Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp5607964imm; Wed, 12 Sep 2018 08:26:12 -0700 (PDT) X-Google-Smtp-Source: ANB0Vdbxjw7w/kbe0cMtGnbzG6YZJiUTWC/s1+i6/mpKCnFyX4J+rSX2zr3JBp/lQHlse195PA0g X-Received: by 2002:a65:5581:: with SMTP id j1-v6mr2845950pgs.203.1536765972017; Wed, 12 Sep 2018 08:26:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1536765971; cv=none; d=google.com; s=arc-20160816; b=m6d0r1H2vgOMJIMVIYNX0UMqh6auj8oNZsP+m/v7Z6Jqk+gDERoxSYw/RY+qvwDqRA QtIRV/UFCNzaWwx0JaPuERCt2inPklBG2cb6QV2FQupKPG32EBfDz+9s2bxrFfs/hIof M8P5eGLBSbTQUC9Dn6o8qzh8/zUZgHxH+hzorCk17OyFqZduSHtHyECtp1vQJINKkUdJ evdogLDK85BKSvNW6rcn5Ha3ne0SuWTkl9EG2VwfgWOjvCp/vHJUYHT0bZiCRYPRe82Q P0jgpz6cFHUsN449r9rusBnC7Kug63TCUAfY/xroKYMyP+dKmbj9RfYd7vRqJfJATcmr h37A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:to:references:message-id :content-transfer-encoding:cc:date:in-reply-to:from:subject :mime-version:dkim-signature; bh=l528uxAgWFSL5tVGTDhS0RKhVSftA2wtAgPpq8U72rU=; b=fo0cRAB/HXJQbKWlnjNQCHyqUvpimqqqk3fQ12hgtW180q6/2bD+bMw8WG6PfA6FAG +8wz7QwBAH1Y6wkDCQEROOb/XXgnCAlAuRGmGm76faJG5HoUotBrTouYMHr9iV3oaokK 01wvhk9ZttEPum1UTKtIxs0KR5q8uu0mZMEdKsbkLGgWACKWYOGmdnFmsQ/xJ+WHhq5A F1hiC+nOWiKA4jT7+j//1XynMPwc9njMUaxrzaCx505L+1+z4l2FcyZmm1O06rRRCDtt uz+soDF2ciNsqF6LzWo1ZdLMBCFl0Q78Dm+LBI4EKBzrbeoKOicj0exXJQwHM1YdkNVa NhBA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=MJA9QGAi; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 11-v6si1290493plc.154.2018.09.12.08.25.49; Wed, 12 Sep 2018 08:26:11 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=MJA9QGAi; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727002AbeILU3L (ORCPT + 99 others); Wed, 12 Sep 2018 16:29:11 -0400 Received: from mail-pg1-f193.google.com ([209.85.215.193]:35188 "EHLO mail-pg1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726839AbeILU3L (ORCPT ); Wed, 12 Sep 2018 16:29:11 -0400 Received: by mail-pg1-f193.google.com with SMTP id 7-v6so1243990pgf.2 for ; Wed, 12 Sep 2018 08:24:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amacapital-net.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=l528uxAgWFSL5tVGTDhS0RKhVSftA2wtAgPpq8U72rU=; b=MJA9QGAiWQZyutSyrxbahF6RDzUacK+elhd03O3vyKgNbPTkejDQGj1lfl9r8t7dnn /c1+h/CX7yV1qV/wdu9/6Qddkn/4KUZroWTQs8qoPoaRFu6lD2Ixdrbtv95NFh7xy7XN N4EknBtbcdP0er1dxuUzBrTpHoDtmV68NNJobV7L5gl7vCRhcF/0I0/WY1aSyfv6ABFj 8RqafjDvQliHEkz9m3nwkJPRDroDkHG9YnBCkaDddVrZ2b/U8j9WaSpt9YyzY4YKaoyY EVg4zFqMyS7hfLtj6qVHvKvTt/HSRsCxN2AZSXf8T+2gMlq+KJJQPNpaYOylnKAFPYde 1n2g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=l528uxAgWFSL5tVGTDhS0RKhVSftA2wtAgPpq8U72rU=; b=tR4WBrxuc5UnAKbqyR7aqTBpO6zKnB7JGmHOiSbHLGG2OX8GUqSkYTrg/IcO1vjQDR hH8EEyKiPsNkvvqzFbXEPYMwI4rfXzRmWWbR50iA2KUoE/Not+LVtlGb1oMOWj5j1u7J HuA8LQS1WGSJCftHEdDfJHOKTxK+g3Yo5hZIEkL8EiRQZ30Y8InoiNDm/ZJutKbayJsO