From: Borislav Petkov <bp@alien8.de>
To: x86@kernel.org
Cc: Nathan Chancellor <nathan@kernel.org>,
Yin Fengwei <fengwei.yin@intel.com>,
Carel Si <beibei.si@intel.com>, Joerg Roedel <jroedel@suse.de>,
LKML <linux-kernel@vger.kernel.org>,
lkp@lists.01.org, lkp@intel.com, bfields@fieldses.org,
llvm@lists.linux.dev, Nick Desaulniers <ndesaulniers@google.com>
Subject: [PATCH] x86/mm: Prevent early boot triple-faults with instrumentation
Date: Mon, 20 Dec 2021 12:00:06 +0100 [thread overview]
Message-ID: <YcBiNqhYrxBPZphJ@zn.tnic> (raw)
In-Reply-To: <Yb2/QCOExDEsj47w@zn.tnic>
From: Borislav Petkov <bp@suse.de>
Commit in Fixes added a global TLB flush on the early boot path, after
the kernel switches off of the trampoline page table.
Compiler profiling options add additional measurement code
which needs to be initialized prior to use. The global flush in
x86_64_start_kernel() happens before those initializations can happen,
leading to accessing invalid memory.
The second issue this fixes is with KASAN: for a similar reason,
kasan_early_init() needs to have happened before KASAN-instrumented
functions are called.
Therefore, reorder the flush to happen after the KASAN early init
and prevent the compilers from adding profiling instrumentation to
native_write_cr4().
Fixes: f154f290855b ("x86/mm/64: Flush global TLB on boot and AP bringup")
Reported-by: "J. Bruce Fields" <bfields@fieldses.org>
Reported-by: kernel test robot <oliver.sang@intel.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lore.kernel.org/r/20211209144141.GC25654@xsang-OptiPlex-9020
---
arch/x86/kernel/cpu/common.c | 2 +-
arch/x86/kernel/head64.c | 16 ++++++++++++++--
2 files changed, 15 insertions(+), 3 deletions(-)
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index 0083464de5e3..79b3d67addcc 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -384,7 +384,7 @@ void native_write_cr0(unsigned long val)
}
EXPORT_SYMBOL(native_write_cr0);
-void native_write_cr4(unsigned long val)
+void __no_profile native_write_cr4(unsigned long val)
{
unsigned long bits_changed = 0;
diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c
index 75acb6027a87..f5e80a8377ad 100644
--- a/arch/x86/kernel/head64.c
+++ b/arch/x86/kernel/head64.c
@@ -483,10 +483,12 @@ asmlinkage __visible void __init x86_64_start_kernel(char * real_mode_data)
/* Kill off the identity-map trampoline */
reset_early_page_tables();
- __native_tlb_flush_global(native_read_cr4());
-
clear_bss();
+ /*
+ * This needs to happen *before* kasan_early_init() because latter maps stuff
+ * into that page.
+ */
clear_page(init_top_pgt);
/*
@@ -498,6 +500,16 @@ asmlinkage __visible void __init x86_64_start_kernel(char * real_mode_data)
kasan_early_init();
+ /*
+ * Flush global TLB entries which could be left over from the trampoline page
+ * table.
+ *
+ * This needs to happen *after* kasan_early_init() as KASAN-enabled .configs
+ * instrument native_write_cr4() so KASAN must be initialized for that
+ * instrumentation to work.
+ */
+ __native_tlb_flush_global(this_cpu_read(cpu_tlbstate.cr4));
+
idt_setup_early_handler();
copy_bootdata(__va(real_mode_data));
--
2.29.2
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
WARNING: multiple messages have this Message-ID (diff)
From: Borislav Petkov <bp@alien8.de>
To: lkp@lists.01.org
Subject: [PATCH] x86/mm: Prevent early boot triple-faults with instrumentation
Date: Mon, 20 Dec 2021 12:00:06 +0100 [thread overview]
Message-ID: <YcBiNqhYrxBPZphJ@zn.tnic> (raw)
In-Reply-To: <Yb2/QCOExDEsj47w@zn.tnic>
[-- Attachment #1: Type: text/plain, Size: 2856 bytes --]
From: Borislav Petkov <bp@suse.de>
Commit in Fixes added a global TLB flush on the early boot path, after
the kernel switches off of the trampoline page table.
Compiler profiling options add additional measurement code
which needs to be initialized prior to use. The global flush in
x86_64_start_kernel() happens before those initializations can happen,
leading to accessing invalid memory.
The second issue this fixes is with KASAN: for a similar reason,
kasan_early_init() needs to have happened before KASAN-instrumented
functions are called.
Therefore, reorder the flush to happen after the KASAN early init
and prevent the compilers from adding profiling instrumentation to
native_write_cr4().
