| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <174188587437.14745.4194287281354290889.tip-bot2@tip-bot2>
Date: Thu, 13 Mar 2025 17:11:14 -0000
From: "tip-bot2 for Akihiro Suda" <tip-bot2@...utronix.de>
To: linux-tip-commits@...r.kernel.org
Cc: Akihiro Suda <akihiro.suda.cz@....ntt.co.jp>,
Ingo Molnar <mingo@...nel.org>, Dave Hansen <dave.hansen@...ux.intel.com>,
Linus Torvalds <torvalds@...ux-foundation.org>, x86@...nel.org,
linux-kernel@...r.kernel.org
Subject:
[tip: x86/urgent] x86/pkeys: Disable PKU when running on Apple Virtualization
The following commit has been merged into the x86/urgent branch of tip:
Commit-ID: 0457ee8d3da0e497c42ca68b7c3c70e9b39cba98
Gitweb: https://git.kernel.org/tip/0457ee8d3da0e497c42ca68b7c3c70e9b39cba98
Author: Akihiro Suda <suda.gitsendemail@...il.com>
AuthorDate: Wed, 12 Mar 2025 19:09:26 +09:00
Committer: Ingo Molnar <mingo@...nel.org>
CommitterDate: Thu, 13 Mar 2025 17:59:46 +01:00
x86/pkeys: Disable PKU when running on Apple Virtualization
Protection keys seem broken on Apple Virtualization, they produce this warning:
WARNING: CPU: 0 PID: 1 at arch/x86/kernel/fpu/xstate.c:1003 get_xsave_addr_user+0x28/0x40
(...)
Call Trace:
<TASK>
? get_xsave_addr_user+0x28/0x40
? __warn.cold+0x8e/0xea
? get_xsave_addr_user+0x28/0x40
? report_bug+0xff/0x140
? handle_bug+0x3b/0x70
? exc_invalid_op+0x17/0x70
? asm_exc_invalid_op+0x1a/0x20
? get_xsave_addr_user+0x28/0x40
copy_fpstate_to_sigframe+0x1be/0x380
? __put_user_8+0x11/0x20
get_sigframe+0xf1/0x280
x64_setup_rt_frame+0x67/0x2c0
arch_do_signal_or_restart+0x1b3/0x240
syscall_exit_to_user_mode+0xb0/0x130
do_syscall_64+0xab/0x1a0
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Work it around by applying a quirk: look up 'Apple Vz' in the
ACPI FADT table in setup_pku() and disabling PKU.
Tested on macOS 13.5.1 running on MacBook Pro 2020 with
Intel(R) Core(TM) i7-1068NG7 CPU @ 2.30GHz.
[ mingo: Fixed !ACPI build bug, updated the comments and the changelog. ]
Fixes: 70044df250d0 ("x86/pkeys: Update PKRU to enable all pkeys before XSAVE")
Signed-off-by: Akihiro Suda <akihiro.suda.cz@....ntt.co.jp>
Signed-off-by: Ingo Molnar <mingo@...nel.org>
Cc: Dave Hansen <dave.hansen@...ux.intel.com>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>
Link: https://github.com/lima-vm/lima/issues/3334
Link: https://lore.kernel.org/r/20250312100926.34954-1-akihiro.suda.cz@hco.ntt.co.jp
---
arch/x86/kernel/cpu/common.c | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index 7cce91b..c1bab70 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -26,6 +26,7 @@
#include <linux/pgtable.h>
#include <linux/stackprotector.h>
#include <linux/utsname.h>
+#include <linux/acpi.h>
#include <asm/alternative.h>
#include <asm/cmdline.h>
@@ -510,12 +511,23 @@ static __init int x86_nofsgsbase_setup(char *arg)
__setup("nofsgsbase", x86_nofsgsbase_setup);
/*
- * Protection Keys are not available in 32-bit mode.
+ * Protection Keys are not available in 32-bit mode and in
+ * certain virtual guest environments.
*/
static bool pku_disabled;
static __always_inline void setup_pku(struct cpuinfo_x86 *c)
{
+#ifdef CONFIG_ACPI
+ /*
+ * OSPKE seems broken on Apple Virtualization:
+ */
+ if (!memcmp(acpi_gbl_FADT.header.oem_table_id, "Apple Vz", 8)) {
+ pr_info("pku: disabled on Apple Virtualization platform (Intel) due to a bug\n");
+ pku_disabled = true;
+ }
+#endif
+
if (c == &boot_cpu_data) {
if (pku_disabled || !cpu_feature_enabled(X86_FEATURE_PKU))
return;
Powered by blists - more mailing lists