Received: by 2002:a89:48b:0:b0:1f5:f2ab:c469 with SMTP id a11csp1299318lqd;
        Thu, 25 Apr 2024 11:06:29 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCWBuw6caqRlj/2ICgDQdumkNge/Skr0QgAHrwTq2nhDbucor7x8hzzKnzkfe9jREagNUNy3RXTrLt7UV9B8dL5s4vBPdMjOw4EyoRNzSA==
X-Google-Smtp-Source: AGHT+IG3nuJx4X+faJ8xw+csuXpJpbR31OmxO7W6g+6LwP+OndKGBPyVZWlkl0NyfUUsR2kfWksr
X-Received: by 2002:a05:6a20:551f:b0:1ac:3d3c:c1e7 with SMTP id ko31-20020a056a20551f00b001ac3d3cc1e7mr4993817pzb.12.1714068388931;
        Thu, 25 Apr 2024 11:06:28 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1714068388; cv=pass;
        d=google.com; s=arc-20160816;
        b=vcENIqzNF9Ex/LZ9qRUu+TQae0NrNukJW6Uh+Q/itIPJduA2o8nDYbzCPYk+b2zL0b
         3OZzqnl5Ul+T3HDF4CVCfk2Yw0wOCIgYQDx+Hphgglxz4D80r8FGuDXwCTuAOZFNKM0T
         iOVS+WotKJ0VmRepKpUTK5tpj4BC090iqpiANIU8ddW7p8XobfZk37NwA3t1GOhQNscO
         SSsnOPkLH3+FICpUJPpJf11ermpZPvftkd7TDTes6Yy4kDzqnswCsmPUsB52anr5Lknm
         vvobjpaoq7v8LxWAuCBObwg3roPXFbBf8c2mR98aC6FKC0U55uPIbKvJBpMkIhiK6URh
         VDWA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:in-reply-to:message-id
         :date:subject:cc:to:from:dkim-signature;
        bh=PpOUtB30mkU/WhCWnJO885CVzo2dXyXZaqQ4tqSiGwI=;
        fh=dYyTpsYHmQ7vAYGZ+0LZf7VVqc0FNLCxJisZgbW6Ak0=;
        b=tkH2M+KLi7ZDV8NdpfS1PzNfTINqYTNBmyFtcNicZRdyvcH4jyNkRKq0rNaDKJJ8Ze
         peeCwmItHYbZFCxmhoI4SxVox1yOC59g/QUedbNKxa84cPqWBiMDWzr4UC4601N4DIh0
         0BO19wDnKPu1T3CswYh2CtekTcWJeHF42O0JqOK+Fx4TIWuY8v9Xsbbl1D/Qh8fSg3X/
         X4uPpkyZPEQMZPdz82NrrMMjle9XGuDmIsGFVs2e7KR42BcB+bfLzQmFx0/dsuKpx0TI
         HJ6vssUnDAqlsK+qnuPQJhgpNFWRkuro/UcWWgIiKgUMV9y+TXKHkvHqkNKvhxamB5sl
         s3ag==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@oracle.com header.s=corp-2023-11-20 header.b=YKDhNvoH;
       arc=pass (i=1 spf=pass spfdomain=oracle.com dkim=pass dkdomain=oracle.com dmarc=pass fromdomain=oracle.com);
       spf=pass (google.com: domain of linux-kernel+bounces-158990-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-158990-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=oracle.com
Return-Path: <linux-kernel+bounces-158990-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99])
        by mx.google.com with ESMTPS id s15-20020a632c0f000000b005fd81051902si9083210pgs.464.2024.04.25.11.06.28
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 25 Apr 2024 11:06:28 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-158990-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@oracle.com header.s=corp-2023-11-20 header.b=YKDhNvoH;
       arc=pass (i=1 spf=pass spfdomain=oracle.com dkim=pass dkdomain=oracle.com dmarc=pass fromdomain=oracle.com);
       spf=pass (google.com: domain of linux-kernel+bounces-158990-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-158990-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=oracle.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sv.mirrors.kernel.org (Postfix) with ESMTPS id 6B423285620
	for <linux.lists.archive@gmail.com>; Thu, 25 Apr 2024 18:06:28 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 9520E1514EE;
