From nobody Sun May 24 22:42:32 2026
Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 56FCF3803DC;
	Wed, 20 May 2026 21:25:44 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=193.142.43.55
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1779312345; cv=none;
 b=BBeHy6WCep9TusZsVTuKaNevevxKV2IFN7tNysOx1NVoevBW/QMiqBKmI40k+U0nF2M+F2BY4ulXW86rJetieNEuc29SCtd3lRtKqmqoExumoMqKHde6h6HHJ0wKKMmk5pvN36Kb6vd4gTyzo6BbDtOL2hZe6L6AFdORcdzv724=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1779312345; c=relaxed/simple;
	bh=xX7Yr4+KFOWnvnCSONhra518Bu/xPPtz3Q6vwOtCBQ0=;
	h=Date:From:To:Subject:Cc:In-Reply-To:References:MIME-Version:
	 Message-ID:Content-Type;
 b=edbuldRFYykQ+eWeNqA7zyN9nqpHoY3ok0TcEV5F2tp2gjLJVQgg1uPEPSxEm/vfjFxS126rMXEi+xWAT3YIPisNVjWhjdLk93HWm9vUkM3XmMzdLm6DxA/i4fQZF+X7k99yae3YJXuatUQP6YQm2437tPEFcgAZlULEBZmcZLE=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=linutronix.de;
 spf=pass smtp.mailfrom=linutronix.de;
 dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de
 header.b=XaV3q73z;
 dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de
 header.b=m8mQ10jY; arc=none smtp.client-ip=193.142.43.55
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=linutronix.de
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=linutronix.de
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de
 header.b="XaV3q73z";
	dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de
 header.b="m8mQ10jY"
Date: Wed, 20 May 2026 21:25:40 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de;
	s=2020; t=1779312342;
	h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=jEmyDIR+qqzZbFKb8/u9/6a+WtzWIuJmUjp+MvTzzMw=;
	b=XaV3q73zBiItghAo4HEBzka9HZx4sdsxvH7hnP3YL4m+EQnvAA5aNYF0yl7sP4unGgJCW7
	LTXebI4bgmcOkKLW8LV7+5XbD4cWHjZidvXZuts+mSsr2ERKVHvIe4H7g71w/lVT9y76TP
	Dtk8W1MgUeTYet+a4HjxoQYrOAL4fql+rDA+ZGkRVqF8GLWh9HzsPNY1I1zvvrkIzOd9wJ
	2vHCAYux2ViZvBQcXKzffjzCUwchsqT0XyQ9pu9bggi1avj0qALpmHbeRQ+ybRk4M+iWnX
	H8bQcbim1l4kktlmkMEpBcJACcjUjf8l6gWqYktP2F1C8YQ4I78krcynf7QfbA==
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de;
	s=2020e; t=1779312342;
	h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=jEmyDIR+qqzZbFKb8/u9/6a+WtzWIuJmUjp+MvTzzMw=;
	b=m8mQ10jYrdIXktRf76C4hL/XSyHgbkuzrOPOATRqTCF8zs6kivrKmMwhedS9ioBaxkGHLC
	9zwjA5PXiUAiilDA==
From: "tip-bot2 for Tom Lendacky" <tip-bot2@linutronix.de>
Sender: tip-bot2@linutronix.de
Reply-to: linux-kernel@vger.kernel.org
To: linux-tip-commits@vger.kernel.org
Subject: 
 [tip: x86/urgent] x86/mm: Disable broadcast TLB flush when PCID is disabled
Cc: Dave Hansen <dave.hansen@intel.com>,
 Tom Lendacky <thomas.lendacky@amd.com>,
 "Borislav Petkov (AMD)" <bp@alien8.de>, Rik van Riel <riel@surriel.com>,
  <stable@kernel.org>, x86@kernel.org, linux-kernel@vger.kernel.org
In-Reply-To: =?utf-8?q?=3Cb915acfd63e8b2a094fdeb8dc608738072518764=2E1779296?=
 =?utf-8?q?450=2Egit=2Ethomas=2Elendacky=40amd=2Ecom=3E?=
References: =?utf-8?q?=3Cb915acfd63e8b2a094fdeb8dc608738072518764=2E17792964?=
 =?utf-8?q?50=2Egit=2Ethomas=2Elendacky=40amd=2Ecom=3E?=
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Message-ID: <177931234030.711.9297054216841465736.tip-bot2@tip-bot2>
Robot-ID: <tip-bot2@linutronix.de>
Robot-Unsubscribe: 
 Contact <mailto:tglx@kernel.org> to get blacklisted from these emails
Precedence: bulk
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

