On Tue, Nov 16, 2021 at 08:15:14PM +0100, Ondrej Zary wrote:
Backport of the following patch for 5.10-stable:
From b968e84b509da593c50dc3db679e1d33de701f78 Mon Sep 17 00:00:00 2001
From: Peter Zijlstra peterz@infradead.org Date: Fri, 17 Sep 2021 11:20:04 +0200
Since commit c8137ace5638 ("x86/iopl: Restrict iopl() permission scope") it's possible to emulate iopl(3) using ioperm(), except for the CLI/STI usage.
Userspace CLI/STI usage is very dubious (read broken), since any exception taken during that window can lead to rescheduling anyway (or worse). The IOPL(2) manpage even states that usage of CLI/STI is highly discouraged and might even crash the system.
Of course, that won't stop people and HP has the dubious honour of being the first vendor to be found using this in their hp-health package.
In order to enable this 'software' to still 'work', have the #GP treat the CLI/STI instructions as NOPs when iopl(3). Warn the user that their program is doing dubious things.
Fixes: a24ca9976843 ("x86/iopl: Remove legacy IOPL option") Reported-by: Ondrej Zary linux@zary.sk Signed-off-by: Peter Zijlstra (Intel) peterz@infradead.org Reviewed-by: Thomas Gleixner tglx@linutronix.de Link: https://lkml.kernel.org/r/20210918090641.GD5106@worktop.programming.kicks-as... Signed-off-by: Ondrej Zary linux@zary.sk
Now queued up, thanks.
greg k-h