From patchwork Fri Mar 7 16:41:14 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chao Gao X-Patchwork-Id: 14006758 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A7CB523E339; Fri, 7 Mar 2025 16:38:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.12 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741365538; cv=none; b=mAeIp4RJvwlM405nJqK1rIASbkaLkWSPhbkQltq7/Eph976NgpXdW7+QNnD7+gVAHygrJ0uyiLErzzeaGwxV8HVdTDBPCLpdROUP443maFLcIarYkcgTkqeDm+Hq9pg4hiIOZWqOK4neQGXRXmh497vHl2z2qdev+mU6Yy6RyWY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741365538; c=relaxed/simple; bh=NAhPE1PGJxrFVgH8kA+0bvwMKTiocIa1/1ThMIp406k=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=SnTrOr+idbz6CMAKd3BKltXES3f3LG1PpY60eOdpV4DiPzSS1ULioLnQgDBK8ZfjCqj2NVxpJiNCy1o6dTsthxq4MY+/53AdWwFnBBG7q9vJvkI++eII1iY9Zwc+kyjj7p4gBgtdllQJkYXP2TIp/XajN8ukz5R7C0fhZiVKp2o= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=m66Mzsb/; arc=none smtp.client-ip=192.198.163.12 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="m66Mzsb/" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1741365537; x=1772901537; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=NAhPE1PGJxrFVgH8kA+0bvwMKTiocIa1/1ThMIp406k=; b=m66Mzsb/lzrizdYXnqr+TGkOevlPj/zkJpRhWCRVAd5eo3n+9xpm6JSj ddZGAENjbFh+jPI75+9UZZkRQOnaH3TETchVd4RBjdTNqSUyRMNcMIGBy fbkvUN22mpyIL2JA4wz2Ll0hrhRY41ERuG4xvp5vEyt4e08Rjn1RalTt8 r5Mdy5ZsoZFPAtxjRvizyErsPT2ZrRmrhG0inFEMOO5sjwUColr2xNLow +fslF7ggGNddCUH80ipGOmTcU1qem4zL6OQ7xv9gRKlMi11wxkOCAfdtc EdqvaJKbyS92W/Vb5vVL4qHnY9DTatfF2BkyNhMXMXXUvyCdzvtZsdzD9 Q==; X-CSE-ConnectionGUID: zfzG48r0RdiEVIaYMYkOiQ== X-CSE-MsgGUID: lQkfWQSmTj21oA2CExgJyw== X-IronPort-AV: E=McAfee;i="6700,10204,11365"; a="46344355" X-IronPort-AV: E=Sophos;i="6.14,229,1736841600"; d="scan'208";a="46344355" Received: from orviesa004.jf.intel.com ([10.64.159.144]) by fmvoesa106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Mar 2025 08:38:56 -0800 X-CSE-ConnectionGUID: BqsZFcLYS+eqCT4IMJpDeQ== X-CSE-MsgGUID: JuYT9FFeQx2RWBSk+8L7FA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.14,229,1736841600"; d="scan'208";a="124397943" Received: from spr.sh.intel.com ([10.239.53.19]) by orviesa004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Mar 2025 08:38:53 -0800 From: Chao Gao To: chao.gao@intel.com, tglx@linutronix.de, dave.hansen@intel.com, x86@kernel.org, seanjc@google.com, pbonzini@redhat.com, linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: peterz@infradead.org, rick.p.edgecombe@intel.com, weijiang.yang@intel.com, john.allen@amd.com, bp@alien8.de, Maxim Levitsky Subject: [PATCH v3 01/10] x86/fpu/xstate: Always preserve non-user xfeatures/flags in __state_perm Date: Sat, 8 Mar 2025 00:41:14 +0800 Message-ID: <20250307164123.1613414-2-chao.gao@intel.com> X-Mailer: git-send-email 2.46.1 In-Reply-To: <20250307164123.1613414-1-chao.gao@intel.com> References: <20250307164123.1613414-1-chao.gao@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Sean Christopherson When granting userspace or a KVM guest access to an xfeature, preserve the entity's existing supervisor and software-defined permissions as tracked by __state_perm, i.e. use __state_perm to track *all* permissions even though all supported supervisor xfeatures are granted to all FPUs and FPU_GUEST_PERM_LOCKED disallows changing permissions. Effectively clobbering supervisor permissions results in inconsistent behavior, as xstate_get_group_perm() will report supervisor features for process that do NOT request access to dynamic user xfeatures, whereas any and all supervisor features will be absent from the set of permissions for any process that is granted access to one or more dynamic xfeatures (which right now means AMX). The inconsistency isn't problematic because fpu_xstate_prctl() already strips out everything except user xfeatures: case ARCH_GET_XCOMP_PERM: /* * Lockless snapshot as it can also change right after the * dropping the lock. */ permitted = xstate_get_host_group_perm(); permitted &= XFEATURE_MASK_USER_SUPPORTED; return put_user(permitted, uptr); case ARCH_GET_XCOMP_GUEST_PERM: permitted = xstate_get_guest_group_perm(); permitted &= XFEATURE_MASK_USER_SUPPORTED; return put_user(permitted, uptr); and similarly KVM doesn't apply the __state_perm to supervisor states (kvm_get_filtered_xcr0() incorporates xstate_get_guest_group_perm()): case 0xd: { u64 permitted_xcr0 = kvm_get_filtered_xcr0(); u64 permitted_xss = kvm_caps.supported_xss; But if KVM in particular were to ever change, dropping supervisor permissions would result in subtle bugs in KVM's reporting of supported CPUID settings. And the above behavior also means that having supervisor xfeatures in __state_perm is correctly handled by all users. Dropping supervisor permissions also creates another landmine for KVM. If more dynamic user xfeatures are ever added, requesting access to multiple xfeatures in separate ARCH_REQ_XCOMP_GUEST_PERM calls will result in the second invocation of __xstate_request_perm() computing the wrong ksize, as as the mask passed to xstate_calculate_size() would not contain *any* supervisor features. Commit 781c64bfcb73 ("x86/fpu/xstate: Handle supervisor states in XSTATE permissions") fudged around the size issue for userspace FPUs, but for reasons unknown skipped guest FPUs. Lack of a fix for KVM "works" only because KVM doesn't yet support virtualizing features that have supervisor xfeatures, i.e. as of today, KVM guest FPUs will never need the relevant xfeatures. Simply extending the hack-a-fix for guests would temporarily solve the ksize issue, but wouldn't address the inconsistency issue and would leave another lurking pitfall for KVM. KVM support for virtualizing CET will likely add CET_KERNEL as a guest-only xfeature, i.e. CET_KERNEL will not be set in xfeatures_mask_supervisor() and would again be dropped when granting access to dynamic xfeatures. Note, the existing clobbering behavior is rather subtle. The @permitted parameter to __xstate_request_perm() comes from: permitted = xstate_get_group_perm(guest); which is either fpu->guest_perm.