Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
From:   "Bae, Chang Seok" <chang.seok.bae@intel.com>
To:     "Hansen, Dave" <dave.hansen@intel.com>
CC:     "Lutomirski, Andy" <luto@kernel.org>, Borislav Petkov <bp@suse.de>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@kernel.org>, "X86 ML" <x86@kernel.org>,
        "Brown, Len" <len.brown@intel.com>,
        "Liu, Jing2" <jing2.liu@intel.com>,
        "Shankar, Ravi V" <ravi.v.shankar@intel.com>,
        LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v5 14/28] x86/fpu/xstate: Prevent unauthorised use of
 dynamic user state
Thread-Topic: [PATCH v5 14/28] x86/fpu/xstate: Prevent unauthorised use of
 dynamic user state
Thread-Index: AQHXUAs71FpA6GLTCUWvxGMv7m3G8KsW+QQAgAAdOYCAAAnJgIAAA/+AgBRYTYCAAAMZAIAAC5mA
Date:   Tue, 29 Jun 2021 18:35:39 +0000
Message-ID: <406DB587-F598-484F-A128-990E2DB6EC78@intel.com>
References: <20210523193259.26200-1-chang.seok.bae@intel.com>
 <20210523193259.26200-15-chang.seok.bae@intel.com>
 <af093744-6f68-ff51-f40b-4db234b363d8@intel.com>
 <872cb0a2-3659-2e6c-52a8-33f1a2f0a2cd@kernel.org>
 <36D0486A-D955-4C32-941A-A2A4985A450C@intel.com>
 <48e86785-838d-f5d4-c93c-3232b8ffd915@intel.com>
 <3AB6DECB-2A53-4EC2-84A6-0CACE44CFC1C@intel.com>
 <6754330a-bbbb-aa29-7800-f2d16216ad8c@intel.com>
In-Reply-To: <6754330a-bbbb-aa29-7800-f2d16216ad8c@intel.com>
Accept-Language: en-US
Content-Language: en-US
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?jjmDLlQ4cNnqdiDyxZXAmtBjzm90mhQ/oHuPu/NPyVU2Z9t842Nlri+pUG3d?=
 =?us-ascii?Q?vaNtkkm42GLgHF2J090HZsohUyI16WCY4IYimXhiLqoonbbPvKR4dKyWJHCr?=
 =?us-ascii?Q?Srog2tGWYSn3t+YWZp9UXD7od1rtXsuIlQNYHl3p0GgUIAOd5+WUMrL5Wnr8?=
 =?us-ascii?Q?HC76Bj7Tkzodd8P446nvoynAqUXWhoRDmRu9P6/DagrlXX+yQuCrJSLB7wVn?=
 =?us-ascii?Q?QGV3FNJoxLwv0J/RRLwVtrbeN1NevZgLRT+pbO6XCtitO/Egwy/KHl3o8pKL?=
 =?us-ascii?Q?YPjsqkj3kn7vjqsrw/W1Xq8L7hIA7oCKEoUC2Z8SZlIAbcTVhx8cSeigaYdC?=
 =?us-ascii?Q?2DKYyqzq1/Uk9YvIRofl+6Nmd2ssupCv4uz3N8xv0znswZNZU77AyJ6gTYqj?=
 =?us-ascii?Q?n7abkwbj0jI28f9q0Bqty9YSUKY4EhD3WOU4Mv+2ZVhnjoXcm69bMfpzvcAu?=
 =?us-ascii?Q?9KPPXMnonnhQcnksicmDoyCTb/XvsKaPn+L9MIUKWO3ZKYhoR96IJXUqSrt+?=
 =?us-ascii?Q?b05gXg/wgFtUXxp3Ip54O6kK1GcRQWrRDiPj875oKAO7qt6oCM4v+uDcXn3L?=
 =?us-ascii?Q?sTH9fMVtHLjbLgdI0d6qZ2LsJozFEgzleWAoB5qNsIH4BKclLMX2JEdXzoFf?=
 =?us-ascii?Q?17JxDCTZo60XuXc2yXjSLJ03gyjMe51D2XO75ujeK19J2HQl07AZ6pcj7uNf?=
 =?us-ascii?Q?h54/qMd2rRFQFsqjbJrm6ieZwmyEDXcAVVPODYg7UTHAwupr9/HynfddgHqQ?=
 =?us-ascii?Q?U5veEKv/VmNaMs7HAB1R4Y1m7IHgowFwEWgm1KkDj3QGU6d2TreEEmRbQUue?=
 =?us-ascii?Q?4arOb+cP80B+Ws2370fei8o+oPyTUTSlfPPd2IOQNta7N+erW65UAzhU+Io0?=
 =?us-ascii?Q?1EzWwBNuD2fjPw6BVMXWdHlPEcocMVoPVDqZnmXBi/1Eli5CEwwxTbaBcuWo?=
 =?us-ascii?Q?TkEZvBxccYmVnRLcm/GThMRb7Ua4any2ea1jhTfQ2XO0ZCZhjI210xPk7dNJ?=
 =?us-ascii?Q?Oa13T/3Mtif8laAScGg3YHdrEQqH4h448JGOQ2xLrjxgbLxoaMubphyyeg/0?=
 =?us-ascii?Q?7APVK+n0PNH2mUanjjHssSaUtnMCyHq0A7wWT3R8N0t2w2mZfc1dr5ClHpt0?=
 =?us-ascii?Q?1GTM3HiRU4cCVtqvh7Hvdjzm7N5xRSR14HXOcZtv3JVEX/ftA91a01qMtSEW?=
 =?us-ascii?Q?kLhCjCisVNWdtKhpjfx+ONPm0l8GK3ITHVpmiMwGc2+ufaUpRV05VGDeuEJg?=
 =?us-ascii?Q?N407Tq7hSJeiWa7x2KJgpVppcng1A1wZuc5ZnQxIc8JhXqD/m2WNktxhgQuU?=
 =?us-ascii?Q?PVp5vjzUsUCb1d7EK2qTcqt/Qh9+EH8rq8NusaPEGCSuDQ=3D=3D?=
Content-Type: text/plain; charset="us-ascii"
Content-ID: <98A0762BC3502F448A88F31A28348D4D@namprd11.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB4855.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: dc55efa7-5f4e-4059-aa99-08d93b2cb1ba
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Jun 2021 18:35:39.5120
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 9Y5wwEvuahbK8JWg+NAGem22FlfrTqAvAsmxteBoXKZdOou+EoGaML9cSXjHuFSQPqLvURkHTD7c8+DpR57PRRcrYCUEBApb/258GDvhfSk=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB5126
X-OriginatorOrg: intel.com
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Jun 29, 2021, at 10:54, Hansen, Dave <dave.hansen@intel.com> wrote:
> How about we pay this 26-cycle cost, but only when XFD is in use?  We
> could either look at the shadowed value of the XFD MSR, or flip a global
> variable the first time XFD gets used.

