On Mon, 6 Feb 2023 14:22:40 +1000, Nicholas Piggin wrote:
> The RFI and STF security mitigation options can flip the
> interrupt_exit_not_reentrant static branch condition concurrently with
> the interrupt exit code which tests that branch.
>
> Interrupt exit tests this condition to set MSR[EE|RI] for exit, then
> again in the case a soft-masked interrupt is found pending, to recover
> the MSR so the interrupt can be replayed before attempting to exit
> again. If the condition changes between these two tests, the MSR and irq
> soft-mask state will become corrupted, leading to warnings and possible
> crashes. For example, if the branch is initially true then false,
> MSR[EE] will be 0 but PACA_IRQ_HARD_DIS clear and EE may not get
> enabled, leading to warnings in irq_64.c.
>
> [...]
Applied to powerpc/fixes.
[1/1] powerpc/64s/interrupt: Fix interrupt exit race with security mitigation
switch
https://git.kernel.org/powerpc/c/2ea31e2e62bbc4d11c411eeb36f1b02841dbcab1
cheers
