This is a note to let you know that I've just added the patch titled
x86,perf: Disable intel_bts when PTI
to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git%3Ba=su...
The filename of the patch is: x86-perf-disable-intel_bts-when-pti.patch and it can be found in the queue-4.14 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree, please let stable@vger.kernel.org know about it.
From 99a9dc98ba52267ce5e062b52de88ea1f1b2a7d8 Mon Sep 17 00:00:00 2001
From: Peter Zijlstra peterz@infradead.org Date: Sun, 14 Jan 2018 11:27:13 +0100 Subject: x86,perf: Disable intel_bts when PTI MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit
From: Peter Zijlstra peterz@infradead.org
commit 99a9dc98ba52267ce5e062b52de88ea1f1b2a7d8 upstream.
The intel_bts driver does not use the 'normal' BTS buffer which is exposed through the cpu_entry_area but instead uses the memory allocated for the perf AUX buffer.
This obviously comes apart when using PTI because then the kernel mapping; which includes that AUX buffer memory; disappears. Fixing this requires to expose a mapping which is visible in all context and that's not trivial.
As a quick fix disable this driver when PTI is enabled to prevent malfunction.
Fixes: 385ce0ea4c07 ("x86/mm/pti: Add Kconfig") Reported-by: Vince Weaver vincent.weaver@maine.edu Reported-by: Robert Święcki robert@swiecki.net Signed-off-by: Peter Zijlstra (Intel) peterz@infradead.org Signed-off-by: Thomas Gleixner tglx@linutronix.de Cc: Alexander Shishkin alexander.shishkin@linux.intel.com Cc: greg@kroah.com Cc: hughd@google.com Cc: luto@amacapital.net Cc: Vince Weaver vince@deater.net Cc: torvalds@linux-foundation.org Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/20180114102713.GB6166@worktop.programming.kicks-as... Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
--- arch/x86/events/intel/bts.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+)
--- a/arch/x86/events/intel/bts.c +++ b/arch/x86/events/intel/bts.c @@ -582,6 +582,24 @@ static __init int bts_init(void) if (!boot_cpu_has(X86_FEATURE_DTES64) || !x86_pmu.bts) return -ENODEV;
+ if (boot_cpu_has(X86_FEATURE_PTI)) { + /* + * BTS hardware writes through a virtual memory map we must + * either use the kernel physical map, or the user mapping of + * the AUX buffer. + * + * However, since this driver supports per-CPU and per-task inherit + * we cannot use the user mapping since it will not be availble + * if we're not running the owning process. + * + * With PTI we can't use the kernal map either, because its not + * there when we run userspace. + * + * For now, disable this driver when using PTI. + */ + return -ENODEV; + } + bts_pmu.capabilities = PERF_PMU_CAP_AUX_NO_SG | PERF_PMU_CAP_ITRACE | PERF_PMU_CAP_EXCLUSIVE; bts_pmu.task_ctx_nr = perf_sw_context;
Patches currently in stable-queue which might be from peterz@infradead.org are
queue-4.14/x86-spectre-add-boot-time-option-to-select-spectre-v2-mitigation.patch queue-4.14/x86-retpoline-irq32-convert-assembler-indirect-jumps.patch queue-4.14/objtool-detect-jumps-to-retpoline-thunks.patch queue-4.14/x86-pti-unbreak-efi-old_memmap.patch queue-4.14/x86-cpufeatures-add-x86_bug_spectre_v.patch queue-4.14/x86-retpoline-hyperv-convert-assembler-indirect-jumps.patch queue-4.14/membarrier-disable-preemption-when-calling-smp_call_function_many.patch queue-4.14/x86-mm-pti-remove-dead-logic-in-pti_user_pagetable_walk.patch queue-4.14/x86-retpoline-entry-convert-entry-assembler-indirect-jumps.patch queue-4.14/x86-pti-fix-pcid-and-sanitize-defines.patch queue-4.14/x86-cpu-amd-make-lfence-a-serializing-instruction.patch queue-4.14/x86-retpoline-ftrace-convert-ftrace-assembler-indirect-jumps.patch queue-4.14/objtool-allow-alternatives-to-be-ignored.patch queue-4.14/x86-cpu-implement-cpu-vulnerabilites-sysfs-functions.patch queue-4.14/x86-retpoline-crypto-convert-crypto-assembler-indirect-jumps.patch queue-4.14/selftests-x86-add-test_vsyscall.patch queue-4.14/x86-retpoline-xen-convert-xen-hypercall-indirect-jumps.patch queue-4.14/x86-retpoline-checksum32-convert-assembler-indirect-jumps.patch queue-4.14/x86-pti-make-unpoison-of-pgd-for-trusted-boot-work-for-real.patch queue-4.14/sysfs-cpu-add-vulnerability-folder.patch queue-4.14/x86-retpoline-fill-return-stack-buffer-on-vmexit.patch queue-4.14/x86-retpoline-remove-compile-time-warning.patch queue-4.14/x86-alternatives-fix-optimize_nops-checking.patch queue-4.14/x86-cpu-amd-use-lfence_rdtsc-in-preference-to-mfence_rdtsc.patch queue-4.14/x86-retpoline-add-initial-retpoline-support.patch queue-4.14/x86-perf-disable-intel_bts-when-pti.patch