CR4 needs to be updated atomically with its shadow value, as CR4 updates are performed in read-modify-write fashion which are based on the shadow value. If CR4 is changed between the read and the write, CR4 might not be updated correctly.
For this to happen, CR4 needs to be rewritten by an interrupt handler. [Presumably, writes to CR4 take place while preemption is disabled, although due to the experience with CR3 - who knows.] CR4.PGD can be updated by an interrupt handler, but it is restored to its previous value, so it should not introduce a race. However, it seems that allowing CR4 updates without disabling IRQs may present a potential future bug. Cc: Andy Lutomirski <l...@kernel.org> Cc: Thomas Gleixner <t...@linutronix.de> Cc: Ingo Molnar <mi...@redhat.com> Cc: "H. Peter Anvin" <h...@zytor.com> Cc: x...@kernel.org Cc: Tony Luck <tony.l...@intel.com> Cc: Borislav Petkov <b...@alien8.de> Cc: Paolo Bonzini <pbonz...@redhat.com> Cc: "Radim Krčmář" <rkrc...@redhat.com> v1 -> v2: - Break into two patches (Andy) - Rename refactored function to __cr4_set() (Andy) Nadav Amit (2): x86: refactor CR4 setting and shadow write x86: disable IRQs before changing CR4 arch/x86/include/asm/mmu_context.h | 4 ++-- arch/x86/include/asm/tlbflush.h | 40 +++++++++++++++++++++--------------- arch/x86/include/asm/virtext.h | 2 +- arch/x86/kernel/cpu/common.c | 38 +++++++++++++++++++++++++--------- arch/x86/kernel/cpu/mcheck/mce.c | 5 ++++- arch/x86/kernel/cpu/mcheck/p5.c | 6 +++++- arch/x86/kernel/cpu/mcheck/winchip.c | 5 ++++- arch/x86/kernel/fpu/init.c | 2 +- arch/x86/kernel/fpu/xstate.c | 4 ++-- arch/x86/kernel/process.c | 20 +++++++++++++----- arch/x86/kernel/reboot.c | 2 +- arch/x86/kvm/vmx.c | 13 ++++++++++-- arch/x86/mm/init.c | 6 +++++- 13 files changed, 102 insertions(+), 45 deletions(-) -- 2.14.1
