Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp2954536rwb; Fri, 2 Dec 2022 18:40:22 -0800 (PST) X-Google-Smtp-Source: AA0mqf5b2VeavKMXsviokpi2+NlWc63vNmI8bAWFC7AGLfSrHUJIzHgQtDLe5jlyxpplqpuMLj4q X-Received: by 2002:a17:906:8616:b0:7ac:db70:3ab5 with SMTP id o22-20020a170906861600b007acdb703ab5mr62194602ejx.160.1670035222462; Fri, 02 Dec 2022 18:40:22 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1670035222; cv=none; d=google.com; s=arc-20160816; b=kr6kbZKsF02MyEoWTMokrgLFoNoX1WTCxvIF1yOXrwiTWu6IGwalNwhaN0EaIK0A7S rf0bNF1Pr/c0WqtMPBCeHYAXzt51f6vvM8/cz2KO8ruGNqpAep8xTOD+9pKgXPyGzvDH 3Ih78rb//JGRSxkRHm7wzwRh05wCHmUNOEUJcMnkmflIrz+Hke82Stvt+iYHhnOhEWR/ EIqpaZQSvZIdcpvhROFmuW+H4RDnxRv82mBxnnYkhOy05mJKvH55FOZ3CJg0buBupXCy lUBu9Z4kJGfvGDPWjTs1pzks2/EsufDs9ROqjAo1B5Smy0BCHs28joic9tZX/CsAWEYU Ca5A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=Qe3Kot75P0ehlOAWJ+W2KaYDqgt2hyWIV3bO0GRxNwM=; b=c4Gto4F+tpwtmoXWTlSI3y5T6fl2a9OsToEn6LemjqEEH5vZtQN5D6T+rYp8IPfD2j EPtJwC4IZQ8t9ZE5JxcPy0HFvgpQk/6hykCciiMtshJCLVSm2EhBLRe/lunXXX+sYiKQ 3OcVAIcx1ppovKqrAgB880wmPlstpiQlyRKsSfd3ueLPKkbAfAR6VP6YFk0tAfeyO0in xD95hfZgYZGH1j2aHWsJOX4VxwMgjTftj0FlAo8L68CtClm2BBN7y3BkiXmUozq4VlxT 4mE/TfbOESsXzXxs1SIVcI8KlOFt6CDsoKVh7/5kGAppRE+fsJWZGoZBdDyLvDX7XqfT fP1A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=QWQVuu2s; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id cw5-20020a170906478500b007adbc807ca8si9001905ejc.137.2022.12.02.18.40.03; Fri, 02 Dec 2022 18:40:22 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=QWQVuu2s; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235125AbiLCCZ3 (ORCPT + 82 others); Fri, 2 Dec 2022 21:25:29 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41010 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234892AbiLCCZ1 (ORCPT ); Fri, 2 Dec 2022 21:25:27 -0500 Received: from mail-pg1-x52d.google.com (mail-pg1-x52d.google.com [IPv6:2607:f8b0:4864:20::52d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BF6EEBDCE2 for ; Fri, 2 Dec 2022 18:25:26 -0800 (PST) Received: by mail-pg1-x52d.google.com with SMTP id q1so5807814pgl.11 for ; Fri, 02 Dec 2022 18:25:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=Qe3Kot75P0ehlOAWJ+W2KaYDqgt2hyWIV3bO0GRxNwM=; b=QWQVuu2sfyBztLQQwqQPFN02JvATwjtE5qID6YEDN+72UodsQlyHEPyGRaWgZFRTTR uRnWK+9DpdqcQ25oen3icozFeCSxWxy6xZiD+z7PSYoGKo04INcqhg2+kviq+7In2pJR YEAqcsASnvC7DF9yDgA3BOfeKmOiA1tv+CaRs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=Qe3Kot75P0ehlOAWJ+W2KaYDqgt2hyWIV3bO0GRxNwM=; b=aJ23nkKhgV7OhDkNsiWy4C8IqXa4ByZUq2wDcPlRhVw/cFu/CTm2WCjEHdsa+v1qpe 8ocxNzX6o2aB/ipY30yZtDP/34a8c/JKY8VACDQf6/ynluAQjd5mivPlNwiQcBr1YqO8 vQkWaZmrTpExvf1Rc0Z0X6sQo5aw4Jle4RIiqD3mqjV8JLJd2Rps4HwpgzbpE0MBCovB avX1g24LAp5MIzBZGoOn9mF1AqtAQ92nBM6joddTgXghq0Co3pSJxsBQmaFSjiR/8aW5 BE8OV09vyLUf5wapqDCP8vW+S4IGN2ajyKF2/lEMWNBp8pbhMQ8btLoVKvEatiDCRuC5 VKKQ== X-Gm-Message-State: ANoB5pmsMMabw4GLAkQDc2svvN5S7WhRLcNM6U5jSdhnt77K+3vq5B8x 43P6ixiCxDbc4oyhU3TWxrFcPA== X-Received: by 2002:a63:d946:0:b0:477:af25:38c8 with SMTP id e6-20020a63d946000000b00477af2538c8mr45480936pgj.392.1670034326231; Fri, 02 Dec 2022 18:25:26 -0800 (PST) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id 127-20020a620485000000b00576670cc16dsm1843999pfe.197.2022.12.02.18.25.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 02 Dec 2022 18:25:25 -0800 (PST) Date: Fri, 2 Dec 2022 18:25:25 -0800 From: Kees Cook To: Rick Edgecombe Cc: x86@kernel.org, "H . Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Borislav Petkov , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H . J . Lu" , Jann Horn , Jonathan Corbet , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , Weijiang Yang , "Kirill A . Shutemov" , John Allen , kcc@google.com, eranian@google.com, rppt@kernel.org, jamorris@linux.microsoft.com, dethoma@microsoft.com, akpm@linux-foundation.org, Andrew.Cooper3@citrix.com, christina.schimpe@intel.com Subject: Re: [PATCH v4 06/39] x86/fpu: Add helper for modifying xstate Message-ID: <202212021825.4A1B632FD@keescook> References: <20221203003606.6838-1-rick.p.edgecombe@intel.com> <20221203003606.6838-7-rick.p.edgecombe@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20221203003606.6838-7-rick.p.edgecombe@intel.com> X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Dec 02, 2022 at 04:35:33PM -0800, Rick Edgecombe wrote: > Just like user xfeatures, supervisor xfeatures can be active in the > registers or present in the task FPU buffer. If the registers are > active, the registers can be modified directly. If the registers are > not active, the modification must be performed on the task FPU buffer. > > When the state is not active, the kernel could perform modifications > directly to the buffer. But in order for it to do that, it needs > to know where in the buffer the specific state it wants to modify is > located. Doing this is not robust against optimizations that compact > the FPU buffer, as each access would require computing where in the > buffer it is. > > The easiest way to modify supervisor xfeature data is to force restore > the registers and write directly to the MSRs. Often times this is just fine > anyway as the registers need to be restored before returning to userspace. > Do this for now, leaving buffer writing optimizations for the future. > > Add a new function fpregs_lock_and_load() that can simultaneously call > fpregs_lock() and do this restore. Also perform some extra sanity > checks in this function since this will be used in non-fpu focused code. > > Tested-by: Pengfei Xu > Tested-by: John Allen > Suggested-by: Thomas Gleixner > Signed-off-by: Rick Edgecombe Reviewed-by: Kees Cook -- Kees Cook