[PATCH] x86/cpu: Align the vmx_capability array to size of unsigned long

[Kai Huang]

A WARNING splat was triggered during system boot with a kernel built
with CONFIG_DEBUG_ATOMIC=y and CONFIG_DEBUG_ATOMIC_LARGEST_ALIGN=y on
one Intel platform:

  systemd[1]: DMI BIOS Extension table does not indicate virtualization.
  ------------[ cut here ]------------
  (unsigned long)v & mask
  WARNING: ./include/linux/instrumented.h:67 at show_cpuinfo+0x4e9/0x620, CPU#133: systemd/1
  ...
  RIP: 0010:show_cpuinfo+0x4e9/0x620
  ...
  Call Trace:
   <TASK>
   seq_read_iter+0x130/0x4b0
   ? rw_verify_area+0x15b/0x200
   vfs_read+0x224/0x350
   ksys_read+0x61/0xd0
   do_syscall_64+0x12c/0x1510

show_cpuinfo() calls test_bit() for each bit in the cpuinfo_x86's
vmx_capability array to print the supported VMX feature names in
/proc/cpuinfo.

Per Documentation/atomic_bitops.txt, test_bit() is an atomic bitops, and
it requires the provided address to be aligned to size of unsigned long.
Commit 80047d84eed2 ("atomic: add alignment check to instrumented atomic
operations") added the WARN() if the alignment check fails.

The vmx_capability is an array of type __u32 thus it's only naturally
aligned to 4-bytes, causing the above WARNING splat.

On x86, it is necessary to ensure the "true" atomic bitops only operate
on the address that is aligned to unsigned long, otherwise the atomic
instruction may end up crossing cacheline boundary, causing a full bus
lock.  If the kernel has enabled split lock detection, a full bus lock
can cause #AC split lock exception, resulting in kernel panic.

The cpuinfo_x86's x86_capability array once was only aligned to __u32
too.  The commit db8c33f8b5be ("x86/cpu: Align the x86_capability array
to size of unsigned long") changed the alignment for x86_capability in
order to support split lock detection in the kernel.

However, this particular WARNING splat caused by test_bit() is more like
a false positive, since test_bit() is a non-RMW operation and x86
implements it using BT (bit test) instruction, which can never be used
with LOCK prefix.  Except for the test_bit(), there's no other atomic
bitops is used to access vmx_capability array.

But it's still better to get rid of the WARNING.  For simplicity, align
the vmx_capability array to size of unsigned long, following the change
to x86_capability.

Note:

Commit 80047d84eed2 ("atomic: add alignment check to instrumented atomic
operations") was merged later than the vmx_capability was added.  And
there's no real harm here, hence no 'Fixes' tag.

Signed-off-by: Kai Huang <kai.huang@xxxxxxxxx>
---
 arch/x86/include/asm/processor.h | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h
index 10b5355b323e..7ef10f638161 100644
--- a/arch/x86/include/asm/processor.h
+++ b/arch/x86/include/asm/processor.h
@@ -150,7 +150,11 @@ struct cpuinfo_x86 {
 	int			x86_tlbsize;
 #endif
 #ifdef CONFIG_X86_VMX_FEATURE_NAMES
-	__u32			vmx_capability[NVMXINTS];
+	/* See the comment of 'x86_capability_alignment' below */
+	union {
+		__u32		vmx_capability[NVMXINTS];
+		unsigned long	vmx_capability_alignment;
+	};
 #endif
 	__u8			x86_virt_bits;
 	__u8			x86_phys_bits;

base-commit: fde794883717fd67a5521fa69881afd8c8979764
-- 
2.53.0