Re: [PATCH v2 1/1] x86/fred: Clear WFE in missing-ENDBRANCH #CPs

From: Xin Li
Date: Mon Nov 11 2024 - 21:55:06 EST

Next message: Tristram.Ha: "RE: [PATCH net-next 2/2] net: dsa: microchip: Add SGMII port support to KSZ9477 switch"
Previous message: Alexey Klimov: "[PATCH v5 4/4] arm64: dts: qcom: qrb4210-rb2: add HDMI audio playback support"
In reply to: Andrew Cooper: "Re: [PATCH v2 1/1] x86/fred: Clear WFE in missing-ENDBRANCH #CPs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 11/8/2024 12:53 PM, Andrew Cooper wrote:

Andrew,

can you please take another look?

After discussing with Dave on IRC, the ibt_clear_fred_wfe(regs); really
needs to be inside the ibt_selftest_noendbr path.

Sigh, I missed the discussion.

It's a selftest where we're deliberately trying to trigger #CP, and in
the one case where we're happy should we say "yeah, safe to clobber WFE
in the interrupted context" to let execution continue.

Clobbering WFE in any other circumstance is a security-relevant bug.

I think we also need to clear WFE when !ibt_fatal. No?

diff --git a/arch/x86/kernel/cet.c b/arch/x86/kernel/cet.c
index fb8f4238969e..69a34636811f 100644
--- a/arch/x86/kernel/cet.c
+++ b/arch/x86/kernel/cet.c
@@ -128,6 +128,7 @@ static void do_kernel_cp_fault(struct pt_regs *regs, unsigned long error_code)
if (!ibt_fatal) {
printk(KERN_DEFAULT CUT_HERE);
__warn(__FILE__, __LINE__, (void *)regs->ip, TAINT_WARN, regs, NULL);
+ ibt_clear_fred_wfe(regs);
return;
}
BUG();

Next message: Tristram.Ha: "RE: [PATCH net-next 2/2] net: dsa: microchip: Add SGMII port support to KSZ9477 switch"
Previous message: Alexey Klimov: "[PATCH v5 4/4] arm64: dts: qcom: qrb4210-rb2: add HDMI audio playback support"
In reply to: Andrew Cooper: "Re: [PATCH v2 1/1] x86/fred: Clear WFE in missing-ENDBRANCH #CPs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]