CVE-2022-49565

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> perf/x86/intel/lbr: Fix unchecked MSR access error on HSW<br /> <br /> The fuzzer triggers the below trace.<br /> <br /> [ 7763.384369] unchecked MSR access error: WRMSR to 0x689<br /> (tried to write 0x1fffffff8101349e) at rIP: 0xffffffff810704a4<br /> (native_write_msr+0x4/0x20)<br /> [ 7763.397420] Call Trace:<br /> [ 7763.399881] <br /> [ 7763.401994] intel_pmu_lbr_restore+0x9a/0x1f0<br /> [ 7763.406363] intel_pmu_lbr_sched_task+0x91/0x1c0<br /> [ 7763.410992] __perf_event_task_sched_in+0x1cd/0x240<br /> <br /> On a machine with the LBR format LBR_FORMAT_EIP_FLAGS2, when the TSX is<br /> disabled, a TSX quirk is required to access LBR from registers.<br /> The lbr_from_signext_quirk_needed() is introduced to determine whether<br /> the TSX quirk should be applied. However, the<br /> lbr_from_signext_quirk_needed() is invoked before the<br /> intel_pmu_lbr_init(), which parses the LBR format information. Without<br /> the correct LBR format information, the TSX quirk never be applied.<br /> <br /> Move the lbr_from_signext_quirk_needed() into the intel_pmu_lbr_init().<br /> Checking x86_pmu.lbr_has_tsx in the lbr_from_signext_quirk_needed() is<br /> not required anymore.<br /> <br /> Both LBR_FORMAT_EIP_FLAGS2 and LBR_FORMAT_INFO have LBR_TSX flag, but<br /> only the LBR_FORMAT_EIP_FLAGS2 requirs the quirk. Update the comments<br /> accordingly.