Bv6DrRDk+DARNAihqhkojiNu32z1D8+CRkEgLuN4/C6vm+vmQITbR6guoOJyMdcpQiy0 8PxoXH7jSXhQaGizK8vtIUCk5FSZxadpav0XVu3rwNhs2Swk/Zn+VmNgMVEnRqjJkIJq b/iQ== X-Gm-Message-State: APzg51CW4PhoOJQAmx83vZgQh1qppNR3+bhAOYhZwC3T55H/PLXcrKXp EBXBAfXLQYr9aWc+AYawTUUmAQ== X-Received: by 2002:a63:1d3:: with SMTP id 202-v6mr2927103pgb.136.1536765850802; Wed, 12 Sep 2018 08:24:10 -0700 (PDT) Received: from ?IPv6:2601:646:c200:7429:9592:4a20:451a:68da? ([2601:646:c200:7429:9592:4a20:451a:68da]) by smtp.gmail.com with ESMTPSA id t2-v6sm2563077pfj.7.2018.09.12.08.24.09 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 12 Sep 2018 08:24:09 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (1.0) Subject: Re: [RFC PATCH 04/10] x86/fpu: eager switch PKRU state From: Andy Lutomirski X-Mailer: iPhone Mail (15G77) In-Reply-To: <8e5b64e4-b3e6-f884-beb6-b7b69ab2d8c1@redhat.com> Date: Wed, 12 Sep 2018 08:24:08 -0700 Cc: Sebastian Andrzej Siewior , linux-kernel@vger.kernel.org, x86@kernel.org, Andy Lutomirski , =?utf-8?Q?Radim_Kr=C4=8Dm=C3=A1=C5=99?= , kvm@vger.kernel.org, "Jason A. Donenfeld" , Rik van Riel Content-Transfer-Encoding: quoted-printable Message-Id: <3476ED25-96C7-4285-AF1D-7FB82E10FB6C@amacapital.net> References: <20180912133353.20595-1-bigeasy@linutronix.de> <20180912133353.20595-5-bigeasy@linutronix.de> <8e5b64e4-b3e6-f884-beb6-b7b69ab2d8c1@redhat.com> To: Paolo Bonzini Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > On Sep 12, 2018, at 7:18 AM, Paolo Bonzini wrote: >=20 >> On 12/09/2018 15:33, Sebastian Andrzej Siewior wrote: >> From: Rik van Riel >>=20 >> While most of a task's FPU state is only needed in user space, >> the protection keys need to be in place immediately after a >> context switch. >>=20 >> The reason is that any accesses to userspace memory while running >> in kernel mode also need to abide by the memory permissions >> specified in the protection keys. >>=20 >> The pkru info is put in its own cache line in the fpu struct because >> that cache line is accessed anyway at context switch time, and the >> location of the pkru info in the xsave buffer changes depending on >> what other FPU registers are in use if the CPU uses compressed xsave >> state (on by default). >>=20 >> The initial state of pkru is zeroed out automatically by fpstate_init. >>=20 >> Signed-off-by: Rik van Riel >> [bigeasy: load PKRU state only if we also load FPU content] >> Signed-off-by: Sebastian Andrzej Siewior >> --- >> arch/x86/include/asm/fpu/internal.h | 11 +++++++++-- >> arch/x86/include/asm/fpu/types.h | 10 ++++++++++ >> arch/x86/include/asm/pgtable.h | 6 +----- >> arch/x86/mm/pkeys.c | 14 ++++++++++++++ >> 4 files changed, 34 insertions(+), 7 deletions(-) >>=20 >> diff --git a/arch/x86/include/asm/fpu/internal.h b/arch/x86/include/asm/f= pu/internal.h >> index 