__state_perm or fpu->perm.__state_perm, where __state_perm is initialized to: fpu->perm.__state_perm = fpu_kernel_cfg.default_features; and copied to the guest side of things: /* Same defaults for guests */ fpu->guest_perm = fpu->perm; fpu_kernel_cfg.default_features contains everything except the dynamic xfeatures, i.e. everything except XFEATURE_MASK_XTILE_DATA: fpu_kernel_cfg.default_features = fpu_kernel_cfg.max_features; fpu_kernel_cfg.default_features &= ~XFEATURE_MASK_USER_DYNAMIC; When __xstate_request_perm() restricts the local "mask" variable to compute the user state size: mask &= XFEATURE_MASK_USER_SUPPORTED; usize = xstate_calculate_size(mask, false); it subtly overwrites the target __state_perm with "mask" containing only user xfeatures: perm = guest ? &fpu->guest_perm : &fpu->perm; /* Pairs with the READ_ONCE() in xstate_get_group_perm() */ WRITE_ONCE(perm->__state_perm, mask); Cc: Maxim Levitsky Cc: Weijiang Yang Cc: Dave Hansen Cc: Paolo Bonzini Cc: Peter Zijlstra Cc: Chao Gao Cc: Rick Edgecombe Cc: John Allen Cc: kvm@vger.kernel.org Link: https://lore.kernel.org/all/ZTqgzZl-reO1m01I@google.com Signed-off-by: Sean Christopherson Signed-off-by: Yang Weijiang Signed-off-by: Chao Gao Reviewed-by: Maxim Levitsky Reviewed-by: Rick Edgecombe Acked-by: Dave Hansen --- arch/x86/include/asm/fpu/types.h | 8 +++++--- arch/x86/kernel/fpu/xstate.c | 18 +++++++++++------- 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/arch/x86/include/asm/fpu/types.h b/arch/x86/include/asm/fpu/types.h index de16862bf230..46cc263f9f4f 100644 --- a/arch/x86/include/asm/fpu/types.h +++ b/arch/x86/include/asm/fpu/types.h @@ -407,9 +407,11 @@ struct fpu_state_perm { /* * @__state_perm: * - * This bitmap indicates the permission for state components, which - * are available to a thread group. The permission prctl() sets the - * enabled state bits in thread_group_leader()->thread.fpu. + * This bitmap indicates the permission for state components + * available to a thread group, including both user and supervisor + * components and software-defined bits like FPU_GUEST_PERM_LOCKED. + * The permission prctl() sets the enabled state bits in + * thread_group_leader()->thread.fpu. * * All run time operations use the per thread information in the * currently active fpu.fpstate which contains the xfeature masks diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c index 27417b685c1d..7caafdb7f6b8 100644 --- a/arch/x86/kernel/fpu/xstate.c +++ b/arch/x86/kernel/fpu/xstate.c @@ -1618,16 +1618,20 @@ static int __xstate_request_perm(u64 permitted, u64 requested, bool guest) if ((permitted & requested) == requested) return 0; - /* Calculate the resulting kernel state size */ + /* + * Calculate the resulting kernel state size. Note, @permitted also + * contains supervisor xfeatures even though supervisor are always + * permitted for kernel and guest FPUs, and never permitted for user + * FPUs. + */ mask = permitted | requested; - /* Take supervisor states into account on the host */ - if (!guest) - mask |= xfeatures_mask_supervisor(); ksize = xstate_calculate_size(mask, compacted); - /* Calculate the resulting user state size */ - mask &= XFEATURE_MASK_USER_SUPPORTED; - usize = xstate_calculate_size(mask, false); + /* + * Calculate the resulting user state size. Take care not to clobber + * the supervisor xfeatures in the new mask! + */ + usize = xstate_calculate_size(mask & XFEATURE_MASK_USER_SUPPORTED, false); if (!guest) { ret = validate_sigaltstack(usize); From patchwork Fri Mar 7 16:41:15 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chao Gao X-Patchwork-Id: 14006759 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D5F2523F279; Fri, 7 Mar 2025 16:38:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.12 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741365541; cv=none; b=WsTY+b7bhtqlmDl94Trus9HGhYTVy8uxkeMiGyX+OoIP+sECcvjgtptbx3Oz5/cuO3p9IO6L2rcCAPNIm+NDS6gWKQ+7oZ06ubAeIQSpv+hclfkXlCOomWdpYjTrxxuFPXySGWmVrqJKGXTuMy4f+mRB7zAzIeY8u2IViFOuOEA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741365541; c=relaxed/simple; bh=6/K99JjqVQqQ1FfXjvgoQw/Ei25G3FgwXjX9ioZHaQ0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=n7fyKYXVcpUWwxwZl6Zlh7lzU56UWJgfaZa0gRR96q3CAK4+57EEo4uC+Z3nrl5e8DGRaMnW134hgINHMQ58Oa0Cor+XNHalcZszl6ScMFedqSyINgNYsPAl3Z1mVEjCBZrzV0T0A4HDc71EZ+Q1iRM2mCjCADQ03WrfMxq1ets= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=U+KJWtKr; arc=none smtp.client-ip=192.198.163.12 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="U+KJWtKr" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1741365540; x=1772901540; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=6/K99JjqVQqQ1FfXjvgoQw/Ei25G3FgwXjX9ioZHaQ0=; b=U+KJWtKrs2u/lb7KbDKacImgyXEBguPvZYA11FMvewttyEZnvFfB+L05 wkgH7AC8d00iUkmCCdp7uLi09LP+RHLEEEUbTueY9AEVeI8UubxAn8voX Wso98IQ1WUwZEe7QRDGOx/BIrmXQdCqmhkaFP27wPA+NMbUbb4JPLVPyv lCkyufxRJctCfRULWTDqoet8XbplTnS+TVCz8qmHAf4HrcE+J4DPJ5mcK y66NsAiN3eizh+9xmRplEwtTe40Bk6sz3IDrnIsFUNjdNHBn6a1Ls0kEM zy8u1w8sYO5NEwyBMyHiWrNw8Fc9h3It2PvaTi7HxuITcdPYjUMkVuWZ3 g==; X-CSE-ConnectionGUID: aqJco40RRqaD3K2xVBWJmw== X-CSE-MsgGUID: 4EB637H0RyKA225tllggIQ== X-IronPort-AV: E=McAfee;i="6700,10204,11365"; a="46344372" X-IronPort-AV: E=Sophos;i="6.14,229,1736841600"; d="scan'208";a="46344372" Received: from orviesa004.jf.intel.com ([10.64.159.144]) by fmvoesa106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Mar 2025 08:39:00 -0800 X-CSE-ConnectionGUID: NDV2RXOVROmbvh+wbMcxaQ== X-CSE-MsgGUID: OWfHVZJySWSmfIa8QQjetQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.14,229,1736841600"; d="scan'208";a="124397949" Received: from spr.sh.intel.com ([10.239.53.19]) by orviesa004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Mar 2025 08:38:56 -0800 From: Chao Gao To: chao.gao@intel.com, tglx@linutronix.de, dave.hansen@intel.com, x86@kernel.org, seanjc@google.com, pbonzini@redhat.com, linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: peterz@infradead.org, rick.p.edgecombe@intel.com, weijiang.yang@intel.com, john.allen@amd.com, bp@alien8.de, Maxim Levitsky Subject: [PATCH v3 02/10] x86/fpu/xstate: Drop @perm from guest pseudo FPU container Date: Sat, 8 Mar 2025 00:41:15 +0800 Message-ID: <20250307164123.1613414-3-chao.gao@intel.com> X-Mailer: git-send-email 2.46.1 In-Reply-To: <20250307164123.1613414-1-chao.gao@intel.com> References: <20250307164123.1613414-1-chao.gao@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Remove @perm from the guest pseudo FPU container. The field is initialized during allocation and never used later. Rename fpu_init_guest_permissions() to show that its sole purpose is to lock down guest permissions. Suggested-by: Maxim Levitsky Signed-off-by: Chao Gao --- arch/x86/include/asm/fpu/types.h | 7 ------- arch/x86/kernel/fpu/core.c | 7 ++----- 2 files changed, 2 insertions(+), 12 deletions(-) diff --git a/arch/x86/include/asm/fpu/types.h b/arch/x86/include/asm/fpu/types.h index 46cc263f9f4f..9f9ed406b179 100644 --- a/arch/x86/include/asm/fpu/types.h +++ b/arch/x86/include/asm/fpu/types.h @@ -526,13 +526,6 @@ struct fpu_guest { */ u64 xfeatures; - /* - * @perm: xfeature bitmap of features which are - * permitted to be enabled for the guest - * vCPU. - */ - u64 perm; - /* * @xfd_err: Save the guest value. */ diff --git a/arch/x86/kernel/fpu/core.c b/arch/x86/kernel/fpu/core.c index 1209c7aebb21..dc169f3d336d 100644 --- a/arch/x86/kernel/fpu/core.c +++ b/arch/x86/kernel/fpu/core.c @@ -195,7 +195,7 @@ void fpu_reset_from_exception_fixup(void) #if IS_ENABLED(CONFIG_KVM) static void __fpstate_reset(struct fpstate *fpstate, u64 xfd); -static void fpu_init_guest_permissions(struct fpu_guest *gfpu) +static void fpu_lock_guest_permissions(struct fpu_guest *gfpu) { struct fpu_state_perm *fpuperm; u64 perm; @@ -211,8 +211,6 @@ static void fpu_init_guest_permissions(struct fpu_guest *gfpu) WRITE_ONCE(fpuperm->__state_perm, perm | FPU_GUEST_PERM_LOCKED); spin_unlock_irq(¤t->sighand->siglock); - - gfpu->perm = perm & ~FPU_GUEST_PERM_LOCKED; } bool fpu_alloc_guest_fpstate(struct fpu_guest *gfpu) @@ -233,7 +231,6 @@ bool fpu_alloc_guest_fpstate(struct fpu_guest *gfpu) gfpu->fpstate = fpstate; gfpu->xfeatures = fpu_user_cfg.default_features; - gfpu->perm = fpu_user_cfg.default_features; /* * KVM sets the FP+SSE bits in the XSAVE header when copying FPU state @@ -248,7 +245,7 @@ bool fpu_alloc_guest_fpstate(struct fpu_guest *gfpu) if (WARN_ON_ONCE(fpu_user_cfg.default_size > gfpu->uabi_size)) gfpu->uabi_size = fpu_user_cfg.default_size; - fpu_init_guest_permissions(gfpu); + fpu_lock_guest_permissions(gfpu); return true; } From patchwork Fri Mar 7 16:41:16 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chao Gao X-Patchwork-Id: 14006760 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 406E523F43C; Fri, 7 Mar 2025 16:39:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.12 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741365544; cv=none; b=VS7TvMjoVbf9QwhIU9H26slMsMjYk9Nmqr6PormzmFATZ+1y9ZbhAozy5DLxZhJTc0PG5pm/fgXJdHSKoK5ksga64eCtObRiPdaypzeSNdQ9BkpR44Qr9jWvoOxTJocLzOjp/Ckaf0d6KQuGbVg2Uz5oQPT9gKeHbdsJdvsR99A= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741365544; c=relaxed/simple; bh=SpKdz7sTD5wKZqrlLNpQ/arSV7IvcPHU/I9mT3rphFg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=J/d+JGc5HByJdc59rzNVOrqyQH8IA+4H53TgkG02qPRm5jZogTLVR2k1OHOmb+Lk2gENFVrXfvKiXb0F6PPBZXZpfWUUItk8Yn2qkJGK7Fft4C/UiHz6B54UhxrHg7s8piEP1uppWnVlx8MHUShtfFzqNfDjEKUagXfCYRLUEzQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=hkEDKrHM; arc=none smtp.client-ip=192.198.163.12 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="hkEDKrHM" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1741365543; x=1772901543; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=SpKdz7sTD5wKZqrlLNpQ/arSV7IvcPHU/I9mT3rphFg=; b=hkEDKrHMaEvVDkLtuJsUgqGwk1tAIXCsy96s0oXABOwi4Ae4tQZGi+lF TacL0LE5oRtjCTmH1ekH/jD/1V/2eUE71rabd7LwZlsl8LHNfSwiredtl i5Pu7MgrJKycho2P5t4cbyoahm8B8zNkYBX70/u1qa7MU00c+xJ7+mWl/ 3EkGKHUw+ONE75WrGbm1VdMRPIf2JwEndqKKaZd77q4jPK1Hdv6pjF2Fz CY/23eI/fI955wErP9WKoFZ+sHdsg/Cb3LeVUjCnzPpSV6DzSJks/0gHm ralCnNP4hVGqZWgBcfQu37t7DssYIKidCQcIosSWqmXuUQGdiPEsPKUA6 A==; X-CSE-ConnectionGUID: oumnp+DtT0uGwm/V4VDgqw== X-CSE-MsgGUID: mEQKZ0oPQCqrxOOthretJw== X-IronPort-AV: E=McAfee;i="6700,10204,11365"; a="46344391" X-IronPort-AV: E=Sophos;i="6.14,229,1736841600"; d="scan'208";a="46344391" Received: from orviesa004.jf.intel.com ([10.64.159.144]) by fmvoesa106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Mar 2025 08:39:03 -0800 X-CSE-ConnectionGUID: byvLJZMQTK2U8c5YFpXBww== X-CSE-MsgGUID: 3PhMpAt8RMuCH1N7Wc9E/w== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.14,229,1736841600"; d="scan'208";a="124397955" Received: from spr.sh.intel.com ([10.239.53.19]) by orviesa004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Mar 2025 08:39:00 -0800 From: Chao Gao To: chao.gao@intel.com, tglx@linutronix.de, dave.hansen@intel.com, x86@kernel.org, seanjc@google.com, pbonzini@redhat.com, linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: peterz@infradead.org, rick.p.edgecombe@intel.com, weijiang.yang@intel.com, john.allen@amd.com, bp@alien8.de Subject: [PATCH v3 03/10] x86/fpu/xstate: Correct xfeatures cache in guest pseudo fpu container Date: Sat, 8 Mar 2025 00:41:16 +0800 Message-ID: <20250307164123.1613414-4-chao.gao@intel.com> X-Mailer: git-send-email 2.46.1 In-Reply-To: <20250307164123.1613414-1-chao.gao@intel.com> References: <20250307164123.1613414-1-chao.gao@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 The xfeatures field in struct fpu_guest is designed to track the enabled xfeatures for guest FPUs. However, during allocation in fpu_alloc_guest_fpstate(), gfpu->xfeatures is initialized to fpu_user_cfg.default_features, while the corresponding fpstate->xfeatures is set to fpu_kernel_cfg.default_features Correct the mismatch to avoid confusion. Note this mismatch does not cause any functional issues. The gfpu->xfeatures is checked in fpu_enable_guest_xfd_features() to verify if XFD features are already enabled: xfeatures &= ~guest_fpu->xfeatures; if (!xfeatures) return 