From patchwork Mon Jan 23 14:02:33 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tim Gardner X-Patchwork-Id: 1730481 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=canonical.com header.i=@canonical.com header.a=rsa-sha256 header.s=20210705 header.b=Xzy7UBFd; dkim-atps=neutral Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4P0sJd64K4z23gd for ; Tue, 24 Jan 2023 01:03:29 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1pJxPu-0008Ua-MF; Mon, 23 Jan 2023 14:03:22 +0000 Received: from smtp-relay-internal-1.internal ([10.131.114.114] helo=smtp-relay-internal-1.canonical.com) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1pJxPt-0008UG-28 for kernel-team@lists.ubuntu.com; Mon, 23 Jan 2023 14:03:21 +0000 Received: from mail-pl1-f200.google.com (mail-pl1-f200.google.com [209.85.214.200]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 63D4B419B8 for ; Mon, 23 Jan 2023 14:03:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1674482600; bh=d/sGBVPrnVkTl1+WRBcKlyy9L2uejZ8ezIj7MfUpLrE=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=Xzy7UBFdtUCkStD0OxzR9JHT/cB4AYA+JuL5pOnaMAZgvuYzEKWFTk2DQurO23fwt ZLGMZnEadN4tJREEfJZf6U/yPdgWEgd5hwb46h/SE6K121v9ou3AfVEQYUv1eCKzaU it7Gi2U1N9fGX/ns/vTAwfA9gpbuHgBEjRQlujnBL6Z3B6/PGUVoXROzIR2l/buQyG kb2o/5qbl4e4KcTGqQnDJVO/aWcO0jUVF6i8nyaf5SeITnvxQL20dqw8I32ypjPMbk dcquhLb8TTnBLbpZp+mwDEmHp5R3wUDYcdBCP1Ot1O2usne6OdKhvKtpuVfYP8bb29 4QV+LcotWec4w== Received: by mail-pl1-f200.google.com with SMTP id p15-20020a170902a40f00b00192b2bbb7f8so7238238plq.14 for ; Mon, 23 Jan 2023 06:03:20 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=d/sGBVPrnVkTl1+WRBcKlyy9L2uejZ8ezIj7MfUpLrE=; b=LS3nxjyuruLSEnk18XVq03275hAyKzqOdb+QMYHKQcm5+LtpUCvH+LJ6P0nxi+GQjD eLsenueH8yEnPtFVkCiocj3tnc3quZ4Ng2DyznGTGiXGILGW/S7fJ56UlZhAlQ+paSXY vMiFpnqGLw0s05ArNceKglM3wouKI/zppEam3GJDnqLzz+yAQSc8Y0/uCFzlB7JQzonX PW2Dcra/9jHO0HmrqkWoVFhB0txrscgjOkgNirt6/rp6WM2rMjFhJwmnMtow3GT1w3IP K6tQaY2gOKufbhL46RCVVaCpLSmkVy85QpyPYIKaXEdPIlNizCWvUWqrSB3MaDdC5oKc fVBg== X-Gm-Message-State: AFqh2krcmp/ic78dNWJcF3GI8rlQATkWsee/UfGZ5QtUjmZdmJmKsFdt 5QE1AAW7EGutG6pYUAwgOgFRnlaQhsyD8Zic7A0gKEkXBKQgKutjImKguoDaK3xl7EJYujyB6fr +cK5jrrH7wqc/eOKCD5hF+Nnl+04pP+RCMC6tJikciQ== X-Received: by 2002:a17:902:d506:b0:194:8a27:f5c6 with SMTP id b6-20020a170902d50600b001948a27f5c6mr35428048plg.22.1674482598409; Mon, 23 Jan 2023 06:03:18 -0800 (PST) X-Google-Smtp-Source: AMrXdXuvxDH0b9GC6YwmfFaF8MMmaOfjYwMQpy6Z6CCQmh6WdwSvdhMkiAcbSqhM2Zpaux7mKGg78A== X-Received: by 2002:a17:902:d506:b0:194:8a27:f5c6 with SMTP id b6-20020a170902d50600b001948a27f5c6mr35428017plg.22.1674482598030; Mon, 23 Jan 2023 06:03:18 -0800 (PST) Received: from localhost.localdomain ([69.163.84.166]) by smtp.gmail.com with ESMTPSA id w19-20020a170902a71300b0019339f3368asm15840566plq.3.2023.01.23.06.03.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Jan 2023 06:03:17 -0800 (PST) From: Tim Gardner To: kernel-team@lists.ubuntu.com Subject: [PATCH] UBUNTU: SAUCE: TDX: Work around the segfault issue in glibc 2.35 in Ubuntu 22.04. Date: Mon, 23 Jan 2023 07:02:33 -0700 Message-Id: <20230123140233.790103-2-tim.gardner@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230123140233.790103-1-tim.gardner@canonical.com> References: <20230123140233.790103-1-tim.gardner@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Dexuan Cui BugLink: https://bugs.launchpad.net/bugs/2003714 glibc 2.34/2.35 (and 2.36?) had a bug (2.32 is good): See https://sourceware.org/bugzilla/show_bug.cgi?id=28784 The bug has been fixed in upstream glibc: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=c242fcce06e3102ca663b2f992611d0bda4f2668 However, it looks like a lot of distros haven't picked up the fix yet, e.g. Ubuntu 22.04/22.10/23.04's glibc need pick up the glibc fix (c242fcce06e3102ca663b2f992611d0bda4f2668). RHEL 9's glibc needs the glibc fix as well. Before the glibc packages in the distros are fixed, we can use this kernel side workaround patch for now. The workaround is from Intel. See the below for the rationale: x86/tdx: Virtualize CPUID leaf 0x2 CPUID leaf 0x2 provides cache and TLB information. In TDX guest access to the leaf causes #VE. Current implementation returns all zero, but it confuses some users: some recent versions of GLIBC hit segfaults. It is a GLIBC bug, but it is also a user-visible regression comparing to non-TDX environment. Kernel can generate a sensible response to the #VE to work around the glibc segfault for now. The leaf is obsolete. There are leafs that provides the same information in a structured form. See leaf 0x4 on cache info and leaf 0x18 on TLB info. Generate a response that indicates that CPUID leaf 0x4 and 0x18 have to be used instead. (cherry picked from commit 16218cf73491e867fd39c16c9e4b8aa926cbda68 https://github.com/dcui/tdx) Signed-off-by: Tim Gardner Acked-by: Ian May --- arch/x86/coco/tdx/tdx.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c index c32c7ef55249..928ca748bb26 100644 --- a/arch/x86/coco/tdx/tdx.c +++ b/arch/x86/coco/tdx/tdx.c @@ -329,6 +329,18 @@ static int handle_cpuid(struct pt_regs *regs, struct ve_info *ve) .r13 = regs->cx, }; + /* + * Work around the segfault issue in glibc 2.35 in Ubuntu 22.04. + * See https://sourceware.org/bugzilla/show_bug.cgi?id=28784 + * Ubuntu 22.04/22.10/23.04's glibc should pick up this glibc fix: + * https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=c242fcce06e3102ca663b2f992611d0bda4f2668 + */ + if (regs->ax == 2) { + regs->ax = 0xf1ff01; + regs->bx = regs->cx = regs->dx = 0; + return ve_instr_len(ve); + } + /* * Only allow VMM to control range reserved for hypervisor * communication.