Bug 821463
| Summary: | SEP CPU flag is disabled on Intel 64 bit when exec_shield is on | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Orit Wasserman <owasserm> |
| Component: | kernel | Assignee: | Larry Woodman <lwoodman> |
| Status: | CLOSED ERRATA | QA Contact: | Petr Beňas <pbenas> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.3 | CC: | arozansk, ehabkost, hhuang, juzhang, kzhang, pbenas, pbonzini, pmatouse, pstehlik, tburke |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | kernel-2.6.32-315.el6 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-02-21 06:12:47 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 821741 | ||
What is really the effect of the bug? The kernel only uses X86_FEATURE_SEP in 32-bit mode.
In 64-bit mode, sysenter/sysexit are assumed to be present on all Intel CPUs.
arch/x86/kernel/cpu/intel.c:
#ifdef CONFIG_X86_64
set_cpu_cap(c, X86_FEATURE_SYSENTER32);
#endif
arch/x86/vdso/vdso32-setup.c
#ifdef CONFIG_X86_64
#define vdso32_sysenter() (boot_cpu_has(X86_FEATURE_SYSENTER32))
#define vdso32_syscall() (boot_cpu_has(X86_FEATURE_SYSCALL32))
...
#else /* CONFIG_X86_32 */
#define vdso32_sysenter() (boot_cpu_has(X86_FEATURE_SEP))
#define vdso32_syscall() (0)
#endif
I suppose this only affects virtualization of 32-bit guests with -cpu host, where the guest would have to fallback to int $0x80?
Sorry but I dont understand what the problem is here.
In RHEL5 we have:
----------------------------------------------------------------
if (exec_shield != 0) {
#ifdef CONFIG_HIGHMEM64G /* NX implies PAE */
if (!test_bit(X86_FEATURE_NX, c->x86_capability))
#endif
clear_bit(X86_FEATURE_SEP, c->x86_capability);
}
----------------------------------------------------------------
In RHEL6 we have:
----------------------------------------------------------------
if (exec_shield != 0) {
#ifdef CONFIG_X86_PAE
if (!test_cpu_cap(c, X86_FEATURE_NX))
#endif
clear_cpu_cap(c, X86_FEATURE_SEP);
}
----------------------------------------------------------------
In RHEL5 CONFIG_HIGHMEM64G is set in x86 only and in RHEL6 CONFIG_X86_PAE is set in x86 only. So the functionality should be the same for x86 & x86_64 in both cases, no?
Larry
> In RHEL5 CONFIG_HIGHMEM64G is set in x86 only and in RHEL6 CONFIG_X86_PAE is > set in x86 only. So the functionality should be the same for x86 & x86_64 in > both cases, no? The snippet you quoted for RHEL5 is not compiled for x86_64, only i386. See comment 2.
So the whole RHEL6 snipit should be this so we only do this for x86?:
----------------------------------------------------------------
#ifdef CONFIG_X86_PAE
if (exec_shield != 0) {
if (!test_cpu_cap(c, X86_FEATURE_NX))
clear_cpu_cap(c, X86_FEATURE_SEP);
}
#endif
----------------------------------------------------------------
Larry
Yes, that should do it. This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux release for currently deployed products. This request is not yet committed for inclusion in a release. Patch(es) available on kernel-2.6.32-315.el6 Reproduced in 2.6.32-313.el6.x86_64 and verified in 2.6.32-314.el6.x86_64. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2013-0496.html |
Description of problem: SEP cpu flag is disabled on Intel 64 bit when exec_shield is set (which is the default) Version-Release number of selected component (if applicable): 2.6.32-251.el6.x86_64 How reproducible: check cpuinfo after install of RHEL6 64 bit. Steps to Reproduce: 1.check exec_shield is set. cat /proc/sys/kernel/exec-shield returns 1. 2.cat /proc/cpuinfo 3. Actual results: sep is not set Expected results: sep should be set Additional info: this looks like a problem with the exec_shield code in arch/x86/kernel/cpu/common.c : if (exec_shield != 0) { #ifdef CONFIG_X86_PAE if (!test_cpu_cap(c, X86_FEATURE_NX)) #endif clear_cpu_cap(c, X86_FEATURE_SEP); } CONFIG_X86_PAE is not set for 64 bit so we clear SEP.