0; It gets updated in fpstate_realloc() after enabling some XFD features: guest_fpu->xfeatures |= xfeatures; So, backport is not needed. Signed-off-by: Chao Gao --- arch/x86/kernel/fpu/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kernel/fpu/core.c b/arch/x86/kernel/fpu/core.c index dc169f3d336d..6166a928d3f5 100644 --- a/arch/x86/kernel/fpu/core.c +++ b/arch/x86/kernel/fpu/core.c @@ -230,7 +230,7 @@ bool fpu_alloc_guest_fpstate(struct fpu_guest *gfpu) fpstate->is_guest = true; gfpu->fpstate = fpstate; - gfpu->xfeatures = fpu_user_cfg.default_features; + gfpu->xfeatures = fpu_kernel_cfg.default_features; /* * KVM sets the FP+SSE bits in the XSAVE header when copying FPU state From patchwork Fri Mar 7 16:41:17 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chao Gao X-Patchwork-Id: 14006761 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C2EFC24113C; Fri, 7 Mar 2025 16:39:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.12 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741365548; cv=none; b=pHm7MCrwMERAJNgq18zOZd4AaFF97+7TNkHjvL6dJGblbNM/PyTW0chRZtpM2cQIJKCcVH9PiTBkUsKyAqC/VJuOyEBp+pNtkBu9FMzkDE1XW+xYzETakL7w4yij5iuFD9gZigW2+6UmSh0Ygfafpyl7xejNU6gwCYo5jPk5KLg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741365548; c=relaxed/simple; bh=NS7eb9HUDJ8OTv0tuEbJukrt65iNUAvQ4hYP0y6hXyI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=L2tTwOQOgQFOfk37z7R+FY3/nqEc5F8pJ6/2XDbAsmNVk5MzzfWD0idgzZVJQugBTt7rFCepQwFKZuBLz0y2gY7hYS8keekp/1DDXD62iwHBc3EhDR5yLgS80io6qNojqID72APk9Yqvg8DV9KpyS4LAXUhGzSJs2GDCP6BLXPU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=ZQUMVmyz; arc=none smtp.client-ip=192.198.163.12 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="ZQUMVmyz" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1741365547; x=1772901547; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=NS7eb9HUDJ8OTv0tuEbJukrt65iNUAvQ4hYP0y6hXyI=; b=ZQUMVmyzPL1MAdl72f9ZuNd7d+njnBF4SL12M7KaYwt4kxj4I5VUiqNI /fFmAoeEhP+K6I/KbtmloSw6gkfoANJopY3NL5iqkJj221u5Rpd4+EHVW EPKFwyZuhEsB7qQtBxTS5DCUrs8EBRVUj+zR221OOyG3utsTqVoC8btOz cD41H6dWPYcW5z1Kz/pjdYktdyw5AKELdAHj1swsfdRp1MbMOZYa10kn5 Eq6RB3G+X+Fqx7FiI5SAjTfVTkaqyDBtKHVQgTyTzPq1N5pM6O6CcrDhE XE6SbHhKhgTCxcWLeXecFjsTZQlx1B9Ct6IMt+bt+MhFqyoH+UV3Kw9CB A==; X-CSE-ConnectionGUID: zb2a3wz+QNCPzU+MaM/0IA== X-CSE-MsgGUID: 4okTXNiNQD2Yrw9AnZzUEw== X-IronPort-AV: E=McAfee;i="6700,10204,11365"; a="46344407" X-IronPort-AV: E=Sophos;i="6.14,229,1736841600"; d="scan'208";a="46344407" Received: from orviesa004.jf.intel.com ([10.64.159.144]) by fmvoesa106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Mar 2025 08:39:06 -0800 X-CSE-ConnectionGUID: 2eXecet2SbSKD6NfZSt5wg== X-CSE-MsgGUID: fn2jnwivQxuOlfi9zGG2mQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.14,229,1736841600"; d="scan'208";a="124397963" Received: from spr.sh.intel.com ([10.239.53.19]) by orviesa004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Mar 2025 08:39:03 -0800 From: Chao Gao To: chao.gao@intel.com, tglx@linutronix.de, dave.hansen@intel.com, x86@kernel.org, seanjc@google.com, pbonzini@redhat.com, linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: peterz@infradead.org, rick.p.edgecombe@intel.com, weijiang.yang@intel.com, john.allen@amd.com, bp@alien8.de Subject: [PATCH v3 04/10] x86/fpu/xstate: Correct guest fpstate size calculation Date: Sat, 8 Mar 2025 00:41:17 +0800 Message-ID: <20250307164123.1613414-5-chao.gao@intel.com> X-Mailer: git-send-email 2.46.1 In-Reply-To: <20250307164123.1613414-1-chao.gao@intel.com> References: <20250307164123.1613414-1-chao.gao@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Yang Weijiang The guest fpstate size is calculated based on fpu_user_cfg, while fpstate->xfeatures is set to fpu_kernel_cfg.default_features in fpu_alloc_guest_fpstate(). In other words, the guest fpstate doesn't allocate memory for all supervisor states, even though they are enabled. Correct the calculation of the guest fpstate size. Note that this issue does not cause any functional problems because the guest fpstate is allocated using vmalloc(), which aligns the size to a full page, providing enough space for all existing supervisor components. On Emerald Rapids CPUs, the guest fpstate after this correction is ~2880 bytes. Link: https://lore.kernel.org/kvm/20230914063325.85503-3-weijiang.yang@intel.com/ Fixes: 69f6ed1d14c6 ("x86/fpu: Provide infrastructure for KVM FPU cleanup") Signed-off-by: Yang Weijiang Signed-off-by: Chao Gao --- arch/x86/kernel/fpu/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kernel/fpu/core.c b/arch/x86/kernel/fpu/core.c index 6166a928d3f5..adc34914634e 100644 --- a/arch/x86/kernel/fpu/core.c +++ b/arch/x86/kernel/fpu/core.c @@ -218,7 +218,7 @@ bool fpu_alloc_guest_fpstate(struct fpu_guest *gfpu) struct fpstate *fpstate; unsigned int size; - size = fpu_user_cfg.default_size + ALIGN(offsetof(struct fpstate, regs), 64); + size = fpu_kernel_cfg.default_size + ALIGN(offsetof(struct fpstate, regs), 64); fpstate = vzalloc(size); if (!fpstate) return false; From patchwork Fri Mar 7 16:41:18 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chao Gao X-Patchwork-Id: 14006762 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5FBF1241683; Fri, 7 Mar 2025 16:39:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.12 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741365552; cv=none; b=mKDZbMHJ6D/XDSFYrMSeevIynl9jKhmANIPiDmjWnNGT48nDwhN+ZCww3U+2F7LTScGlrTKpxiA9xNMiX2E0UyiLpOl9so+B7FaW2b0JT/il+hGBr2Kq805iN/sliSwImhNlitThYn6phQn4UkT6SeUkAGlVDuZSADdLv9yOHQU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741365552; c=relaxed/simple; bh=8w57i76C3y8iVjitfnDz5uyKl82BBPaB775SZiY6bcA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Brun9JbZe8ayM2/qwr1Fw7YJdgbalmM03jExu0vDbfkB+AoN6aKONt8kCF1oESHtFQKNIo1SWl873xCKNILFJdQnWbv8uENUKzDMk/6PbT1AV/6dAvZQztVYcSkvx2uJsfnibbmGTR83W0EVeaSyqRCwKJciSg7oeiMDr+u57Fg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=lokZoY8j; arc=none smtp.client-ip=192.198.163.12 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="lokZoY8j" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1741365550; x=1772901550; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=8w57i76C3y8iVjitfnDz5uyKl82BBPaB775SZiY6bcA=; b=lokZoY8jljYwHzf5Kvnaz5JMgZg/OVCrGgx/s+3HEvUBPBhpfebKutTf SvMKnZ2UHoXNVBhjkgEf/HVrsNayf6UJrW3zg4CpVD7TEwhTZs1rgZ1lv NJeRDcCtxLXZxGcCRJmXTx4zII9UvsUby0cH8S8eDh5w/jlaX95pvJNSi Mc9YMvnip+rMRLp/7RQD01fkoT3EzTPI/2pvX3LsMzCmuFB/THdEJnjzj T9KCkhrP7oYBnoV0TH3juHe9300IiuRyrpoqtU29uKweW4hDiC73evayr lnNO9dL0R4PvrK1Ff5hzhLKkJjkMeXyPIB6Vd0aUZzO5Ux1g5foBJZ05b A==; X-CSE-ConnectionGUID: y9WeHZrXRfKvTBU/lP0wBQ== X-CSE-MsgGUID: E24ds88NSD+bPvaynrVrVQ== X-IronPort-AV: E=McAfee;i="6700,10204,11365"; a="46344419" X-IronPort-AV: E=Sophos;i="6.14,229,1736841600"; d="scan'208";a="46344419" Received: from orviesa004.jf.intel.com ([10.64.159.144]) by fmvoesa106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Mar 2025 08:39:10 -0800 X-CSE-ConnectionGUID: sR4boAYyQX6iOnncnGb06A== X-CSE-MsgGUID: T4E7Ms8ATTiF+LceGlV3xA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.14,229,1736841600"; d="scan'208";a="124397971" Received: from spr.sh.intel.com ([10.239.53.19]) by orviesa004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Mar 2025 08:39:07 -0800 From: Chao Gao To: chao.gao@intel.com, tglx@linutronix.de, dave.hansen@intel.com, x86@kernel.org, seanjc@google.com, pbonzini@redhat.com, linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: peterz@infradead.org, rick.p.edgecombe@intel.com, weijiang.yang@intel.com, john.allen@amd.com, bp@alien8.de, Maxim Levitsky Subject: [PATCH v3 05/10] x86/fpu/xstate: Introduce guest FPU configuration Date: Sat, 8 Mar 2025 00:41:18 +0800 Message-ID: <20250307164123.1613414-6-chao.gao@intel.com> X-Mailer: git-send-email 2.46.1 In-Reply-To: <20250307164123.1613414-1-chao.gao@intel.com> References: <20250307164123.1613414-1-chao.gao@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Yang Weijiang The guest fpstate is currently initialized using fpu_kernel_cfg. This lacks flexibility because every feature added to the kernel FPU config is automatically available for use in the guest FPU. And to make any feature available for the guest FPU, the feature should be added to the kernel FPU config. Introduce fpu_guest_cfg to separate the guest FPU config from the kernel FPU config. This enhances code readability by allowing the guest FPU to be initialized with its own config and also improves extensibility by allowing the guest FPU config and kernel FPU config to evolve independently. Note fpu_guest_cfg and fpu_kernel_cfg remain the same for now. Signed-off-by: Yang Weijiang Signed-off-by: Chao Gao Reviewed-by: Maxim Levitsky Reviewed-by: Rick Edgecombe --- arch/x86/include/asm/fpu/types.h | 2 +- arch/x86/kernel/fpu/core.c | 3 ++- arch/x86/kernel/fpu/xstate.c | 10 ++++++++++ 3 files changed, 13 insertions(+), 2 deletions(-) diff --git a/arch/x86/include/asm/fpu/types.h b/arch/x86/include/asm/fpu/types.h index 9f9ed406b179..d9515d7f65e4 100644 --- a/arch/x86/include/asm/fpu/types.h +++ b/arch/x86/include/asm/fpu/types.h @@ -596,6 +596,6 @@ struct fpu_state_config { }; /* FPU state configuration information */ -extern struct fpu_state_config fpu_kernel_cfg, fpu_user_cfg; +extern struct fpu_state_config fpu_kernel_cfg, fpu_user_cfg, fpu_guest_cfg; #endif /* _ASM_X86_FPU_TYPES_H */ diff --git a/arch/x86/kernel/fpu/core.c b/arch/x86/kernel/fpu/core.c index adc34914634e..b0c1ef40d105 100644 --- a/arch/x86/kernel/fpu/core.c +++ b/arch/x86/kernel/fpu/core.c @@ -33,9 +33,10 @@ DEFINE_STATIC_KEY_FALSE(__fpu_state_size_dynamic); DEFINE_PER_CPU(u64, xfd_state); #endif -/* The FPU state configuration data for kernel and user space */ +/* The FPU state configuration data for kernel, user space and guest */ struct fpu_state_config fpu_kernel_cfg __ro_after_init; struct fpu_state_config fpu_user_cfg __ro_after_init; +struct fpu_state_config fpu_guest_cfg __ro_after_init; /* * Represents the initial FPU state. It's mostly (but not completely) zeroes, diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c index 7caafdb7f6b8..58325b3b8914 100644 --- a/arch/x86/kernel/fpu/xstate.c +++ b/arch/x86/kernel/fpu/xstate.c @@ -683,6 +683,7 @@ static int __init init_xstate_size(void) { /* Recompute the context size for enabled features: */ unsigned int user_size, kernel_size, kernel_default_size; + unsigned int guest_default_size; bool compacted = cpu_feature_enabled(X86_FEATURE_XCOMPACTED); /* Uncompacted user space size */ @@ -704,13 +705,18 @@ static int __init init_xstate_size(void) kernel_default_size = xstate_calculate_size(fpu_kernel_cfg.default_features, compacted); + guest_default_size = + xstate_calculate_size(fpu_guest_cfg.default_features, compacted); + if (!paranoid_xstate_size_valid(kernel_size)) return -EINVAL; fpu_kernel_cfg.max_size = kernel_size; fpu_user_cfg.max_size = user_size; + fpu_guest_cfg.max_size = kernel_size; fpu_kernel_cfg.default_size = kernel_default_size; + fpu_guest_cfg.default_size = guest_default_size; fpu_user_cfg.default_size = xstate_calculate_size(fpu_user_cfg.default_features, false); @@ -820,6 +826,10 @@ void __init fpu__init_system_xstate(unsigned int legacy_size) fpu_user_cfg.default_features = fpu_user_cfg.max_features; fpu_user_cfg.default_features &= ~XFEATURE_MASK_USER_DYNAMIC; + fpu_guest_cfg.max_features = fpu_kernel_cfg.max_features; + fpu_guest_cfg.default_features = fpu_guest_cfg.max_features; + fpu_guest_cfg.default_features &= ~XFEATURE_MASK_USER_DYNAMIC; + /* Store it for paranoia check at the end */ xfeatures = fpu_kernel_cfg.max_features; From patchwork Fri Mar 7 16:41:19 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chao Gao X-Patchwork-Id: 14006763 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BB7442417D2; Fri, 7 Mar 2025 16:39:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.12 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741365555; cv=none; b=T9PHbTOZndwx370iKeuQZqtbWqAtgEEM+A2PUIJRbnZzAsFXQkE/uUAe9bn6/MJFmq79j7msiPGTJJp6OiTg0U/HobWaBUiza0PJ4Hbl8ug6s8Y4PrLP2CEYISUYrFIS3t4B0+YsIkRgONHgGfyU1Qhyl/BabU7myDHBPGAOdiE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741365555; c=relaxed/simple; bh=iditFzUC6gL9JXzaOkHqegaevIOWoBD7y+I1dZJrC64=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=tPdnWdlu5K2X3jpFHo0MoWQCD+k3Jn1jcD6SNS2agmASw6/LFZ9dqFCrW+Prj3bI0sNEpqawf6VQ0URUDemdseGM5Cy2oURlmun0GVcS3yx4f0KAJwivD0MlIRd4UUtY9yiMJncx5YMjGj/88E0cXioX1MjFPv/LuRFTQJe5k0o= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=gdg1Xoda; arc=none smtp.client-ip=192.198.163.12 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="gdg1Xoda" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1741365554; x=1772901554; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=iditFzUC6gL9JXzaOkHqegaevIOWoBD7y+I1dZJrC64=; b=gdg1XodaQ38LQWdxG8aXDVhgU3V//Ji9ZRyB/LN4LnIEJx59ksbDKlte yXFCIzrD26efmH4Rj9O7YUuqythTF+VlUWvaO2Q0kC2IY33VN54cQDxtI HrC2bxqAK3sfpiDL4GTywXTaNwbJcAvxazM7YK2gogB0TlxYg0MxjxHuV bPvOimqPmVrL1jvLA99/oubxKD14YS5yxOpbZByiunq5uiRdfbTD60DtU Je76dzdhSsU54SVIduEMtB2pAHLE7v1e3YDIyTn1Z+aITuUgGxiBgen0R R/f+VPoIPi7G/UjLsBRoO7ffctEZLRdxH16Afgg8aIaNisjkYpRLzaXnF g==; X-CSE-ConnectionGUID: aDaPdInyQMyyjFjfo0Oeeg== X-CSE-MsgGUID: b2tpcNVZRly7om7vQvSh7g== X-IronPort-AV: E=McAfee;i="6700,10204,11365"; a="46344434" X-IronPort-AV: E=Sophos;i="6.14,229,1736841600"; d="scan'208";a="46344434" Received: from orviesa004.jf.intel.com ([10.64.159.144]) by fmvoesa106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Mar 2025 08:39:13 -0800 X-CSE-ConnectionGUID: 7mRywES9RzO0a0fC6dQIWA== X-CSE-MsgGUID: KMZxUO4pR02cbJak2aW5dw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.14,229,1736841600"; d="scan'208";a="124397979" Received: from spr.sh.intel.com ([10.239.53.19]) by orviesa004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Mar 2025 08:39:10 -0800 From: Chao Gao To: chao.gao@intel.com, tglx@linutronix.de, dave.hansen@intel.com, x86@kernel.org, seanjc@google.com, pbonzini@redhat.com, linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: peterz@infradead.org, rick.p.edgecombe@intel.com, weijiang.yang@intel.com, john.allen@amd.com, bp@alien8.de Subject: [PATCH v3 06/10] x86/fpu/xstate: Initialize guest perm with fpu_guest_cfg Date: Sat, 8 Mar 2025 00:41:19 +0800 Message-ID: <20250307164123.1613414-7-chao.gao@intel.com> X-Mailer: git-send-email 2.46.1 In-Reply-To: <20250307164123.1613414-1-chao.gao@intel.com> References: <20250307164123.1613414-1-chao.gao@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Yang Weijiang Use the new fpu_guest_cfg to initialize guest permissions. Note fpu_guest_cfg and fpu_kernel_cfg remain the same for now. So there is no functional change. Signed-off-by: Yang Weijiang [Gao Chao: Extrace this from the previous patch ] Signed-off-by: Chao Gao --- arch/x86/kernel/fpu/core.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/fpu/core.c b/arch/x86/kernel/fpu/core.c index b0c1ef40d105..d7ae684adbad 100644 --- a/arch/x86/kernel/fpu/core.c +++ b/arch/x86/kernel/fpu/core.c @@ -534,8 +534,15 @@ void fpstate_reset(struct fpu *fpu) fpu->perm.__state_perm = fpu_kernel_cfg.default_features; fpu->perm.__state_size = fpu_kernel_cfg.default_size; fpu->perm.__user_state_size = fpu_user_cfg.default_size; - /* Same defaults for guests */ - fpu->guest_perm = fpu->perm; + + /* Guest permission settings */ + fpu->guest_perm.__state_perm = fpu_guest_cfg.default_features; + fpu->guest_perm.__state_size = fpu_guest_cfg.default_size; + /* + * Set guest's __user_state_size to fpu_user_cfg.default_size so that + * existing uAPIs can still work. + */ + fpu->guest_perm.__user_state_size = fpu_user_cfg.default_size; } static inline void fpu_inherit_perms(struct fpu *dst_fpu) From patchwork Fri Mar 7 16:41:20 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chao Gao X-Patchwork-Id: 14006764 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6C26818BB9C; Fri, 7 Mar 2025 16:39:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.12 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741365559; cv=none; b=IUweV7CiGNSjeitPx1C1JxIwCU8Q4I8wi/4NOxMVAkv2J1jtP+wcyGJLcVWsX569+W3twCzHEzQ0dlOfjiwQdw9t39pZqzPk6Kyuyo5OOzg5kaCb4YJdx78kJxybGgWNf7evx/OWV5xvtR/0NjgcQekMVR0SMY9MNSuJq6CXA58= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741365559; c=relaxed/simple; bh=JMJwJmvvDb2gSkAc1Vt7kalSklLNxXgohGfolGvkY+A=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=bfSaS5UiT7wfkV1Pduk35IRo5P4wj8zcXt49vDGuOodH4I8mHWH1zc/Qu/7SLyT2QARRYYOTgOOaLAj8J/8uxe8TvgCOdivfotVli4sql/C1svUf1sSiipf82WIqdkNa9qczrixUeVXZZHj0dbMjrBnWwwFB7uEP7Zs/mh2Ba/0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=aJtcXpnw; arc=none smtp.client-ip=192.198.163.12 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="aJtcXpnw" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1741365557; x=1772901557; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=JMJwJmvvDb2gSkAc1Vt7kalSklLNxXgohGfolGvkY+A=; b=aJtcXpnw3cMpVoalaZeVKMFn+Pe155xyxYrAV17VsghxAJ6rixyqunve lxRi5FUt+JBapAvCXw5EPk0ZODu/hvKFmx5Q/Mem7ZG3UDlt+zKliEE6c ERWdr1HP9U60OtPXa4Fo3wLfl8zHpZbhDoA8ZMnq+PlRSUCk/GyY9oadj MqtI1fuTrvFv3nprN9mmGgMI+i2ySeeN00mzjhgTeQZU36h0tZxmS8193 YF7gg6aPpXqvxZYk3BrOpFOj020aewg5v/oHPCS6BfIlOmf0dql51dTNM GtNw1VxekPFLs5WH5vA9djtsWsl0F6mDA1amjSbhT7IOGdDNnkeasXbhQ w==; X-CSE-ConnectionGUID: lrqum1phRSKJDxm/RfRwsg== X-CSE-MsgGUID: 7P6+aEtcTGqLBmR6lfZc+w== X-IronPort-AV: E=McAfee;i="6700,10204,11365"; a="46344452" X-IronPort-AV: E=Sophos;i="6.14,229,1736841600"; d="scan'208";a="46344452" Received: from orviesa004.jf.intel.com ([10.64.159.144]) by fmvoesa106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Mar 2025 08:39:17 -0800 X-CSE-ConnectionGUID: VRrK0471SkWl1obg/F7eCw== X-CSE-MsgGUID: MtO4oQ/CT+qI993fd3DPtQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.14,229,1736841600"; d="scan'208";a="124397986" Received: from spr.sh.intel.com ([10.239.53.19]) by orviesa004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Mar 2025 08:39:14 -0800 From: Chao Gao To: chao.gao@intel.com, tglx@linutronix.de, dave.hansen@intel.com, x86@kernel.org, seanjc@google.com, pbonzini@redhat.com, linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: peterz@infradead.org, rick.p.edgecombe@intel.com, weijiang.yang@intel.com, john.allen@amd.com, bp@alien8.de, Maxim Levitsky Subject: [PATCH v3 07/10] x86/fpu/xstate: Initialize guest fpstate with fpu_guest_config Date: Sat, 8 Mar 2025 00:41:20 +0800 Message-ID: <20250307164123.1613414-8-chao.gao@intel.com> X-Mailer: git-send-email 2.46.1 In-Reply-To: <20250307164123.1613414-1-chao.gao@intel.com> References: <20250307164123.1613414-1-chao.gao@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Yang Weijiang Use fpu_guest_cfg to initialize the guest fpstate and the guest FPU pseduo container. The user_* fields remain unchanged for compatibility with KVM uAPIs. Inline the logic of __fpstate_reset() to directly utilize fpu_guest_cfg. Note fpu_guest_cfg and fpu_kernel_cfg remain the same for now. So there is no functional change. Signed-off-by: Yang Weijiang Signed-off-by: Chao Gao Reviewed-by: Maxim Levitsky Reviewed-by: Rick Edgecombe --- arch/x86/kernel/fpu/core.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/arch/x86/kernel/fpu/core.c b/arch/x86/kernel/fpu/core.c index d7ae684adbad..9cb800918b6d 100644 --- a/arch/x86/kernel/fpu/core.c +++ b/arch/x86/kernel/fpu/core.c @@ -194,8 +194,6 @@ void fpu_reset_from_exception_fixup(void) } #if IS_ENABLED(CONFIG_KVM) -static void __fpstate_reset(struct fpstate *fpstate, u64 xfd); - static void fpu_lock_guest_permissions(struct fpu_guest *gfpu) { struct fpu_state_perm *fpuperm; @@ -219,19 +217,22 @@ bool fpu_alloc_guest_fpstate(struct fpu_guest *gfpu) struct fpstate *fpstate; unsigned int size; - size = fpu_kernel_cfg.default_size + ALIGN(offsetof(struct fpstate, regs), 64); + size = fpu_guest_cfg.default_size + ALIGN(offsetof(struct fpstate, regs), 64); + fpstate = vzalloc(size); if (!fpstate) return false; - /* Leave xfd to 0 (the reset value defined by spec) */ - __fpstate_reset(fpstate, 0); + fpstate->size = fpu_guest_cfg.default_size; + fpstate->xfeatures = fpu_guest_cfg.default_features; + fpstate->user_size = fpu_user_cfg.default_size; + fpstate->user_xfeatures = fpu_user_cfg.default_features; fpstate_init_user(fpstate); fpstate->is_valloc = true; fpstate->is_guest = true; gfpu->fpstate = fpstate; - gfpu->xfeatures = fpu_kernel_cfg.default_features; + gfpu->xfeatures = fpu_guest_cfg.default_features; /* * KVM sets the FP+SSE bits in the XSAVE header when copying FPU state From patchwork Fri Mar 7 16:41:21 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chao Gao X-Patchwork-Id: 14006765 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0CF5224397F; Fri, 7 Mar 2025 16:39:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.12 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741365563; cv=none; b=QPNdgXVfcIKQvcUBnBTRAQkJ1Lq4AllZ0sJXO0lnLrNCaWvXd4OIFMpWVLjb1a4YtrgD9AJ+12UBZuuJJfcTvKwdlDRLkWw+Tth/EStEG3fqv4c60ohPfzy+srD0qJLRbkMb/lmBoctQBoLYNtzs67rLYsWBfviKhG15e+nBhbo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741365563; c=relaxed/simple; bh=2lNXb9//3K3UmeWMThfbiW/TPoU8C963Y+MDaVEOVjc=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=eGRtHeKzb3lXC9jkx6usOtD55qkaUnMmMJnfC0ELE6aeLHHpAp3Y7YO+W8eijOELUe9p2zhY4uOEBPgxudETTR4BZuSTpphThHNwFS3kCiquuRwNU3ds1ycEhAhBtLBEDv4ubVujj1VdMmuRHN5zfm+ifCkWrLa/mgAilyQtnso= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=KMKCWsuR; arc=none smtp.client-ip=192.198.163.12 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="KMKCWsuR" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1741365561; x=1772901561; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=2lNXb9//3K3UmeWMThfbiW/TPoU8C963Y+MDaVEOVjc=; b=KMKCWsuREdFMJoQ4c8SlqoQjXa11cpcdq4WyC3PanTlhRrUY+XxoqFYK kpY8HnmqEwXcng3g/qBct/wHnkRM7jU8NANB2puLgJDHIWZ43faqH7rq1 vAG6BRPzAIQ596DvhmY6ZAjuIZTGlIzx6ga4yh5vzBaL8jYwa0UXb/2oA aUoSVVLaL7SRFiBOa+3kC2yIdhGenWKn8tl9AYS28TqpfBNXF8/gck4Ig lJy2DevPvv0McnZZrmSIAIpJ1JlvtbQm7AXi2RbVSObEAkGfX4KIOzBFM ko4Z4zmRCNUrb1FJR5mV9O+5G9Imklw/RzAAIFXkkadA5eMJq7GPUmUC7 w==; X-CSE-ConnectionGUID: 4eOpIVwdTRyc31yzplb7dw== X-CSE-MsgGUID: r4iG4hrhTA6lFjEMC1pthQ== X-IronPort-AV: E=McAfee;i="6700,10204,11365"; a="46344463" X-IronPort-AV: E=Sophos;i="6.14,229,1736841600"; d="scan'208";a="46344463" Received: from orviesa004.jf.intel.com ([10.64.159.144]) by fmvoesa106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Mar 2025 08:39:21 -0800 X-CSE-ConnectionGUID: Fum/a9n2T3eziRDlgHkakQ== X-CSE-MsgGUID: nn7+w3+vR1Kk1NM8A36dxg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.14,229,1736841600"; d="scan'208";a="124397989" Received: from spr.sh.intel.com ([10.239.53.19]) by orviesa004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Mar 2025 08:39:18 -0800 From: Chao Gao To: chao.gao@intel.com, tglx@linutronix.de, dave.hansen@intel.com, x86@kernel.org, seanjc@google.com, pbonzini@redhat.com, linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: peterz@infradead.org, rick.p.edgecombe@intel.com, weijiang.yang@intel.com, john.allen@amd.com, bp@alien8.de, Maxim Levitsky Subject: [PATCH v3 08/10] x86/fpu/xstate: Add CET supervisor xfeature support Date: Sat, 8 Mar 2025 00:41:21 +0800 Message-ID: <20250307164123.1613414-9-chao.gao@intel.com> X-Mailer: git-send-email 2.46.1 In-Reply-To: <20250307164123.1613414-1-chao.gao@intel.com> References: <20250307164123.1613414-1-chao.gao@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Yang Weijiang To support CET virtualization, KVM needs the kernel to save/restore CET supervisor xstate in guest FPUs when switching between guest and host FPUs. Add CET supervisor xstate (i.e., XFEATURE_CET_KERNEL) support. Both the guest FPU and the kernel FPU will allocate memory for the new xstate. For the guest FPU, the xstate remains unused until the upcoming CET virtualization is added to KVM. For the kernel FPU, the xstate is unused until CET_S is enabled within the kernel. Note CET_S may or may not be enabled within the kernel, so always allocating memory for XFEATURE_CET_KERNEL could potentially waste some XSAVE buffer space. If necessary, this issue can be addressed by making XFEATURE_CET_KERNEL a guest-only feature. Signed-off-by: Yang