Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp827852pxk; Thu, 1 Oct 2020 15:06:31 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxsySmrAcXoBmJXyM3vgCuc2VwHRXX0xyfuKDQ+MNvverYYkJOp8WEiMvvxbq+jJbFR9sxe X-Received: by 2002:a17:906:8687:: with SMTP id g7mr10528254ejx.129.1601589991109; Thu, 01 Oct 2020 15:06:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1601589991; cv=none; d=google.com; s=arc-20160816; b=jG50tdWbAFOxJIVZ4ITCKEC87JoYqINtlY3KSWE7IwzhAQsWocg7qCecau1UcsUubD s752qInyVx9A+HujT7OPDYs+cWzNpjMg+yUS+aK3AlxN3yTJUAeiliRAbp3ZV/emWV0K LckzfSoQ8H9ionk/9NjZdUNppv1kxdIroCrls5TS0y0ICidp8c7HRUNHg3+8ZMSZxfs3 yOvF1Xp+4ljcJsqQGRx5Z57544dZoA9Vi3z3op5ODHTjGbTY+9/WHEz9B/FpqceQn3Pf yGviR6DZqNH2ZZVAOwRWR58brCnL6aMlwqv4SRxD8gFC96VyzEBVijUkOnJlGCo+/9JC ciFw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=e+axpyFfB+gK0TA0u4npqJ1Yg3FbS4WTiSZS9+seIv4=; b=D3Vr5nn+RL9ghoCAnRRQoMOL3/bYRLxP82gMTwPhCvVem6KpROGRb0SjIJfUQIBD3q OhjtlP7OXbGTJJXLuUe+wYDJ7RS3XF155SQtvBP6klYqB5cRggwUw0N0uLuWGePNZBAc ri4i3J9vi/vfAdOemunFDQ1APIYJw30mknQ3NFlAsm1+k4s5iDbLwHDNSxo0BtZS377/ EzR58jRdC0QTWXEOHQZPP+SQTleJDftDSFeF1c0cOl5ENeyUDMNyYQvC9Kp3DrYW6Df5 3FsW8Ol+2bDtQqfhbMZ/D882qNBbApE+VmZDVw+n2Ldg+zSuayWVNecZ5JmcByKbCvyv PibQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=UPOqhg7m; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id d23si4128684edt.338.2020.10.01.15.06.09; Thu, 01 Oct 2020 15:06:31 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=UPOqhg7m; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728090AbgJAWFC (ORCPT + 99 others); Thu, 1 Oct 2020 18:05:02 -0400 Received: from mail.kernel.org ([198.145.29.99]:56564 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726731AbgJAWFC (ORCPT ); Thu, 1 Oct 2020 18:05:02 -0400 Received: from mail-wm1-f45.google.com (mail-wm1-f45.google.com [209.85.128.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 34D4820706 for ; Thu, 1 Oct 2020 22:05:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1601589901; bh=ySbyvraJuX0jwwsNK/d/UFl6VDicg/JYUCXb5bYZY/Q=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=UPOqhg7mZpw3PfyZ0oa+Pip+ZIlIaOuCfgjfX+OffXkGVJ2u+epsd4QNwBF5w/r4E hm35CrKR7SKm9plRf8sDMhAt54l9xfvsPJdjMwpFA+Qmlziq7HY1p7Uox9MjFrf1bZ B19VDY3XBzOLephTf7rkT5bMZ2CDi/L9VYRJsWTc= Received: by mail-wm1-f45.google.com with SMTP id s13so204071wmh.4 for ; Thu, 01 Oct 2020 15:05:01 -0700 (PDT) X-Gm-Message-State: AOAM530EnAD5YNU/ekClz+vNINwWxCfqLSokVxCQesmjLUG/ODNJl0iX VaWm1jL+xRL6Mw1rSEN7Kgjf5lR8g1bcb0CMpkPuBw== X-Received: by 2002:a1c:238e:: with SMTP id j136mr2069411wmj.176.1601589899748; Thu, 01 Oct 2020 15:04:59 -0700 (PDT) MIME-Version: 1.0 References: <71682bce-a925-d3bd-18ef-d2e4eb8ebc8e@intel.com> <20201001205857.GH7474@linux.intel.com> In-Reply-To: From: Andy Lutomirski Date: Thu, 1 Oct 2020 15:04:48 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: How should we handle illegal task FPU state? To: Dave Hansen Cc: Sean Christopherson , "Yu, Yu-cheng" , Andy Lutomirski , LKML , X86 ML , Rik van Riel , Andrew Cooper Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Oct 1, 2020 at 2:50 PM Dave Hansen wrote: > > On 10/1/20 1:58 PM, Sean Christopherson wrote: > > One thought for a lowish effort approach to pave the way for CET would be to > > try XRSTORS multiple times in switch_fpu_return(). If the first try fails, > > then WARN, init non-supervisor state and try a second time, and if _that_ fails > > then kill the task. I.e. do the minimum effort to play nice with bad FPU > > state, but don't let anything "accidentally" turn off CET. > > I'm not sure we should ever keep running userspace after an XRSTOR* > failure. For MPX, this might have provided a nice, additional vector > for an attacker to turn off MPX. Same for pkeys if we didn't correctly > differentiate between the hardware init state versus the "software init" > state that we keep in init_task. > > What's the advantage of letting userspace keep running after we init its > state? That it _might_ be able to recover? I suppose we can kill userspace and change that behavior only if someone complains. I still think it would be polite to try to dump core, but that could be tricky with the current code structure. I'll try to whip up a patch. Maybe I'll add a debugfs file to trash MXCSR for testing.