• Mitchell Levy's avatar
    x86/fpu: Avoid writing LBR bit to IA32_XSS unless supported · 2848ff28
    Mitchell Levy authored
    There are two distinct CPU features related to the use of XSAVES and LBR:
    whether LBR is itself supported and whether XSAVES supports LBR. The LBR
    subsystem correctly checks both in intel_pmu_arch_lbr_init(), but the
    XSTATE subsystem does not.
    
    The LBR bit is only removed from xfeatures_mask_independent when LBR is not
    supported by the CPU, but there is no validation of XSTATE support.
    
    If XSAVES does not support LBR the write to IA32_XSS causes a #GP fault,
    leaving the state of IA32_XSS unchanged, i.e. zero. The fault is handled
    with a warning and the boot continues.
    
    Consequently the next XRSTORS which tries to restore supervisor state fails
    with #GP because the RFBM has zero for all supervisor features, which does
    not match the XCOMP_BV field.
    
    As XFEATURE_MASK_FPSTATE includes supervisor features setting up the FPU
    causes a #GP, which ends up in fpu_reset_from_exception_fixup(). That fails
    due to the same problem resulting in recursive #GPs until the kernel runs
    out of stack space and double faults.
    
    Prevent this by storing the supported independent features in
    fpu_kernel_cfg during XSTATE initialization and use that cached value for
    retrieving the independent feature bits to be written into IA32_XSS.
    
    [ tglx: Massaged change log ]
    
    Fixes: f0dccc9d ("x86/fpu/xstate: Support dynamic supervisor feature for LBR")
    Suggested-by: default avatarThomas Gleixner <tglx@linutronix.de>
    Signed-off-by: default avatarMitchell Levy <levymitchell0@gmail.com>
    Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
    Cc: stable@vger.kernel.org
    Link: https://lore.kernel.org/all/20240812-xsave-lbr-fix-v3-1-95bac1bf62f4@gmail.com
    2848ff28
xstate.c 51.2 KB