linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Matthias Welwarsky <matthias.welwarsky@sysgo.com>
To: linux-kernel@vger.kernel.org
Subject: x86, possible bug in __memmove() alternatives patching
Date: Fri, 25 Mar 2022 09:51:09 +0100	[thread overview]
Message-ID: <3422754.iIbC2pHGDl@linux-3513> (raw)

Hi list,

I've come across an odd behavior that I'm not sure whether it counts as a bug.
I'm working on an x86 hypervisor at the moment and there was an odd problem 
with a linux guest system dying during booting, but only on an intel NUC11 
(i3-1115G4). It booted normally on any other system I tested on.

The guest was usin kernel version 5.10.89.

Now, the reason eventually turned out to be __memmove() getting broken when 
applying the alternatives. The CPU on the NUC11 has the FSRM feature, which 
enables a particular alternative in __memmove(). However, the code assumes 
that the ERMS feature is always present with FSRM, otherwise the function gets 
broken. Of course this is normally the case, a CPU without ERMS would never 
advertise FSRM.

However: in the function early_intel_setup(), the ERMS feature might get 
cleared depending on the IA32_MISC_ENABLE MSR: if fast string operations are 
disabled through this MSR, X86_FEATURE_ERMS is removed from the available set, 
but X86_FEATURE_FSRM is not removed.

Now, the hypervisor I'm working on emulates this MSR and in the particular 
case, fast string ops were reported as disabled, leading to the above 
mentioned inconsistency in __memmove().

The Intel SDM doesn't go into any details if disabling fast string ops through 
IA32_MISC_ENABLE will also clear FSRM from cpuid leaf 7, but I think that's 
not relevant for the linux kernel anyway because cpuid is parsed before MSRs 
are evaluated.

I know it's is probably a very rare case and Intel recommends having fast 
string ops enabled, hence the question: would this be considered a bug in the 
kernel that should be fixed? A potential fix could be to clear FSRM together 
with ERMS depending on IA32_MISC_ENABLE.


Mit freundlichen Grüßen/Best regards,

Matthias Welwarsky
Project Engineer

SYSGO GmbH
Office Mainz
Am Pfaffenstein 8 / D-55270 Klein-Winternheim / Germany
Phone: +49-6136-9948-0 / Fax: +49-6136-9948-10
E-mail: matthias.welwarsky@sysgo.com
_________________________________________________________________________________
Web: https://www.sysgo.com
Blog: https://www.sysgo.com/blog
Events: https://www.sysgo.com/events
Newsletter: https://www.sysgo.com/newsletter
_________________________________________________________________________________
Handelsregister/Commercial Registry: HRB Mainz 90 HRB 48884 
Geschäftsführung/Managing Directors: Etienne Butery (CEO), Kai Sablotny (COO) 
USt-Id-Nr./VAT-Id-No.: DE 149062328 

The protection of your personal data is important to us. Under the following 
link 
you can see the information in accordance with article 13 GDPR: 
https://www.sysgo.com/privacy_policy



             reply	other threads:[~2022-03-25  8:58 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-03-25  8:51 Matthias Welwarsky [this message]
2022-03-25 22:07 ` x86, possible bug in __memmove() alternatives patching Borislav Petkov
2022-03-26  4:45   ` Dave Hansen
2022-03-26  8:27     ` Borislav Petkov
2022-03-29 22:34       ` Dave Hansen
2022-03-26 11:39     ` Matthias Welwarsky
2022-03-29 22:33       ` Dave Hansen
2022-03-30 13:56         ` Matthias Welwarsky
2022-03-30 14:44           ` Dave Hansen
2022-03-30 14:54           ` Borislav Petkov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3422754.iIbC2pHGDl@linux-3513 \
    --to=matthias.welwarsky@sysgo.com \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).