Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5367b688 authored by Ben Hutchings's avatar Ben Hutchings Committed by H. Peter Anvin
Browse files

x86: Fix code patching for paravirt-alternatives on 486 

As reported in <http://bugs.debian.org/511703> and
<http://bugs.debian.org/515982

>, kernels with paravirt-alternatives
enabled crash in text_poke_early() on at least some 486-class
processors.

The problem is that text_poke_early() itself uses inline functions
affected by paravirt-alternatives and so will modify instructions that
have already been prefetched.  Pentium and later processors will
invalidate the prefetched instructions in this case, but 486-class
processors do not.

Change sync_core() to limit prefetching on 486-class (and 386-class)
processors, and move the call to sync_core() above the call to the
modifiable local_irq_restore().

Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
LKML-Reference: <1252547631.3423.134.camel@localhost>
Signed-off-by: default avatarH. Peter Anvin <hpa@zytor.com>
parent b19ae399

arch/x86/include/asm/processor.h

+13 −3
Original line number Diff line number Diff line
@@ -703,11 +703,21 @@ static inline void cpu_relax(void) 
	rep_nop();

}



/* Stop speculative execution: */

/* Stop speculative execution and prefetching of modified code. */

static inline void sync_core(void)

{

	int tmp;



#if defined(CONFIG_M386) || defined(CONFIG_M486)

	if (boot_cpu_data.x86 < 5)

		/* There is no speculative execution.

		 * jmp is a barrier to prefetching. */

		asm volatile("jmp 1f\n1:\n" ::: "memory");

	else

#endif

		/* cpuid is a barrier to speculative execution.

		 * Prefetched instructions are automatically

		 * invalidated when modified. */

		asm volatile("cpuid" : "=a" (tmp) : "0" (1)

			     : "ebx", "ecx", "edx", "memory");

}

arch/x86/kernel/alternative.c

+1 −1
Original line number Diff line number Diff line
@@ -490,8 +490,8 @@ void *text_poke_early(void *addr, const void *opcode, size_t len) 
	unsigned long flags;

	local_irq_save(flags);

	memcpy(addr, opcode, len);

	local_irq_restore(flags);

	sync_core();

	local_irq_restore(flags);

	/* Could also do a CLFLUSH here to speed up CPU recovery; but

	   that causes hangs on some VIA CPUs. */

	return addr;