;
+	unsigned long flags;
 	u64 cap;
=20
 	if (!mca_cfg.bootlog)
@@ -1519,7 +1520,9 @@ static void __mcheck_cpu_init_generic(void)
 	bitmap_fill(all_banks, MAX_NR_BANKS);
 	machine_check_poll(MCP_UC | m_fl, &all_banks);
=20
+	local_irq_save(flags);
 	cr4_set_bits(X86_CR4_MCE);
+	local_irq_restore(flags);
=20
 	rdmsrl(MSR_IA32_MCG_CAP, cap);
 	if (cap & MCG_CTL_P)
diff --git a/arch/x86/kernel/cpu/mcheck/p5.c =
b/arch/x86/kernel/cpu/mcheck/p5.c
index 2a0717bf8033..d5d4963415e9 100644
--- a/arch/x86/kernel/cpu/mcheck/p5.c
+++ b/arch/x86/kernel/cpu/mcheck/p5.c
@@ -42,6 +42,7 @@ static void pentium_machine_check(struct pt_regs =
*regs, long error_code)
 /* Set up machine check reporting for processors with Intel style MCE: =
*/
 void intel_p5_mcheck_init(struct cpuinfo_x86 *c)
 {
+	unsigned long flags;
 	u32 l, h;
=20
 	/* Default P5 to off as its often misconnected: */
@@ -62,7 +63,10 @@ void intel_p5_mcheck_init(struct cpuinfo_x86 *c)
 	pr_info("Intel old style machine check architecture =
supported.\n");
=20
 	/* Enable MCE: */
+	local_irq_save(flags);
 	cr4_set_bits(X86_CR4_MCE);
+	local_irq_restore(flags);
+
 	pr_info("Intel old style machine check reporting enabled on =
CPU#%d.\n",
 		smp_processor_id());
 }
diff --git a/arch/x86/kernel/cpu/mcheck/winchip.c =
b/arch/x86/kernel/cpu/mcheck/winchip.c
index c6a722e1d011..6dd985e3849d 100644
--- a/arch/x86/kernel/cpu/mcheck/winchip.c
+++ b/arch/x86/kernel/cpu/mcheck/winchip.c
@@ -26,6 +26,7 @@ static void winchip_machine_check(struct pt_regs =
*regs, long error_code)
 /* Set up machine check reporting on the Winchip C6 series */
 void winchip_mcheck_init(struct cpuinfo_x86 *c)
 {
+	unsigned long flags;
 	u32 lo, hi;
=20
 	machine_check_vector =3D winchip_machine_check;
@@ -37,7 +38,9 @@ void winchip_mcheck_init(struct cpuinfo_x86 *c)
 	lo &=3D ~(1<<4);	/* Enable MCE */
 	wrmsr(MSR_IDT_FCR1, lo, hi);
=20
+	local_irq_save(flags);
 	cr4_set_bits(X86_CR4_MCE);
+	local_irq_restore(flags);
=20
 	pr_info("Winchip machine check reporting enabled on CPU#0.\n");
 }
diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
index 3ca198080ea9..09e44e784745 100644
--- a/arch/x86/kernel/process.c
+++ b/arch/x86/kernel/process.c
@@ -127,25 +127,35 @@ void flush_thread(void)
=20
 void disable_TSC(void)
 {
+	unsigned long flags;
+
 	preempt_disable();
-	if (!test_and_set_thread_flag(TIF_NOTSC))
+	if (!test_and_set_thread_flag(TIF_NOTSC)) {
 		/*
 		 * Must flip the CPU state synchronously with
 		 * TIF_NOTSC in the current running context.
 		 */
+		local_irq_save(flags);
 		cr4_set_bits(X86_CR4_TSD);
+		local_irq_restore(flags);
+	}
 	preempt_enable();
 }
=20
 static void enable_TSC(void)
 {
+	unsigned long flags;
+
 	preempt_disable();
-	if (test_and_clear_thread_flag(TIF_NOTSC))
+	if (test_and_clear_thread_flag(TIF_NOTSC)) {
 		/*
 		 * Must flip the CPU state synchronously with
 		 * TIF_NOTSC in the current running context.
 		 */
+		local_irq_save(flags);
 		cr4_clear_bits(X86_CR4_TSD);
+		local_irq_restore(flags);
+	}
 	preempt_enable();
 }


From 1583536401885830151@xxx Wed Nov 08 21:53:15 +0000 2017
X-GM-THRID: 1583536401885830151
X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread