CVE-2022-49565 Information

Description

In the Linux kernel the following vulnerability has been resolved:

perf/x86/intel/lbr: Fix unchecked MSR access error on HSW

The fuzzer triggers the below trace.

[ 7763.384369] unchecked MSR access error: WRMSR to 0x689 (tried to write 0x1fffffff8101349e) at rIP: 0xffffffff810704a4 (native_write_msr+0x4/0x20) [ 7763.397420] Call Trace: [ 7763.399881] [ 7763.401994] intel_pmu_lbr_restore+0x9a/0x1f0 [ 7763.406363] intel_pmu_lbr_sched_task+0x91/0x1c0 [ 7763.410992] __perf_event_task_sched_in+0x1cd/0x240

On a machine with the LBR format LBR_FORMAT_EIP_FLAGS2 when the TSX is disabled a TSX quirk is required to access LBR from registers. The lbr_from_signext_quirk_needed() is introduced to determine whether the TSX quirk should be applied. However the lbr_from_signext_quirk_needed() is invoked before the intel_pmu_lbr_init() which parses the LBR format information. Without the correct LBR format information the TSX quirk never be applied.

Move the lbr_from_signext_quirk_needed() into the intel_pmu_lbr_init(). Checking x86_pmu.lbr_has_tsx in the lbr_from_signext_quirk_needed() is not required anymore.

Both LBR_FORMAT_EIP_FLAGS2 and LBR_FORMAT_INFO have LBR_TSX flag but only the LBR_FORMAT_EIP_FLAGS2 requirs the quirk. Update the comments accordingly.

Reference

https://git.kernel.org/stable/c/625bcd0685a1612225df83468c83412fc0edb3d7 https://git.kernel.org/stable/c/b0380e13502adf7dd8be4c47d622c3522aae6c63