lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 27 Feb 2015 10:59:52 -0800
From:	Linus Torvalds <torvalds@...ux-foundation.org>
To:	Steven Rostedt <rostedt@...dmis.org>
Cc:	LKML <linux-kernel@...r.kernel.org>,
	Andy Lutomirski <luto@...capital.net>,
	Thomas Gleixner <tglx@...utronix.de>,
	"Peter Zijlstra (Intel)" <peterz@...radead.org>,
	Ingo Molnar <mingo@...nel.org>
Subject: Re: [REGRESSION][4.0-rc1] My i386 fails to do CPU hotplug

On Fri, Feb 27, 2015 at 9:52 AM, Steven Rostedt <rostedt@...dmis.org> wrote:
>
> Interesting that the fault happened at "<0f> 01 d1" and that matches:
>
> static inline void xsetbv(u32 index, u64 value)

Xsetbv is only available to CPU's that support xsave, and if
cr.osxsave is set (BIT 18). But you have CR4: 000000b0

Considering that xstate_enable() looks like this:

        cr4_set_bits(X86_CR4_OSXSAVE);
        xsetbv(XCR_XFEATURE_ENABLED_MASK, pcntxt_mask);

I think it's safe to say that cr4_set_bits() is buggered.

Your "Code:" line actually gives the whole disassembly:

   0: 64 8b 15 88 d0 43 c1 mov    %fs:0xc143d088,%edx
   7: 89 d0                 mov    %edx,%eax
   9: 0d 00 00 04 00       or     $0x40000,%eax
   e: 55                   push   %ebp
   f: 39 d0                 cmp    %edx,%eax
  11: 89 e5                 mov    %esp,%ebp
  13: 74 09                 je     0x1e
  15: 64 a3 88 d0 43 c1     mov    %eax,%fs:0xc143d088
  1b: 0f 22 e0             mov    %eax,%cr4
  1e: 8b 15 3c c9 44 c1     mov    0xc144c93c,%edx
  24: 31 c9                 xor    %ecx,%ecx
  26: a1 38 c9 44 c1       mov    0xc144c938,%eax
  2b:* 0f 01 d1             xsetbv <-- trapping instruction
  2e: 5d                   pop    %ebp
  2f: c3                   ret

and that actually looks right (setting bit 18 in the cached copy,
writing it back to cr4 if it's different), which makes me suspect that
the problem is that the cached copy was garbage.

Presumably there is some initialization missing - I suspect that the
cached value of cr4 is from the *previous* time the CPU was up, and we
don't correctly initialize the cached copy at early CPU bringup.

Andy, over to you,

                         Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