	Thu, 25 Apr 2024 18:06:02 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=oracle.com header.i=@oracle.com header.b="YKDhNvoH"
Received: from mx0b-00069f02.pphosted.com (mx0b-00069f02.pphosted.com [205.220.177.32])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 501CF1509A2
	for <linux-kernel@vger.kernel.org>; Thu, 25 Apr 2024 18:06:00 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.177.32
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1714068361; cv=none; b=RbL91BcQCqBfxPaewFrsKrKTFlqOTbZCniXj9Qf1p5QyUwXByy5q9sGFNRmOXXBizhWk0ltsgxeZK1YAtWbOzHdvGprPpovanI007fqpjra+h2c+6NuWoN5WmpTLLpDHNI+waAWH/emQTsvaEXvf9nWgpgdXmZemlF3KuZ9cBxo=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1714068361; c=relaxed/simple;
	bh=cI7gssY7RK5sFBcqYPd69se9pxreozcJ57b2DuII1KI=;
	h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
	 MIME-Version; b=oYAolIKe3PbSfWFwFB/ImdpLa+7GfM6J8+J2Dv8Kt3PhwcCQFTFQ+1wYKDvM+zVqJoAoeBYf0QL9wML/DeQW+/sIg9LAfcZmQ/jgP68yeA0yXhbTR7LxJ7wrazt9fCEXL9V66sjOZ7pMMbhufN8Viq2UZnN2oj0y/BmrxIa977g=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=oracle.com; spf=pass smtp.mailfrom=oracle.com; dkim=pass (2048-bit key) header.d=oracle.com header.i=@oracle.com header.b=YKDhNvoH; arc=none smtp.client-ip=205.220.177.32
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=oracle.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=oracle.com
Received: from pps.filterd (m0333520.ppops.net [127.0.0.1])
	by mx0b-00069f02.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 43PHNxlJ024243;
	Thu, 25 Apr 2024 18:05:50 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc :
 subject : date : message-id : in-reply-to : references : mime-version :
 content-transfer-encoding; s=corp-2023-11-20;
 bh=PpOUtB30mkU/WhCWnJO885CVzo2dXyXZaqQ4tqSiGwI=;
 b=YKDhNvoHpKYAErNlmQk2logYk3ypjlQqNq3+B8s0SA0SHZ/YVKzljLac3pjO4zVFvnmU
 dAT6PAfzsk0vSsE7DFZA7iczqzGPx5DsWRG4PJIMWDuMyfNHDHVYptYC9zF6abvqLoFR
 QB3S4Wy8RGDUJB985WjpyzDYS+2bMBsxchGwS2DrBuLP+hseSWrgooYzlStXRZnnab4F
 wOsPfETdnA8wRaa11Dg8LoKp/NdKu2tazzaLt5+EWyPdLHdEbVnZy919k7Rxbh/7aL8C
 17hVyxfT8CnVCbJ9ZeWB+Yf9/Sl4KA/YlQ87pCh3taiTx4cwbP/G04+bfmeViVHyVDup 6Q== 
Received: from phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta03.appoci.oracle.com [138.1.37.129])
	by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 3xm5re44gu-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Thu, 25 Apr 2024 18:05:50 +0000
Received: from pps.filterd (phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1])
	by phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com (8.17.1.19/8.17.1.19) with ESMTP id 43PGTbR6001812;
	Thu, 25 Apr 2024 18:05:49 GMT
Received: from pps.reinject (localhost [127.0.0.1])
	by phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTPS id 3xm45be425-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Thu, 25 Apr 2024 18:05:49 +0000
Received: from phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1])
	by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 43PI20Kj032785;
	Thu, 25 Apr 2024 18:05:48 GMT
Received: from aruramak-dev.osdevelopmeniad.oraclevcn.com (aruramak-dev.allregionaliads.osdevelopmeniad.oraclevcn.com [100.100.253.155])
	by phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTP id 3xm45be3wd-4;
