From: Dave Hansen dave.hansen@linux.intel.com
PTI uses separate ASIDs (aka. PCIDs) for kernel and user address spaces. When the kernel needs to flush the user address space, it just sets a bit in a bitmap and then flushes the entire PCID on the next switch to userspace.
But, this bitmap is a single 'unsigned long' which is plenty for all 6 dynamic ASIDs. But, unfortunately, the INVLPGB support brings along a bunch more user ASIDs, as many as ~2k more. The bitmap can't address that many.
Fortunately, the bitmap is only needed for PTI and all the CPUs with INVLPGB are AMD CPUs that aren't vulnerable to Meltdown and don't need PTI. The only way someone can run into an issue in practice is by booting with pti=on on a newer AMD CPU.
Disable INVLPGB if PTI is enabled. Avoid overrunning the small bitmap.
Note: this will be fixed up properly by making the bitmap bigger. For now, just avoid the mostly theoretical bug.
Signed-off-by: Dave Hansen dave.hansen@linux.intel.com Fixes: 4afeb0ed1753 ("x86/mm: Enable broadcast TLB invalidation for multi-threaded processes") Cc: stable@vger.kernel.org Cc: Rik van Riel riel@surriel.com Cc: Borislav Petkov (AMD) bp@alien8.de Cc: Ingo Molnar mingo@kernel.org Cc: Nadav Amit nadav.amit@gmail.com Cc: Andy Lutomirski luto@kernel.org Cc: Peter Zijlstra peterz@infradead.org ---
b/arch/x86/mm/pti.c | 5 +++++ 1 file changed, 5 insertions(+)
diff -puN arch/x86/mm/pti.c~no-INVLPGB-plus-KPTI arch/x86/mm/pti.c --- a/arch/x86/mm/pti.c~no-INVLPGB-plus-KPTI 2025-06-10 15:02:14.439554339 -0700 +++ b/arch/x86/mm/pti.c 2025-06-10 15:09:47.713198206 -0700 @@ -98,6 +98,11 @@ void __init pti_check_boottime_disable(v return;
setup_force_cpu_cap(X86_FEATURE_PTI); + + if (cpu_feature_enabled(X86_FEATURE_INVLPGB)) { + pr_debug("PTI enabled, disabling INVLPGB\n"); + setup_clear_cpu_cap(X86_FEATURE_INVLPGB); + } }
static int __init pti_parse_cmdline(char *arg) _
On Tue, 2025-06-10 at 15:24 -0700, Dave Hansen wrote:
Disable INVLPGB if PTI is enabled. Avoid overrunning the small bitmap.
Note: this will be fixed up properly by making the bitmap bigger. For now, just avoid the mostly theoretical bug.
Does that mean the patch to make the bitmap bigger is a dependency that needs to be in place before the RAR code (hoping to send out v4 later this week) can be merged?
Signed-off-by: Dave Hansen dave.hansen@linux.intel.com Fixes: 4afeb0ed1753 ("x86/mm: Enable broadcast TLB invalidation for multi-threaded processes")
Acked-by: Rik van Riel riel@surriel.com
On 6/10/25 17:43, Rik van Riel wrote:
On Tue, 2025-06-10 at 15:24 -0700, Dave Hansen wrote:
Disable INVLPGB if PTI is enabled. Avoid overrunning the small bitmap.
Note: this will be fixed up properly by making the bitmap bigger. For now, just avoid the mostly theoretical bug.
Does that mean the patch to make the bitmap bigger is a dependency that needs to be in place before the RAR code (hoping to send out v4 later this week) can be merged?
That's what I was thinking. Your series to fix this all up properly from last week looks like the right way. It just seems like a wee bit more work than I want to see getting backported. It's not a huge lift, though.
linux-stable-mirror@lists.linaro.org
-
Dave Hansen -
Dave Hansen -
Rik van Riel