[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v1 0/2] x86/amd_node: harden amd_smn_init() against Xen dom0 topology

  • To: <x86@xxxxxxxxxx>
  • From: Penny Zheng <penny.zheng@xxxxxxx>
  • Date: Wed, 6 May 2026 13:55:17 +0800
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=HtYmF59T1+vlFA/MbHNkN7Ydeg2pEly/nEThOGxN8ek=; b=UTFqJlOcgLd+dl2+0nTQkcqINSb54z21kSN91HdVrnNxJG3G65pUIkAG0l2UBgfC8r+M2sNj3LloifFURyTYEw9HjhqWV0kJQyk8Kfcd9xV22NAZI3tJdNim9en8qLaC9zZg+0JfLLLdlmpBKSys+fghtGp0xn6bIhOd2hWKf69y3feHP2wHoB5y5Gu4+OMC1fo6wkAgZpBQLHulgSnI74qnZ9k4o7+NI/qH1q7Oj+jHdUxU0vkAqA7hLq2xpJPoHA3boYhloTb9EGQepRLVYCWyXUd1JgN7LAxdAhKg2f7JurX++qi0RCkEYR5kA1xuvt6g637kp+fyxkMRbxoEBA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=ABgYIuFm11r8dreV7cA0DJwFITnbkkyeK5Qo9Php8QrzEeJiU1399+l8JhKRIiVp8zUrs7kQIRv3pAts6y/Tr3K4AxCiXwst48Yzg0+jxNfPrd56oLp3JBGyOjEIR4qnuZkXsWxSwLbzFky5mR+t+OArIUmdJeRV9MmQd1llEaPrToM1xb1fQPWkywTKHeX3TqqpVUTDXWeh2znVcZDgcPFFh7EoLsgG4SgxvM4MuS/xsTx7Ur6EitdpBAYCKolvCDTuHjAP+1wyHoZb+vP9P6k1VEjZWju1zTSvtCGqyE/2sXfEJmSJNalQS54XTJTw/eDmxJefnQtbBqpsG5k/iQ==
  • Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=amd.com header.i="@amd.com" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck"
  • Cc: <ray.huang@xxxxxxx>, <Jason.Andryuk@xxxxxxx>, <stefano.stabellini@xxxxxxx>, Penny Zheng <penny.zheng@xxxxxxx>, "Mario Limonciello" <mario.limonciello@xxxxxxx>, Yazen Ghannam <yazen.ghannam@xxxxxxx>, Thomas Gleixner <tglx@xxxxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>, Borislav Petkov <bp@xxxxxxxxx>, Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>, "H. Peter Anvin" <hpa@xxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>, <linux-kernel@xxxxxxxxxxxxxxx>
  • Delivery-date: Wed, 06 May 2026 05:56:46 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
While booting a recent linux-next kernel as a Xen PVH dom0 on x86, the kernel
oopses very early during fs_initcall:

  Oops: divide error: 0000 [#1] SMP NOPTI
  RIP: 0010:amd_smn_init+0x188/0x2e0

Followed: on a kernel that survives the divide, it will fail by a NULL pointer
dereference from the first SMN consumer (amd_pmc_probe -> amd_smn_read).

Root cause
==========

To prevent each dom0 vCPU from looking like an SMT sibling of another
vCPU, Xen synthesizes guest x2APIC IDs as vcpu_index * 2. This spacing every
vCPU's APIC ID by 2 can push the synthesized IDs past the package-field
boundary. Linux then infers more "packages" and therefore more AMD
nodes via amd_num_nodes() than the platform actually has, while the
PCI-side host-bridge scan correctly reports the number of root complex.

The fixes are tested on Xen 4.20 PVH dom0 on AMD Zen (16 vCPUs) on top of
linux-next/master (next-20260505).

Penny Zheng (2):
  x86/amd_node: avoid divide-by-zero in amd_smn_init() under Xen dom0
  x86/amd_node: reject SMN access when amd_smn_init() did not complete

 arch/x86/kernel/amd_node.c | 23 ++++++++++++++++++++---
 1 file changed, 20 insertions(+), 3 deletions(-)

-- 
2.43.0

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.