Commit 72a34cd0 authored Sep 12, 2024 by Andi Kleen Committed by Zeng Heng Sep 12, 2024

x86/mtrr: Check if fixed MTRRs exist before saving them

stable inclusion
from stable-v4.19.320
commit 34f36e6ee5bd7eff8b2adcd9fcaef369f752d82e
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAOXYQ
CVE: CVE-2024-44948

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=34f36e6ee5bd7eff8b2adcd9fcaef369f752d82e



--------------------------------

commit 919f18f961c03d6694aa726c514184f2311a4614 upstream.

MTRRs have an obsolete fixed variant for fine grained caching control
of the 640K-1MB region that uses separate MSRs. This fixed variant has
a separate capability bit in the MTRR capability MSR.

So far all x86 CPUs which support MTRR have this separate bit set, so it
went unnoticed that mtrr_save_state() does not check the capability bit
before accessing the fixed MTRR MSRs.

Though on a CPU that does not support the fixed MTRR capability this
results in a #GP.  The #GP itself is harmless because the RDMSR fault is
handled gracefully, but results in a WARN_ON().

Add the missing capability check to prevent this.

Fixes: 2b1f6278 ("[PATCH] x86: Save the MTRRs of the BSP before booting an AP")
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/all/20240808000244.946864-1-ak@linux.intel.com


Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Zeng Heng <zengheng4@huawei.com>

parent bf039567

arch/x86/kernel/cpu/mtrr/mtrr.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -819,7 +819,7 @@ void mtrr_save_state(void)
		{
		int first_cpu;

		if (!mtrr_enabled())
		if (!mtrr_enabled() \|\| !mtrr_state.have_fixed)
		return;

		first_cpu = cpumask_first(cpu_online_mask);