[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20220923005827.1533380-1-dverkamp@chromium.org>
Date: Thu, 22 Sep 2022 17:58:27 -0700
From: Daniel Verkamp <dverkamp@...omium.org>
To: x86@...nel.org, linux-kernel@...r.kernel.org
Cc: Tony Luck <tony.luck@...el.com>, Borislav Petkov <bp@...e.de>,
Daniel Verkamp <dverkamp@...omium.org>, stable@...r.kernel.org
Subject: [PATCH] x86: also disable FSRM if ERMS is disabled
In the "Fast Short REP MOVSB" path of memmove, if we take the path where
the FSRM flag is enabled but the ERMS flag is not, there is no longer a
check for length >= 0x20 (both alternatives will be replaced with NOPs).
If a memmove() requiring a forward copy of less than 0x20 bytes happens
in this case, the `sub $0x20, %rdx` will cause the length to roll around
to a huge value and the copy will eventually hit a page fault.
This is not intended to happen, as the comment above the alternatives
mentions "FSRM implies ERMS".
However, there is a check in early_init_intel() that can disable ERMS,
so we should also be disabling FSRM in this path to maintain correctness
of the memmove() optimization.
Cc: stable@...r.kernel.org
Fixes: f444a5ff95dc ("x86/cpufeatures: Add support for fast short REP; MOVSB")
Signed-off-by: Daniel Verkamp <dverkamp@...omium.org>
---
arch/x86/kernel/cpu/intel.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c
index 2d7ea5480ec3..71b412f820c7 100644
--- a/arch/x86/kernel/cpu/intel.c
+++ b/arch/x86/kernel/cpu/intel.c
@@ -328,6 +328,7 @@ static void early_init_intel(struct cpuinfo_x86 *c)
pr_info("Disabled fast string operations\n");
setup_clear_cpu_cap(X86_FEATURE_REP_GOOD);
setup_clear_cpu_cap(X86_FEATURE_ERMS);
+ setup_clear_cpu_cap(X86_FEATURE_FSRM);
}
}
--
2.37.3.998.g577e59143f-goog
Powered by blists - more mailing lists