Received: by 2002:a05:7412:f589:b0:e2:908c:2ebd with SMTP id eh9csp411897rdb; Tue, 31 Oct 2023 10:44:37 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEH8Sy1W5LoO7wKAkYOEi37YSK02jYQ2tV3FHGWQGxfr2+2WMvWLyKQjw9iquZfRf00Qq9w X-Received: by 2002:a17:90a:130f:b0:280:5e8:58b1 with SMTP id h15-20020a17090a130f00b0028005e858b1mr9822235pja.33.1698774276793; Tue, 31 Oct 2023 10:44:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1698774276; cv=none; d=google.com; s=arc-20160816; b=tMGn1Ac+O55YeMZ8PLLg9EiBB3py3jxl8aj2vszToGHZloMconxW7s8U0kbNmr0Eh/ cEyz/+G/L9exeV19raLJe2vqKwbJsMnJP1h8mdc5nLBpDOo6kAI/dvBqxp+kbiepswGq lZcZniJItVxGTl72mJANFWj8orI4KRBSFrRio3PlgVA71DmCBmdSthnoqd8z/SX4HJ0u x6met3YPeDTL5XJVoFtojyJmLu2PO0yEFe67Kq/NMlel/OMPcmy5OMsJM0qLz70DabMz XoQ0lYnWo0QIQWia/9JiP7AlZvee03rnk/o7wsFRsE7LejUCQKqvDPx8i2d4dZdMaspe tVDw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:date:cc:to:from:subject :message-id:dkim-signature; bh=iUnO9/SZ6ap+H+Ma/kTTfFeGQM3g1ED274282AbLD1g=; fh=+Fohcjfhju91Ks65dYUxnAk8Iqhjo5nHmNS78Sf+bHk=; b=0dQ73a0q0flLvONj9RsDMwbFsODiCJHwcQ4ioNlY/FLs0QgCPcWmJ03UbA9nWMivMV zdwrSvbI/yKD0UK7J3/z/rWJVcY6rA0yTogSQOnJY/5rgpHdO7Y8Uv2N2Lufp3bbjcL9 Vclpef4a4nzmILRP+l3TjgZrsJJ8icquKzm+FbHvAEAzG+i1H28c37sbmENr6+Hh8V5a rg6yzLT6Od74O3AhuWEJ4Edj1WIEhLs0+IChlVUSs55G8c2Ou3iZM1u+L3hr+wI6Cl2r ItjoYx+/MM8PN0GI2CjOyQUi1R4c1QSN/frk+76P69JpnuzaAv1fC5d5bGu9s/LzRpSC /Uvg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=Qc3Pg1xA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from lipwig.vger.email (lipwig.vger.email. [23.128.96.33]) by mx.google.com with ESMTPS id ot8-20020a17090b3b4800b0027b0acd55d2si1228688pjb.101.2023.10.31.10.44.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 31 Oct 2023 10:44:36 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) client-ip=23.128.96.33; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=Qc3Pg1xA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id 4481A802985C; Tue, 31 Oct 2023 10:44:34 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1346927AbjJaRo0 (ORCPT + 99 others); Tue, 31 Oct 2023 13:44:26 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39238 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1346874AbjJaRoY (ORCPT ); Tue, 31 Oct 2023 13:44:24 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CBA15A6 for ; Tue, 31 Oct 2023 10:43:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1698774215; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=iUnO9/SZ6ap+H+Ma/kTTfFeGQM3g1ED274282AbLD1g=; b=Qc3Pg1xAX+plpNRddba7k95W9EXWGpSzWIm0/L+q57LN9K0/DPAaLtI/KwXrckavIew+t3 kUGDvtjvZa0vuUArcHOEB91hQ3AiSn2Z2ZTqvrJKx+0dg05BlWvL8QDYN/6QB41C+UXo3i hGgriSio5d7LSRxCMemk/9XZe9V9HgQ= Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com [209.85.128.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-371-qbuVQUDAMiGIyypwlsmJZw-1; Tue, 31 Oct 2023 13:43:24 -0400 X-MC-Unique: qbuVQUDAMiGIyypwlsmJZw-1 Received: by mail-wm1-f70.google.com with SMTP id 5b1f17b1804b1-4083c9b426fso40465875e9.2 for ; Tue, 31 Oct 2023 10:43:24 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698774203; x=1699379003; h=content-transfer-encoding:mime-version:user-agent:references :in-reply-to:date:cc:to:from:subject:message-id:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=iUnO9/SZ6ap+H+Ma/kTTfFeGQM3g1ED274282AbLD1g=; b=vD/hOhr6cwLzDtS4EXctsqvDeYjS3w4D3i18+5wdnLnyAQfnO3auehuktGedQeFqCy ASZjir4xGH0BncsrofyXKOuTAZuwbSMMY6btnxsgDIY3Y8mr9/qPhl6cVKoBuzLkkIzN XH6OUvGahHQogvjngex42Mgk7lJ60opNcp5/IuC5x7iBnKtGBx1Mf3mokKIe5FacqbdG Tmd1E6UXEhjBfo5QbvGWIAVrgeeRdSvXS/jAs1FRypQQzofFEiOtcne/fez6SRN2k9Yb d7l5NdlNGdjduTd253aMJkv7nctXYDztl3daUHdYjtZOJycyfa0JyBv9K5iTAYaFlLCi 3oNw== X-Gm-Message-State: AOJu0YygGWS/tDBWR7R7dX+UyphShjXhw800JmC8rsSimd/nmNUtH1Lj 7hzbrWNkC/qL91enQAHq5nYfDMZtVzhAZmQQ+1cU4wMGO52SJ+SaYwJDeROJGXnM18ULdax9ckG Kf5B7pN8LknjyeUNMkKRgFylv X-Received: by 2002:a05:6000:1566:b0:32f:92f3:dbbb with SMTP id 6-20020a056000156600b0032f92f3dbbbmr2910202wrz.70.1698774203074; Tue, 31 Oct 2023 10:43:23 -0700 (PDT) X-Received: by 2002:a05:6000:1566:b0:32f:92f3:dbbb with SMTP id 6-20020a056000156600b0032f92f3dbbbmr2910191wrz.70.1698774202709; Tue, 31 Oct 2023 10:43:22 -0700 (PDT) Received: from starship ([89.237.100.246]) by smtp.gmail.com with ESMTPSA id t1-20020a05600001c100b0032415213a6fsm1984587wrx.87.2023.10.31.10.43.