16c4077ffc945..57bd1576e033d 100644 >> --- a/arch/x86/include/asm/fpu/internal.h >> +++ b/arch/x86/include/asm/fpu/internal.h >> @@ -573,8 +573,15 @@ static inline void switch_fpu_finish(struct fpu *new= _fpu, int cpu) >> bool preload =3D static_cpu_has(X86_FEATURE_FPU) && >> new_fpu->initialized; >>=20 >> - if (preload) >> - __fpregs_load_activate(new_fpu, cpu); >> + if (!preload) >> + return; >> + >> + __fpregs_load_activate(new_fpu, cpu); >> + /* Protection keys need to be in place right at context switch time.= */ >> + if (boot_cpu_has(X86_FEATURE_OSPKE)) { >> + if (new_fpu->pkru !=3D __read_pkru()) >> + __write_pkru(new_fpu->pkru); >> + } >> } >>=20 >> /* >> diff --git a/arch/x86/include/asm/fpu/types.h b/arch/x86/include/asm/fpu/= types.h >> index 202c53918ecfa..6fa58d37938d2 100644 >> --- a/arch/x86/include/asm/fpu/types.h >> +++ b/arch/x86/include/asm/fpu/types.h >> @@ -293,6 +293,16 @@ struct fpu { >> */ >> unsigned int last_cpu; >>=20 >> + /* >> + * Protection key bits. These also live inside fpu.state.xsave, >> + * but the location varies if the CPU uses the compressed format >> + * for XSAVE(OPT). >> + * >> + * The protection key needs to be switched out immediately at contex= t >> + * switch time, so it is in place for things like copy_to_user. >> + */ >> + unsigned int pkru; >> + >> /* >> * @initialized: >> * >> diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtabl= e.h >> index 690c0307afed0..cc36f91011ad7 100644 >> --- a/arch/x86/include/asm/pgtable.h >> +++ b/arch/x86/include/asm/pgtable.h >> @@ -132,11 +132,7 @@ static inline u32 read_pkru(void) >> return 0; >> } >>=20 >> -static inline void write_pkru(u32 pkru) >> -{ >> - if (boot_cpu_has(X86_FEATURE_OSPKE)) >> - __write_pkru(pkru); >> -} >> +extern void write_pkru(u32 pkru); >>=20 >> static inline int pte_young(pte_t pte) >> { >> diff --git a/arch/x86/mm/pkeys.c b/arch/x86/mm/pkeys.c >> index 6e98e0a7c9231..c7a7b6bd64009 100644 >> --- a/arch/x86/mm/pkeys.c >> +++ b/arch/x86/mm/pkeys.c >> @@ -18,6 +18,20 @@ >>=20 >> #include /* boot_cpu_has, ... *= / >> #include /* vma_pkey() *= / >> +#include >> + >> +void write_pkru(u32 pkru) >> +{ >> + if (!boot_cpu_has(X86_FEATURE_OSPKE)) >> + return; >> + >> + current->thread.fpu.pkru =3D pkru; >> + >> + __fpregs_changes_begin(); >> + __fpregs_load_activate(¤t->thread.fpu, smp_processor_id()); >> + __write_pkru(pkru); >> + __fpregs_changes_end(); >> +} >>=20 >> int __execute_only_pkey(struct mm_struct *mm) >> { >>=20 >=20 > I think you can go a step further and exclude PKRU state from > copy_kernel_to_fpregs altogether; you just use RDPKRU/WRPKRU. This also > means you don't need to call __fpregs_* functions in write_pkru. >=20 >=20 Except that the signal ABI has PKRU in the xstate. So we=E2=80=99d need to f= ake it or do something special for signals.=