From nobody Fri Dec 19 16:21:29 2025
Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6120C13C9CF;
	Sun, 25 Aug 2024 14:29:45 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=193.142.43.55
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1724596186; cv=none;
 b=Qzx/foHmwpKqVYDNf+691IJvg8FPiFwmrHihB/6W8Axkh9tMBPOblGDhpq205s3JutUiiRDILp7/25kQOZWUMwpwqrXyUkrcCR1wX7x9V1DL1ATGVNK19SMLt8kUdTssB/njixGY0BD/x3Skte02MVgIWryxfLRjOdCSfk2/yyk=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1724596186; c=relaxed/simple;
	bh=hCKBzifBehPjzgwtA4UpPN4BIlOg03rM5CczhS3Xj5A=;
	h=Date:From:To:Subject:Cc:In-Reply-To:References:MIME-Version:
	 Message-ID:Content-Type;
 b=iPrRqGI2YEvVzw+EgOT4qItsI+3Ot+hyoiYQE8ohXBse378J1vDk8QjouidFo4Jq3h2u1x6DOCTo8qCx3MWNVXwHdtgZqKPjt27qD+D6WsmxAvch21nmqsd48riZ90OIMNs27B6Wtnd+Z7+4XzgcXMzN09OSHrfMROkvp1aaVdU=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=linutronix.de;
 spf=pass smtp.mailfrom=linutronix.de;
 dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de
 header.b=ADHf4fZW;
 dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de
 header.b=1HDyfy0c; arc=none smtp.client-ip=193.142.43.55
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=linutronix.de
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=linutronix.de
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de
 header.b="ADHf4fZW";
	dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de
 header.b="1HDyfy0c"
Date: Sun, 25 Aug 2024 14:29:43 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de;
	s=2020; t=1724596183;
	h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=vqp+ex3qOfMli02dkGkk9kM1N2f1BhsQPGpwAhvj5QM=;
	b=ADHf4fZWzxn3BL8YIW/WRTnSGOeIQzLGzl+RQGEGlDPOJyvJ3lsYvsdMYCT4X4CqNiSylj
	b7v9DyTv3bZw9fP0b4q2XkkozW47mPi2xlHhCaDDeb6ZmrmBVcEpsLas1Ava1MOhftrrpg
	BCsYLQBlAcf5tbrDM8dNDbbHvNywcdbJXyGgollpwgx+GxgjLjqEWwdYLRxTw+VTi+A813
	0eJmKtoyA5w9oBNjA8oVBjbdU8e1SenhMktNJ5P27xmnirBycTEy1TQZLb0a4ErZmkykQQ
	V2XK33G1rsFsZ7dtYJSHO0nPpidt2deVbqV/pcMDY+L74xyfAEQwa6C16eIy6g==
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de;
	s=2020e; t=1724596183;
	h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=vqp+ex3qOfMli02dkGkk9kM1N2f1BhsQPGpwAhvj5QM=;
	b=1HDyfy0cdWy8wgvBYe4+pxoLCYUyHyUDN8DbtmtSuCIFKZNlbFiO5W+8wcGC3IQLbxjVlO
	zBr3G2gO85HZaEAQ==
From: "tip-bot2 for Xin Li (Intel)" <tip-bot2@linutronix.de>
Sender: tip-bot2@linutronix.de
Reply-to: linux-kernel@vger.kernel.org
To: linux-tip-commits@vger.kernel.org
Subject: [tip: x86/fred] x86/fred: Set SS to __KERNEL_DS when enabling FRED
Cc: "Xin Li (Intel)" <xin@zytor.com>, Thomas Gleixner <tglx@linutronix.de>,
 x86@kernel.org, linux-kernel@vger.kernel.org
In-Reply-To: <20240816104316.2276968-1-xin@zytor.com>
References: <20240816104316.2276968-1-xin@zytor.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Message-ID: <172459618303.2215.9606006283032900098.tip-bot2@tip-bot2>
Robot-ID: <tip-bot2@linutronix.de>
Robot-Unsubscribe: 
 Contact <mailto:tglx@linutronix.de> to get blacklisted from these emails
Precedence: bulk
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

The following commit has been merged into the x86/fred branch of tip:

Commit-ID:     723edbd2ca5fb4c78ac4a5644511c63895fd1c57
Gitweb:        https://git.kernel.org/tip/723edbd2ca5fb4c78ac4a5644511c6389=
5fd1c57
Author:        Xin Li (Intel) <xin@zytor.com>
AuthorDate:    Fri, 16 Aug 2024 03:43:16 -07:00
Committer:     Thomas Gleixner <tglx@linutronix.de>
CommitterDate: Sun, 25 Aug 2024 16:24:52 +02:00

x86/fred: Set SS to __KERNEL_DS when enabling FRED

SS is initialized to NULL during boot time and not explicitly set to
__KERNEL_DS.

With FRED enabled, if a kernel event is delivered before a CPU goes to
user level for the first time, its SS is NULL thus NULL is pushed into
the SS field of the FRED stack frame.  But before ERETS is executed,
the CPU may context switch to another task and go to user level.  Then
when the CPU comes back to kernel mode, SS is changed to __KERNEL_DS.
Later when ERETS is executed to return from the kernel event handler,
a #GP fault is generated because SS doesn't match the SS saved in the
FRED stack frame.

Initialize SS to __KERNEL_DS when enabling FRED to prevent that.

Note, IRET doesn't check if SS matches the SS saved in its stack frame,
thus IDT doesn't have this problem.  For IDT it doesn't matter whether
SS is set to __KERNEL_DS or not, because it's set to NULL upon interrupt
or exception delivery and __KERNEL_DS upon SYSCALL.  Thus it's pointless
to initialize SS for IDT.

Signed-off-by: Xin Li (Intel) <xin@zytor.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lore.kernel.org/all/20240816104316.2276968-1-xin@zytor.com

---
 arch/x86/kernel/fred.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/arch/x86/kernel/fred.c b/arch/x86/kernel/fred.c
index 99a134f..266c69e 100644
--- a/arch/x86/kernel/fred.c
+++ b/arch/x86/kernel/fred.c
@@ -26,6 +26,20 @@ void cpu_init_fred_exceptions(void)
 	/* When FRED is enabled by default, remove this log message */
 	pr_info("Initialize FRED on CPU%d\n", smp_processor_id());
=20
+	/*
+	 * If a kernel event is delivered before a CPU goes to user level for
+	 * the first time, its SS is NULL thus NULL is pushed into the SS field
+	 * of the FRED stack frame.  But before ERETS is executed, the CPU may
+	 * context switch to another task and go to user level.  Then when the
+	 * CPU comes back to kernel mode, SS is changed to __KERNEL_DS.  Later
+	 * when ERETS is executed to return from the kernel event handler, a #GP
+	 * fault is generated because SS doesn't match the SS saved in the FRED
+	 * stack frame.
+	 *
+	 * Initialize SS to __KERNEL_DS when enabling FRED to avoid such #GPs.
+	 */
+	loadsegment(ss, __KERNEL_DS);
+
 	wrmsrl(MSR_IA32_FRED_CONFIG,
 	       /* Reserve for CALL emulation */
 	       FRED_CONFIG_REDZONE |