From patchwork Tue Jun 13 00:10:51 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Rick Edgecombe X-Patchwork-Id: 13277740 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3774DC88CB5 for ; Tue, 13 Jun 2023 00:13:09 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 780EE8E001A; Mon, 12 Jun 2023 20:12:33 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 6E1A48E000B; Mon, 12 Jun 2023 20:12:33 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 4C0038E001A; Mon, 12 Jun 2023 20:12:33 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 325488E000B for ; Mon, 12 Jun 2023 20:12:33 -0400 (EDT) Received: from smtpin15.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 0FA53A0354 for ; Tue, 13 Jun 2023 00:12:33 +0000 (UTC) X-FDA: 80895798186.15.18A1E73 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by imf01.hostedemail.com (Postfix) with ESMTP id B0AAA40008 for ; Tue, 13 Jun 2023 00:12:30 +0000 (UTC) Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=ka2BS7hH; dmarc=pass (policy=none) header.from=intel.com; spf=pass (imf01.hostedemail.com: domain of rick.p.edgecombe@intel.com designates 134.134.136.65 as permitted sender) smtp.mailfrom=rick.p.edgecombe@intel.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1686615151; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=F2RW2ABIPgY9zcBNGEtdjwLLlBLz/ha0Ddgc0k6oYH0=; b=hB2eOfxmujkS4Sm6k5McbNwwyzW7/NhQtVhse69fM9BR+tn6TWHoyEPAFDSKXHl+sPNGjY 4pjqdwZwNYYQJb8I/de4j3XChMPKBQ7folg7wPdu9Dt14nnFg3n0o6u6JgbnmqZPhlJ5e5 OgS2oFIMCFAwjnCBhFjEndWkO+HGknA= ARC-Authentication-Results: i=1; imf01.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=ka2BS7hH; dmarc=pass (policy=none) header.from=intel.com; spf=pass (imf01.hostedemail.com: domain of rick.p.edgecombe@intel.com designates 134.134.136.65 as permitted sender) smtp.mailfrom=rick.p.edgecombe@intel.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1686615151; a=rsa-sha256; cv=none; b=pjs45xS4jhkqSFRTS/1O1H13PPOC6KdsG8Dppf25VF08HMqGB5uBmGkJ9+uQM/3sJK7Bvr v2LOV9joAkhTbTzOEaRAXnNHREaJ5pNK0qWCRIBOogmO/uas2/Daokndui0vBDaK8SBzv/ 8WjNLeXfaRTatvZfi1dYmuUWuODy5x8= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1686615151; x=1718151151; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=L2W4szzCW+qvvywxGcp6uHsWCFDTi4NqV9MxxSUxhGY=; b=ka2BS7hH5uQADWxEIOsIAyOLnrMWWFLwaWUm0789R+Lh5K+3+rPu55wj mVpZ/t7QJnfY8B7qMjG8szhDJ7JSvBbQ1Sp0d9jAC1q8TQ14M94P6TvBW bMtGTR/A1e8AkEAcS9+cFtI9Rqm2C6LL7PPIajYVuLfXO3VNBvm0PUTQM ky7Mtik0mo2Tbox018/i1lCh2mhNqGL2t33ah8lsNMS+y0qTx7c/lqH4E qHaY4SZpNp/6QWVbPo81JJ0A/vHAydafU5dd+jmspTUKck83aYGwvC3L6 9HA6DbUhwbxHBcJ3CBZ43W+kGzyqB6QXztEC9cZx5R5TcuWlpnaI9l0xu Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10739"; a="361557254" X-IronPort-AV: E=Sophos;i="6.00,238,1681196400"; d="scan'208";a="361557254" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Jun 2023 17:12:29 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10739"; a="835671072" X-IronPort-AV: E=Sophos;i="6.00,238,1681196400"; d="scan'208";a="835671072" Received: from almeisch-mobl1.amr.corp.intel.com (HELO rpedgeco-desk4.amr.corp.intel.com) ([10.209.42.242]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Jun 2023 17:12:28 -0700 From: Rick Edgecombe To: x86@kernel.org, "H . Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Borislav Petkov , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H . J . Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , Weijiang Yang , "Kirill A . Shutemov" , John Allen , kcc@google.com, eranian@google.com, rppt@kernel.org, jamorris@linux.microsoft.com, dethoma@microsoft.com, akpm@linux-foundation.org, Andrew.Cooper3@citrix.com, christina.schimpe@intel.com, david@redhat.com, debug@rivosinc.com, szabolcs.nagy@arm.com, torvalds@linux-foundation.org, broonie@kernel.org Cc: rick.p.edgecombe@intel.com, Pengfei Xu Subject: [PATCH v9 25/42] x86/fpu: Add helper for modifying xstate Date: Mon, 12 Jun 2023 17:10:51 -0700 Message-Id: <20230613001108.3040476-26-rick.p.edgecombe@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230613001108.3040476-1-rick.p.edgecombe@intel.com> References: <20230613001108.3040476-1-rick.p.edgecombe@intel.com> MIME-Version: 1.0 X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: B0AAA40008 X-Stat-Signature: boccz1r6a3x4wsjk71ezkrcpj67rnt8u X-Rspam-User: X-HE-Tag: 1686615150-453401 X-HE-Meta: U2FsdGVkX19JURuWLvIztohI9tY1RDu8pKVqCb7po2k/m6HmLOTtqI4VI6K+c1LEQM7TTIe4dW2K7W7dr9wjkDS0eb4sUDgj7w+0gPJ8t051iCpvTQfm20iVLOsfqyMsaOdubdwTdlfadeOQ++yaas0MaxBWChqlC0UytTY5S2xUa0bLLr2RXyaOdumw9s5jaBKLwWxExWXQNwU4/Vzt/G14TPlWjX+84A/u+MXM/BM1ggd2M8lHhOQGloWmZJKuUO3IZKZBOW2axQZ9485ZxZj2CluOoHAWKG7rhi8Vi0whuU9+p+L6QTwdiN0ZNdOgSRa+mEnumpiIsGxwaAzZwyrnRlOk8foRPP0xc4Cb6XbiQzK+oQL9FEl38LXtBPIpkGmUYx+ahWyUulgmkeznossMEpS/2R+w+THR6aEziH6qov8q+IKKe6ihTyA7DqBthbfkj8rURAseCtC0fYN0+g2OeWKTaHZ/wQc40RLNLCzmDfEuHrynWBryVFbbzhZiKHOGYAyiys6C63k2sznCm2qMmtFGWHKt9a3xMIYoDNNWALK3Fa0yvQTxTa4aB7iYVpMjZc9KouUOXxJpFp15sTNyIfjT/NP493ogHYlXP8bzJPAKIrEyxkA2OyqZjVAdxrYKDKwZ525pLBZttJZ/9j7ueNNlxSGHLTXtaF1rwPUukaRjEwNCUAAxt+SjPhvQEYEDpRSi6uO/Il6QZR0t8/omYoYkycaZRZBwjFPEEqnHXiSAaHwpVC+0+jD/HsAEarvip8Y5MlZJn9DuGwT3lTylyVJJZyWhvipuiIVfoBg/FC6fl8rp4bdQXaAu9bG/WTtkJ2aKHeIwwHaUOg+m62WPiT0mVX9LeYa+X+Nt1JJcrQxgNDk8V0D6p/jQjD3YQRuheWepWxbe1YpwB4k1DMXQ3jWlXANcPSdDe1LV7U2kkIkHrU0108h8vXEm9XAi35mNc7xk05H5qnbVcCv 7mBFyWr2 iWg26H50deXe5XnVNbbSF2QnBVunEf/n7yobmDJTbxJ5j5v+Q/9PAhDJxxo/Xc/TJfl4xa5kXuhcI0AqFjnkH4LL7sH3OhSg/nljjI1JTFrBtA/3kuoY0kh+hDsm5bVWzopN5KGAlmsjkbNHczednx2CO5IUXi8LrSnBJcy3B6mQQVM5rg9IR6QLPXc7I5bOxRsgx0z0Ki11y5WeFFYH9MHc2DxMVLhFEVCkvAfkdp1RkafZcctMiV5h9xygkS5Fx0LM+VxFhmg/6KZnWHWPdtsC0mvOcLMK9ZMfZgAfEXVfXpkvFKaJmg8ZTJA3+pMbUhWIAG1yQuGnwBpNnhJvhXZlGhliVHfMhRslsRNmv8isehmjKd6QqIm7J3g== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Just like user xfeatures, supervisor xfeatures can be active in the registers or present in the task FPU buffer. If the