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 31 Oct 2023 10:43:22 -0700 (PDT) Message-ID: <0ad2b2b4d394ca4c8b805535444f97db4e9cc690.camel@redhat.com> Subject: Re: [PATCH v6 01/25] x86/fpu/xstate: Manually check and add XFEATURE_CET_USER xstate bit From: Maxim Levitsky To: Yang Weijiang , seanjc@google.com, pbonzini@redhat.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: dave.hansen@intel.com, peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, john.allen@amd.com Date: Tue, 31 Oct 2023 19:43:20 +0200 In-Reply-To: <20230914063325.85503-2-weijiang.yang@intel.com> References: <20230914063325.85503-1-weijiang.yang@intel.com> <20230914063325.85503-2-weijiang.yang@intel.com> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.36.5 (3.36.5-2.fc32) MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Tue, 31 Oct 2023 10:44:34 -0700 (PDT) On Thu, 2023-09-14 at 02:33 -0400, Yang Weijiang wrote: > Remove XFEATURE_CET_USER entry from dependency array as the entry doesn't > reflect true dependency between CET features and the xstate bit, instead > manually check and add the bit back if either SHSTK or IBT is supported. > > Both user mode shadow stack and indirect branch tracking features depend > on XFEATURE_CET_USER bit in XSS to automatically save/restore user mode > xstate registers, i.e., IA32_U_CET and IA32_PL3_SSP whenever necessary. > > Although in real world a platform with IBT but no SHSTK is rare, but in > virtualization world it's common, guest SHSTK and IBT can be controlled > independently via userspace app. > > Signed-off-by: Yang Weijiang > --- > arch/x86/kernel/fpu/xstate.c | 9 ++++++++- > 1 file changed, 8 insertions(+), 1 deletion(-) > > diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c > index cadf68737e6b..12c8cb278346 100644 > --- a/arch/x86/kernel/fpu/xstate.c > +++ b/arch/x86/kernel/fpu/xstate.c > @@ -73,7 +73,6 @@ static unsigned short xsave_cpuid_features[] __initdata = { > [XFEATURE_PT_UNIMPLEMENTED_SO_FAR] = X86_FEATURE_INTEL_PT, > [XFEATURE_PKRU] = X86_FEATURE_OSPKE, > [XFEATURE_PASID] = X86_FEATURE_ENQCMD, > - [XFEATURE_CET_USER] = X86_FEATURE_SHSTK, > [XFEATURE_XTILE_CFG] = X86_FEATURE_AMX_TILE, > [XFEATURE_XTILE_DATA] = X86_FEATURE_AMX_TILE, > }; > @@ -798,6 +797,14 @@ void __init fpu__init_system_xstate(unsigned int legacy_size) > fpu_kernel_cfg.max_features &= ~BIT_ULL(i); > } > > + /* > + * Manually add CET user mode xstate bit if either SHSTK or IBT is > + * available. Both features depend on the xstate bit to save/restore > + * CET user mode state. > + */ > + if (boot_cpu_has(X86_FEATURE_SHSTK) || boot_cpu_has(X86_FEATURE_IBT)) > + fpu_kernel_cfg.max_features |= BIT_ULL(XFEATURE_CET_USER); > + > if (!cpu_feature_enabled(X86_FEATURE_XFD)) > fpu_kernel_cfg.max_features &= ~XFEATURE_MASK_USER_DYNAMIC; > The goal of the xsave_cpuid_features is to disable xfeature state bits which are enabled in CPUID, but their parent feature bit (e.g X86_FEATURE_AVX512) is disabled in CPUID, something that should not happen on real CPU, but can happen if the user explicitly disables the feature on the kernel command line and/or due to virtualization. However the above code does the opposite, it will enable XFEATURE_CET_USER xsaves component, when in fact, it might be disabled in the CPUID (and one can say that in theory such configuration is even useful, since the kernel can still context switch CET msrs manually). So I think that the code should do this instead: if (!boot_cpu_has(X86_FEATURE_SHSTK) && !boot_cpu_has(X86_FEATURE_IBT)) fpu_kernel_cfg.max_features &= ~BIT_ULL(XFEATURE_CET_USER); Best regards, Maxim Levitsky