| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 26 Jun 2024 15:39:20 +0800
From: Zhiquan Li <zhiquan1.li@...el.com>
To: tglx@...utronix.de,
mingo@...hat.com,
bp@...en8.de,
dave.hansen@...ux.intel.com,
kirill.shutemov@...ux.intel.com,
x86@...nel.org
Cc: rafael@...nel.org,
hpa@...or.com,
linux-acpi@...r.kernel.org,
linux-kernel@...r.kernel.org,
zhiquan1.li@...el.com
Subject: [PATCH] x86/acpi: fix panic while AP online later with kernel parameter maxcpus=1
The issue was found on the platform that using "Multiprocessor Wakeup
Structure"[1] to startup secondary CPU, which is usually used by
encrypted guest. When restrict boot time CPU to 1 with the kernel
parameter "maxcpus=1" and bring other CPUs online later, there will be
a kernel panic as below.
The variable acpi_mp_wake_mailbox to hold the virtual address of MP
Wakeup Structure mailbox will be set as readonly after initialization.
If the first AP is brought online laster, the attemption to update it
results in panic.
Not like the physical address of MP Wakeup Structure mailbox, the
readonly attribute is not necessary for its virtual address.
[1] Details about the MP Wakeup structure can be found in ACPI v6.4, in
the "Multiprocessor Wakeup Structure" section.
BUG: unable to handle page fault for address: ffffffff83086978
#PF: supervisor write access in kernel mode
#PF: error_code(0x0003) - permissions violation
PGD 3832067 P4D 3833067 PUD 3834063 PMD 80000000030001a1
Oops: Oops: 0003 [#1] PREEMPT SMP NOPTI
CPU: 0 PID: 175 Comm: systemd-udevd Not tainted 6.10.0-rc4+ #14
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS unknown 2/2/2022
RIP: 0010:acpi_wakeup_cpu+0xb2/0xe0
Call Trace:
<TASK>
? __die+0x20/0x70
? page_fault_oops+0x80/0x140
? exc_page_fault+0xdc/0x180
? asm_exc_page_fault+0x22/0x30
? _raw_read_unlock+0x18/0x40
? acpi_wakeup_cpu+0xb2/0xe0
do_boot_cpu+0xeb/0x1f0
native_kick_ap+0xcb/0x150
? __pfx_cpuhp_kick_ap_alive+0x10/0x10
cpuhp_invoke_callback+0x2d0/0x480
? __pfx_trace_rb_cpu_prepare+0x10/0x10
__cpuhp_invoke_callback_range+0x78/0xe0
cpuhp_up_callbacks+0x28/0x100
_cpu_up+0xb9/0x120
cpu_up+0x91/0xe0
cpu_subsys_online+0x4d/0xe0
device_online+0x5f/0x80
online_store+0x8f/0xc0
kernfs_fop_write_iter+0x125/0x1c0
vfs_write+0x35c/0x480
ksys_write+0x5f/0xe0
do_syscall_64+0x63/0x170
entry_SYSCALL_64_after_hwframe+0x76/0x7e
Signed-off-by: Zhiquan Li <zhiquan1.li@...el.com>
---
arch/x86/kernel/acpi/madt_wakeup.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/kernel/acpi/madt_wakeup.c b/arch/x86/kernel/acpi/madt_wakeup.c
index 6cfe762be28b..d5ef6215583b 100644
--- a/arch/x86/kernel/acpi/madt_wakeup.c
+++ b/arch/x86/kernel/acpi/madt_wakeup.c
@@ -19,7 +19,7 @@
static u64 acpi_mp_wake_mailbox_paddr __ro_after_init;
/* Virtual address of the Multiprocessor Wakeup Structure mailbox */
-static struct acpi_madt_multiproc_wakeup_mailbox *acpi_mp_wake_mailbox __ro_after_init;
+static struct acpi_madt_multiproc_wakeup_mailbox *acpi_mp_wake_mailbox;
static u64 acpi_mp_pgd __ro_after_init;
static u64 acpi_mp_reset_vector_paddr __ro_after_init;
base-commit: 4fe5c16f5e5e0bd1a71a5ac79b5870f91b6b8e81
--
2.25.1
Powered by blists - more mailing lists