registers are active, the registers can be modified directly. If the registers are not active, the modification must be performed on the task FPU buffer. When the state is not active, the kernel could perform modifications directly to the buffer. But in order for it to do that, it needs to know where in the buffer the specific state it wants to modify is located. Doing this is not robust against optimizations that compact the FPU buffer, as each access would require computing where in the buffer it is. The easiest way to modify supervisor xfeature data is to force restore the registers and write directly to the MSRs. Often times this is just fine anyway as the registers need to be restored before returning to userspace. Do this for now, leaving buffer writing optimizations for the future. Add a new function fpregs_lock_and_load() that can simultaneously call fpregs_lock() and do this restore. Also perform some extra sanity checks in this function since this will be used in non-fpu focused code. Suggested-by: Thomas Gleixner Signed-off-by: Rick Edgecombe Reviewed-by: Borislav Petkov (AMD) Reviewed-by: Kees Cook Acked-by: Mike Rapoport (IBM) Tested-by: Pengfei Xu Tested-by: John Allen Tested-by: Kees Cook --- arch/x86/include/asm/fpu/api.h | 9 +++++++++ arch/x86/kernel/fpu/core.c | 18 ++++++++++++++++++ 2 files changed, 27 insertions(+) diff --git a/arch/x86/include/asm/fpu/api.h b/arch/x86/include/asm/fpu/api.h index 503a577814b2..aadc6893dcaa 100644 --- a/arch/x86/include/asm/fpu/api.h +++ b/arch/x86/include/asm/fpu/api.h @@ -82,6 +82,15 @@ static inline void fpregs_unlock(void) preempt_enable(); } +/* + * FPU state gets lazily restored before returning to userspace. So when in the + * kernel, the valid FPU state may be kept in the buffer. This function will force + * restore all the fpu state to the registers early if needed, and lock them from + * being automatically saved/restored. Then FPU state can be modified safely in the + * registers, before unlocking with fpregs_unlock(). + */ +void fpregs_lock_and_load(void); + #ifdef CONFIG_X86_DEBUG_FPU extern void fpregs_assert_state_consistent(void); #else diff --git a/arch/x86/kernel/fpu/core.c b/arch/x86/kernel/fpu/core.c index caf33486dc5e..f851558b673f 100644 --- a/arch/x86/kernel/fpu/core.c +++ b/arch/x86/kernel/fpu/core.c @@ -753,6 +753,24 @@ void switch_fpu_return(void) } EXPORT_SYMBOL_GPL(switch_fpu_return); +void fpregs_lock_and_load(void) +{ + /* + * fpregs_lock() only disables preemption (mostly). So modifying state + * in an interrupt could screw up some in progress fpregs operation. + * Warn about it. + */ + WARN_ON_ONCE(!irq_fpu_usable()); + WARN_ON_ONCE(current->flags & PF_KTHREAD); + + fpregs_lock(); + + fpregs_assert_state_consistent(); + + if (test_thread_flag(TIF_NEED_FPU_LOAD)) + fpregs_restore_userregs(); +} + #ifdef CONFIG_X86_DEBUG_FPU /* * If current FPU state according to its tracking (loaded FPU context on this