The following commit has been merged into the x86/urgent branch of tip:

Commit-ID:     44126343d58c68adaa8343fbf1c07dd20078c35e
Gitweb:        https://git.kernel.org/tip/44126343d58c68adaa8343fbf1c07dd20=
078c35e
Author:        Tom Lendacky <thomas.lendacky@amd.com>
AuthorDate:    Wed, 20 May 2026 12:00:50 -05:00
Committer:     Borislav Petkov (AMD) <bp@alien8.de>
CommitterDate: Wed, 20 May 2026 14:15:07 -07:00

x86/mm: Disable broadcast TLB flush when PCID is disabled

Booting with "nopcid" clears X86_FEATURE_PCID and keeps CR4.PCIDE from being
set to one. On AMD CPUs that support INVLPGB, broadcast TLB flushing remains
enabled.

There are two checks that decide whether the global ASID code runs,
mm_global_asid() and consider_global_asid(), that key off of the
X86_FEATURE_INVLPGB feature. Once an mm becomes active on more than three
CPUs, consider_global_asid() assigns it a global ASID, after which
flush_tlb_mm_range() takes the broadcast_tlb_flush() path using a non-zero
PCID. Issuing an INVLPGB with a non-zero PCID while CR4.PCIDE is not set
results in a #GP:

  Oops: general protection fault, kernel NULL pointer dereference 0x1: 0000=
 [#1] SMP NOPTI
  CPU: 158 UID: 0 PID: 3119 Comm: snap Not tainted 7.1.0-rc3 #1 PREEMPT(ful=
l)
  Hardware name: ...
  RIP: 0010:broadcast_tlb_flush
  Code: ... 89 da 48 83 c8 07 <0f> 01 fe eb 08 cc cc cc ...
  Call Trace:
   <TASK>
   flush_tlb_mm_range
   ptep_clear_flush
   wp_page_copy
   ? _raw_spin_unlock
   __handle_mm_fault
   handle_mm_fault
   do_user_addr_fault
   exc_page_fault
   asm_exc_page_fault

All processors that support broadcast TLB invalidation also have PCID suppo=
rt,
so it is only the "nopcid" scenario that is of concern. In this situation j=
ust
disable the broadcast TLB support using the CPUID dependency support by mak=
ing
X86_FEATURE_INVLPGB dependent on X86_FEATURE_PCID.

  [ bp: Massage commit message. ]

Fixes: 4afeb0ed1753 ("x86/mm: Enable broadcast TLB invalidation for multi-t=
hreaded processes")
Suggested-by: Dave Hansen <dave.hansen@intel.com>
Assisted-by: Claude:claude-opus-4.7
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Acked-by: Rik van Riel <riel@surriel.com>
Cc: <stable@kernel.org>
Link: https://patch.msgid.link/b915acfd63e8b2a094fdeb8dc608738072518764.177=
9296450.git.thomas.lendacky@amd.com
---
 arch/x86/kernel/cpu/cpuid-deps.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/arch/x86/kernel/cpu/cpuid-deps.c b/arch/x86/kernel/cpu/cpuid-d=
eps.c
index 146f6f8..99801e8 100644
--- a/arch/x86/kernel/cpu/cpuid-deps.c
+++ b/arch/x86/kernel/cpu/cpuid-deps.c
@@ -92,6 +92,7 @@ static const struct cpuid_dep cpuid_deps[] =3D {
 	{ X86_FEATURE_FRED,			X86_FEATURE_LKGS      },
 	{ X86_FEATURE_SPEC_CTRL_SSBD,		X86_FEATURE_SPEC_CTRL },
 	{ X86_FEATURE_LASS,			X86_FEATURE_SMAP      },
+	{ X86_FEATURE_INVLPGB,			X86_FEATURE_PCID      },
 	{}
 };
=20