Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp433399pxa; Fri, 31 Jul 2020 16:36:03 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwKaHrLlCDnEYF6ZKlp9885BhJ6IB9lp44vIeeN26E8MFrC5O0eB+qqFhJmMNmY5YmeNOet X-Received: by 2002:a17:906:1ed3:: with SMTP id m19mr6051566ejj.396.1596238562921; Fri, 31 Jul 2020 16:36:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1596238562; cv=none; d=google.com; s=arc-20160816; b=bJH8hDKy+KyE85eSOTNxuiRgBPgbtJhmSGDsTO5OsaH14xKzofKTvEF3kEdPvTpuLK KY5o3oJ85K/anZ2H/UUbajApOQ3PICkiyVG2i20iHGE1z7P7iGA8hcRCmuDW//fXnRFS 1y9R6cKJQeTUkZPl0Wlc+ZqNSitLx4M9l5NTonUkUTSHZCbyRGU99DKrVkFZKMPBQPvT cs+14/liz51lj93kksCnCY3bryG5jR955f+JHZSlrteyGo6yciVdo1M4AWsOoK7JK9Aw Af7hDe1nXlOP6UXP4BaQp6SKMFTZ/57mlVcXmR+7doDYkPN+stVmaNcYJULZYDMzbZK/ 1igQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=eKvKmc9TetGXjSox10nTpxZazF9UuGv3m3soYeIgf0M=; b=uQKbExiomWfbDgf7GkIyVf5yEbnsjGXUvuOBo+dIoRsjeTfQ7h7dtyM1SvgAAzAM9r F1sfaQJeGtBcRk6SR6u/kgUwYlC0tDqPBDBkDUL2XweSEGsv3dZGw0YB8gPkIbNmVGLk YKmN/7naqzkgdbyEDN1HG7+eIScf3fIoG6c5EJQ8HB7OJiOzwJ4OdV/3tDHtrAEmel9O A3BKBd7wyvrH/Nla4eG40Za2ovqMJx1GSjTbgoUepAKm9JOZSu/XpDiMmHrMkgUvS+Vt r9IzCfzPZXHU9m/S39gHKuevMEFqNlOUlKHkhrqYM3imIU3HqitEQ54SRmv8jV5Aa7hg s9jA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=PitolgIc; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id gw21si4959795ejb.656.2020.07.31.16.35.41; Fri, 31 Jul 2020 16:36:02 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=PitolgIc; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727873AbgGaXeZ (ORCPT + 99 others); Fri, 31 Jul 2020 19:34:25 -0400 Received: from mail.kernel.org ([198.145.29.99]:48054 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726215AbgGaXeZ (ORCPT ); Fri, 31 Jul 2020 19:34:25 -0400 Received: from mail-wm1-f50.google.com (mail-wm1-f50.google.com [209.85.128.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 0FB8A22BEA for ; Fri, 31 Jul 2020 23:34:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596238464; bh=ITLemeA+7bIT0Gyumefb19FaUYhRK8aANpWoBIk24ak=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=PitolgIcwqhucedGVzrmbU+mixt9I+bZpDo1c+KN/xZR7qvwjD6rIm2BIN9PPr0hA rwYsDXIJbqkEFv29YlLvNdTum8LQr4KHQNNUgihepRc0Dk855ZHBxx5QXog31r6gbh GNtRZ1uBwdcxXfCE9v7u3y9dRvZBVaLTOsgo4Evc= Received: by mail-wm1-f50.google.com with SMTP id d190so9720573wmd.4 for ; Fri, 31 Jul 2020 16:34:23 -0700 (PDT) X-Gm-Message-State: AOAM530jSMNnohTWZZ0vQtYeuxJFruaCLbsiKvk52owoifJ5ieZd48Ji oUb+woK20SiW8BWAv05TyFqKMKNviza8qRnJLZIP4Q== X-Received: by 2002:a1c:4c17:: with SMTP id z23mr948983wmf.49.1596238462535; Fri, 31 Jul 2020 16:34:22 -0700 (PDT) MIME-Version: 1.0 References: <1594684087-61184-1-git-send-email-fenghua.yu@intel.com> <1594684087-61184-13-git-send-email-fenghua.yu@intel.com> In-Reply-To: <1594684087-61184-13-git-send-email-fenghua.yu@intel.com> From: Andy Lutomirski Date: Fri, 31 Jul 2020 16:34:11 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v6 12/12] x86/traps: Fix up invalid PASID To: Fenghua Yu Cc: Thomas Gleixner , Joerg Roedel , Ingo Molnar , Borislav Petkov , Peter Zijlstra , H Peter Anvin , David Woodhouse , Lu Baolu , Felix Kuehling , Dave Hansen , Tony Luck , Jean-Philippe Brucker , Christoph Hellwig , Ashok Raj , Jacob Jun Pan , Dave Jiang , Sohil Mehta , Ravi V Shankar , linux-kernel , x86 , iommu , amd-gfx Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jul 13, 2020 at 4:48 PM Fenghua Yu wrote: > > A #GP fault is generated when ENQCMD instruction is executed without > a valid PASID value programmed in the current thread's PASID MSR. The > #GP fault handler will initialize the MSR if a PASID has been allocated > for this process. > > Decoding the user instruction is ugly and sets a bad architecture > precedent. It may not function if the faulting instruction is modified > after #GP. > > Thomas suggested to provide a reason for the #GP caused by executing ENQCMD > without a valid PASID value programmed. #GP error codes are 16 bits and all > 16 bits are taken. Refer to SDM Vol 3, Chapter 16.13 for details. The other > choice was to reflect the error code in an MSR. ENQCMD can also cause #GP > when loading from the source operand, so its not fully comprehending all > the reasons. Rather than special case the ENQCMD, in future Intel may > choose a different fault mechanism for such cases if recovery is needed on > #GP. Decoding the user instruction is ugly and sets a bad architecture precedent, but we already do it in #GP for UMIP. So I'm unconvinced. Memo to Intel, though: you REALLY need to start thinking about what the heck an OS is supposed to do with all these new faults you're coming up with. The new #NM for TILE is utterly nonsensical. Sure, it works for an OS that does not use CR0.TS and as long as no one tries to extend the same mechanism for some new optional piece of state, but as soon as Intel tries to use the same mechanism for anything else, it falls apart. Please do better. > + > +/* > + * Write the current task's PASID MSR/state. This is called only when PASID > + * is enabled. > + */ > +static void fpu__pasid_write(u32 pasid) > +{ > + u64 msr_val = pasid | MSR_IA32_PASID_VALID; > + > + fpregs_lock(); > + > + /* > + * If the MSR is active and owned by the current task's FPU, it can > + * be directly written. > + * > + * Otherwise, write the fpstate. > + */ > + if (!test_thread_flag(TIF_NEED_FPU_LOAD)) { > + wrmsrl(MSR_IA32_PASID, msr_val); > + } else { > + struct ia32_pasid_state *ppasid_state; > + > + ppasid_state = get_xsave_addr(¤t->thread.fpu.state.xsave, > + XFEATURE_PASID); > + /* > + * ppasid_state shouldn't be NULL because XFEATURE_PASID > + * is enabled. > + */ > + WARN_ON_ONCE(!ppasid_state); > + ppasid_state->pasid = msr_val; WARN instead of BUG is nice, but you'll immediate oops if this fails. How about: if (!WARN_ON_ONCE(!ppasid_state)) ppasid_state->pasid = msr_val;