Fixes: f154f290855b ("x86/mm/64: Flush global TLB on boot and AP bringup")
Reported-by: "J. Bruce Fields" <bfields@fieldses.org>
Reported-by: kernel test robot <oliver.sang@intel.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lore.kernel.org/r/20211209144141.GC25654(a)xsang-OptiPlex-9020
---
arch/x86/kernel/cpu/common.c | 2 +-
arch/x86/kernel/head64.c | 16 ++++++++++++++--
2 files changed, 15 insertions(+), 3 deletions(-)
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index 0083464de5e3..79b3d67addcc 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -384,7 +384,7 @@ void native_write_cr0(unsigned long val)
}
EXPORT_SYMBOL(native_write_cr0);
-void native_write_cr4(unsigned long val)
+void __no_profile native_write_cr4(unsigned long val)
{
unsigned long bits_changed = 0;
diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c
index 75acb6027a87..f5e80a8377ad 100644
--- a/arch/x86/kernel/head64.c
+++ b/arch/x86/kernel/head64.c
@@ -483,10 +483,12 @@ asmlinkage __visible void __init x86_64_start_kernel(char * real_mode_data)
/* Kill off the identity-map trampoline */
reset_early_page_tables();
- __native_tlb_flush_global(native_read_cr4());
-
clear_bss();
+ /*
+ * This needs to happen *before* kasan_early_init() because latter maps stuff
+ * into that page.
+ */
clear_page(init_top_pgt);
/*
@@ -498,6 +500,16 @@ asmlinkage __visible void __init x86_64_start_kernel(char * real_mode_data)
kasan_early_init();
+ /*
+ * Flush global TLB entries which could be left over from the trampoline page
+ * table.
+ *
+ * This needs to happen *after* kasan_early_init() as KASAN-enabled .configs
+ * instrument native_write_cr4() so KASAN must be initialized for that
+ * instrumentation to work.
+ */
+ __native_tlb_flush_global(this_cpu_read(cpu_tlbstate.cr4));
+
idt_setup_early_handler();
copy_bootdata(__va(real_mode_data));
--
2.29.2
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
next prev parent reply other threads:[~2021-12-20 11:00 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-09 14:41 [x86/mm/64] f154f29085: BUG:kernel_reboot-without-warning_in_boot_stage kernel test robot
2021-12-09 14:41 ` kernel test robot
2021-12-14 16:38 ` Borislav Petkov
2021-12-14 16:38 ` Borislav Petkov
2021-12-15 7:00 ` [LKP] " Carel Si
2021-12-15 7:00 ` Carel Si
2021-12-15 10:05 ` [LKP] " Borislav Petkov
2021-12-15 10:05 ` Borislav Petkov
2021-12-16 7:04 ` [LKP] " Yin Fengwei
2021-12-16 7:04 ` Yin Fengwei
2021-12-16 10:06 ` [LKP] " Borislav Petkov
2021-12-16 10:06 ` Borislav Petkov
2021-12-16 11:58 ` [LKP] " Carel Si
2021-12-16 11:58 ` Carel Si
2021-12-16 12:21 ` [LKP] " Yin Fengwei
2021-12-16 12:21 ` Yin Fengwei
2021-12-17 12:52 ` [LKP] Re: [x86/mm/64] f154f29085: BUG:kernel_reboot-without-warning_in_boot_stage - clang KCOV? Borislav Petkov
2021-12-17 12:52 ` Borislav Petkov
2021-12-17 18:04 ` [LKP] " Nathan Chancellor
2021-12-17 18:04 ` Nathan Chancellor
2021-12-18 11:00 ` [LKP] " Borislav Petkov
2021-12-18 11:00 ` Borislav Petkov
2021-12-20 11:00 ` Borislav Petkov [this message]
2021-12-20 11:00 ` [PATCH] x86/mm: Prevent early boot triple-faults with instrumentation Borislav Petkov
2021-12-18 10:39 ` [LKP] Re: [x86/mm/64] f154f29085: BUG:kernel_reboot-without-warning_in_boot_stage - clang KCOV? Yin Fengwei
2021-12-18 10:39 ` Yin Fengwei
2021-12-18 11:01 ` [LKP] " Borislav Petkov
2021-12-18 11:01 ` Borislav Petkov
2021-12-20 1:51 ` [LKP] " Yin Fengwei
2021-12-20 1:51 ` Yin Fengwei
2021-12-21 14:31 ` [LKP] " Carel Si
2021-12-21 14:31 ` Carel Si
2021-12-21 15:10 ` [LKP] " Marco Elver
2021-12-21 15:10 ` Marco Elver
2021-12-21 15:22 ` [LKP] " Borislav Petkov
2021-12-21 15:22 ` Borislav Petkov
2022-01-05 2:35 ` [LKP] " Yin Fengwei
2022-01-05 2:35 ` Yin Fengwei
2022-01-05 11:36 ` [LKP] " Borislav Petkov
2022-01-05 11:36 ` Borislav Petkov
2022-01-05 12:47 ` [LKP] " Yin Fengwei
2022-01-05 12:47 ` Yin Fengwei
2022-01-05 15:21 ` [LKP] " Borislav Petkov
2022-01-05 15:21 ` Borislav Petkov
2022-01-06 6:56 ` [LKP] " Yin Fengwei
2022-01-06 6:56 ` Yin Fengwei
2021-12-21 15:14 ` [LKP] " Borislav Petkov
2021-12-21 15:14 ` Borislav Petkov
2021-12-22 10:59 ` [tip: x86/mm] x86/mm: Prevent early boot triple-faults with instrumentation tip-bot2 for Borislav Petkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YcBiNqhYrxBPZphJ@zn.tnic \
--to=bp@alien8.de \
--cc=beibei.si@intel.com \
--cc=bfields@fieldses.org \
--cc=fengwei.yin@intel.com \
--cc=jroedel@suse.de \
--cc=linux-kernel@vger.kernel.org \
--cc=lkp@intel.com \
--cc=lkp@lists.01.org \
--cc=llvm@lists.linux.dev \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.