	Thu, 25 Apr 2024 18:05:48 +0000
From: Aruna Ramakrishna <aruna.ramakrishna@oracle.com>
To: linux-kernel@vger.kernel.org
Cc: x86@kernel.org, dave.hansen@linux.intel.com, tglx@linutronix.de,
        mingo@kernel.org, keith.lucas@oracle.com, aruna.ramakrishna@oracle.com
Subject: [PATCH v3 3/4] x86/pkeys: Update PKRU to enable all pkeys before XSAVE
Date: Thu, 25 Apr 2024 18:05:41 +0000
Message-Id: <20240425180542.1042933-4-aruna.ramakrishna@oracle.com>
X-Mailer: git-send-email 2.39.3
In-Reply-To: <20240425180542.1042933-1-aruna.ramakrishna@oracle.com>
References: <20240425180542.1042933-1-aruna.ramakrishna@oracle.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.293,Aquarius:18.0.1011,Hydra:6.0.650,FMLib:17.11.176.26
 definitions=2024-04-25_17,2024-04-25_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 phishscore=0 suspectscore=0 bulkscore=0
 mlxlogscore=999 spamscore=0 malwarescore=0 mlxscore=0 adultscore=0
 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2404010000
 definitions=main-2404250131
X-Proofpoint-ORIG-GUID: E0CnQJjba1e4Np_Llegy2PTRtSuUzgLD
X-Proofpoint-GUID: E0CnQJjba1e4Np_Llegy2PTRtSuUzgLD

If the alternate signal stack is protected by a different pkey than the
current execution stack, copying xsave data to the altsigstack will fail
if its pkey is not enabled. This commit enables all pkeys before xsave,
so that the signal handler accessibility is not dictated by the PKRU
value that the thread sets up. It then writes the original PKRU value
onto the sigframe so that it's restored correctly from sigcontext.

Signed-off-by: Aruna Ramakrishna <aruna.ramakrishna@oracle.com>
---
 arch/x86/kernel/fpu/signal.c | 11 +++++++++--
 arch/x86/kernel/signal.c     |  3 +++
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kernel/fpu/signal.c b/arch/x86/kernel/fpu/signal.c
index dce84cce7cf8..5d52c7fde43b 100644
--- a/arch/x86/kernel/fpu/signal.c
+++ b/arch/x86/kernel/fpu/signal.c
@@ -185,8 +185,15 @@ static inline bool save_xstate_epilog(void __user *buf, int ia32_frame,
 static inline int copy_fpregs_to_sigframe(struct xregs_state __user *buf,
 					  u32 pkru)
 {
-	if (use_xsave())
-		return xsave_to_user_sigframe(buf);
+	int err = 0;
+
+	if (use_xsave()) {
+		err = xsave_to_user_sigframe(buf);
+		if (!err && cpu_feature_enabled(X86_FEATURE_OSPKE))
+			err = __update_pkru_in_sigframe(buf, pkru);
+		return err;
+	}
+
 	if (use_fxsr())
 		return fxsave_to_user_sigframe((struct fxregs_state __user *) buf);
 	else
diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c
index 75dfd05c59aa..c985bdfd855a 100644
--- a/arch/x86/kernel/signal.c
+++ b/arch/x86/kernel/signal.c
@@ -278,6 +278,7 @@ handle_signal(struct ksignal *ksig, struct pt_regs *regs)
 	if (stepping)
 		user_disable_single_step(current);
 
+	pkru = sig_prepare_pkru();
 	failed = (setup_rt_frame(ksig, regs, pkru) < 0);
 	if (!failed) {
 		/*
@@ -295,6 +296,8 @@ handle_signal(struct ksignal *ksig, struct pt_regs *regs)
 		 * Ensure the signal handler starts with the new fpu state.
 		 */
 		fpu__clear_user_states(fpu);
+	} else {
+		write_pkru(pkru);
 	}
 	signal_setup_done(failed, ksig, stepping);
 }
-- 
2.39.3