How about something like this:

diff --git a/arch/x86/kernel/fpu/core.c b/arch/x86/kernel/fpu/core.c
index 777cccab0b47..9752ebe6be79 100644
--- a/arch/x86/kernel/fpu/core.c
+++ b/arch/x86/kernel/fpu/core.c
@@ -99,6 +99,23 @@ EXPORT_SYMBOL(irq_fpu_usable);
void save_fpregs_to_fpstate(struct fpu *fpu)
{
        if (likely(use_xsave())) {
+               /*
+                * MSR IA32_XFD write follows after this XSAVE(S). So if a
+                * state component is in use, XFD should not be armed for
+                * current. But, for potential changes in the future,
+                * cross-check XINUSE and XFD values. If a XINUSE state
+                * is XFD-armed, the following XSAVE(S) does not save the
+                * state.
+                *
+                * Reference the shadow XFD value instead of reading the
+                * MSR.
+                */
+               if (xfd_capable() && boot_cpu_has(X86_FEATURE_XGETBV1)) {
+                       u64 current_xfd =3D (fpu->state_mask & xfd_capable(=
)) ^ xfd_capable();
+
+                       WARN_ON_FPU(xgetbv(1) & current_xfd);
+               }
+
                os_xsave(&fpu->state->xsave, fpu->state_mask);

Thanks,
Chang=