Weijiang Signed-off-by: Chao Gao Reviewed-by: Rick Edgecombe Reviewed-by: Maxim Levitsky --- arch/x86/include/asm/fpu/types.h | 14 ++++++++++++-- arch/x86/include/asm/fpu/xstate.h | 6 +++--- arch/x86/kernel/fpu/xstate.c | 6 +++++- 3 files changed, 20 insertions(+), 6 deletions(-) diff --git a/arch/x86/include/asm/fpu/types.h b/arch/x86/include/asm/fpu/types.h index d9515d7f65e4..eb034b7ab8c0 100644 --- a/arch/x86/include/asm/fpu/types.h +++ b/arch/x86/include/asm/fpu/types.h @@ -118,7 +118,7 @@ enum xfeature { XFEATURE_PKRU, XFEATURE_PASID, XFEATURE_CET_USER, - XFEATURE_CET_KERNEL_UNUSED, + XFEATURE_CET_KERNEL, XFEATURE_RSRVD_COMP_13, XFEATURE_RSRVD_COMP_14, XFEATURE_LBR, @@ -141,7 +141,7 @@ enum xfeature { #define XFEATURE_MASK_PKRU (1 << XFEATURE_PKRU) #define XFEATURE_MASK_PASID (1 << XFEATURE_PASID) #define XFEATURE_MASK_CET_USER (1 << XFEATURE_CET_USER) -#define XFEATURE_MASK_CET_KERNEL (1 << XFEATURE_CET_KERNEL_UNUSED) +#define XFEATURE_MASK_CET_KERNEL (1 << XFEATURE_CET_KERNEL) #define XFEATURE_MASK_LBR (1 << XFEATURE_LBR) #define XFEATURE_MASK_XTILE_CFG (1 << XFEATURE_XTILE_CFG) #define XFEATURE_MASK_XTILE_DATA (1 << XFEATURE_XTILE_DATA) @@ -266,6 +266,16 @@ struct cet_user_state { u64 user_ssp; }; +/* + * State component 12 is Control-flow Enforcement supervisor states + */ +struct cet_supervisor_state { + /* supervisor ssp pointers */ + u64 pl0_ssp; + u64 pl1_ssp; + u64 pl2_ssp; +}; + /* * State component 15: Architectural LBR configuration state. * The size of Arch LBR state depends on the number of LBRs (lbr_depth). diff --git a/arch/x86/include/asm/fpu/xstate.h b/arch/x86/include/asm/fpu/xstate.h index 7f39fe7980c5..8990cf381bef 100644 --- a/arch/x86/include/asm/fpu/xstate.h +++ b/arch/x86/include/asm/fpu/xstate.h @@ -47,7 +47,8 @@ /* All currently supported supervisor features */ #define XFEATURE_MASK_SUPERVISOR_SUPPORTED (XFEATURE_MASK_PASID | \ - XFEATURE_MASK_CET_USER) + XFEATURE_MASK_CET_USER | \ + XFEATURE_MASK_CET_KERNEL) /* * A supervisor state component may not always contain valuable information, @@ -74,8 +75,7 @@ * Unsupported supervisor features. When a supervisor feature in this mask is * supported in the future, move it to the supported supervisor feature mask. */ -#define XFEATURE_MASK_SUPERVISOR_UNSUPPORTED (XFEATURE_MASK_PT | \ - XFEATURE_MASK_CET_KERNEL) +#define XFEATURE_MASK_SUPERVISOR_UNSUPPORTED (XFEATURE_MASK_PT) /* All supervisor states including supported and unsupported states. */ #define XFEATURE_MASK_SUPERVISOR_ALL (XFEATURE_MASK_SUPERVISOR_SUPPORTED | \ diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c index 58325b3b8914..12613ebdbb5d 100644 --- a/arch/x86/kernel/fpu/xstate.c +++ b/arch/x86/kernel/fpu/xstate.c @@ -55,7 +55,7 @@ static const char *xfeature_names[] = "Protection Keys User registers", "PASID state", "Control-flow User registers", - "Control-flow Kernel registers (unused)", + "Control-flow Kernel registers", "unknown xstate feature", "unknown xstate feature", "unknown xstate feature", @@ -78,6 +78,7 @@ static unsigned short xsave_cpuid_features[] __initdata = { [XFEATURE_PKRU] = X86_FEATURE_OSPKE, [XFEATURE_PASID] = X86_FEATURE_ENQCMD, [XFEATURE_CET_USER] = X86_FEATURE_SHSTK, + [XFEATURE_CET_KERNEL] = X86_FEATURE_SHSTK, [XFEATURE_XTILE_CFG] = X86_FEATURE_AMX_TILE, [XFEATURE_XTILE_DATA] = X86_FEATURE_AMX_TILE, }; @@ -283,6 +284,7 @@ static void __init print_xstate_features(void) print_xstate_feature(XFEATURE_MASK_PKRU); print_xstate_feature(XFEATURE_MASK_PASID); print_xstate_feature(XFEATURE_MASK_CET_USER); + print_xstate_feature(XFEATURE_MASK_CET_KERNEL); print_xstate_feature(XFEATURE_MASK_XTILE_CFG); print_xstate_feature(XFEATURE_MASK_XTILE_DATA); } @@ -352,6 +354,7 @@ static __init void os_xrstor_booting(struct xregs_state *xstate) XFEATURE_MASK_BNDCSR | \ XFEATURE_MASK_PASID | \ XFEATURE_MASK_CET_USER | \ + XFEATURE_MASK_CET_KERNEL | \ XFEATURE_MASK_XTILE) /* @@ -552,6 +555,7 @@ static bool __init check_xstate_against_struct(int nr) case XFEATURE_PASID: return XCHECK_SZ(sz, nr, struct ia32_pasid_state); case XFEATURE_XTILE_CFG: return XCHECK_SZ(sz, nr, struct xtile_cfg); case XFEATURE_CET_USER: return XCHECK_SZ(sz, nr, struct cet_user_state); + case XFEATURE_CET_KERNEL: return XCHECK_SZ(sz, nr, struct cet_supervisor_state); case XFEATURE_XTILE_DATA: check_xtile_data_against_struct(sz); return true; default: XSTATE_WARN_ON(1, "No structure for xstate: %d\n", nr); From patchwork Fri Mar 7 16:41:22 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chao Gao X-Patchwork-Id: 14006766 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6D2B92459C0; Fri, 7 Mar 2025 16:39:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.12 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741365566; cv=none; b=Z6WFGMjXxsfrA0NQUug+25t58nz9s1U2ZYHFBaAmsiw2uFjNoWwF3Swwg3Om62P4mGrd/0c/KLhoWk6R0sAcDoaP5Y8UDhnzlB/cBmQMH2oEMYqA41piQt9kkz7qO3zZ4DdD1rgFkJbMd2TkXXhco/L2N+biLXBRFRTkxdV/SWI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741365566; c=relaxed/simple; bh=X4xuzp/N/cz6sQP/VWh9/G4Yy55wbtWxPC/0J7I4lRc=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=oGNN6k3j+PoR3vVHbXpUGdMx9MaXobLYqECWaVHbvc2gySTihZmGnzRBDNEUlGSOOmsZL5KIdhqwZudyNNQLDHrjFXhTKMe86wVg+JFqhuby7P41gEFpCg9ddJNRe1xqSo8kMptmZ/XSAaonKWoyPl+wOeQ2SBjRazgQ2V/LxMc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=cTImjqV1; arc=none smtp.client-ip=192.198.163.12 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="cTImjqV1" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1741365564; x=1772901564; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=X4xuzp/N/cz6sQP/VWh9/G4Yy55wbtWxPC/0J7I4lRc=; b=cTImjqV16I3C6PqysCi0PyDuU8R1Orne5fHGJkOCMt/ibzsyP/FPw7A5 X7YzvEq6v2rzeAj4oihM8l1WMNNrBjAQCb6hl7uxFI6fCZJpzrzVipq33 m89iTwpZbuGuga4MNUvyy/oAAml0YcdFZuVb2tLqu3TOkFBaw7VoOEBgc JnchH7st4PqQQNs3aMGC8OsiOKRY/RQCRCjRp0ADz3Ltuy6RJlhPVcOeU Wc3v3aT4feNmHQvIntQ+ilMP/wT3iDI7Q33pBhZeaqPm498VG4+s2TYpF senYKMtEGE2jNZ8k5iq4rmtVNm+hG8qWIngqtgu16MQjH1uq+5lmtZgnU A==; X-CSE-ConnectionGUID: X0loT+B9SyqMVqs1nPmigQ== X-CSE-MsgGUID: n2niRv29TmWUlCKS2WrEWQ== X-IronPort-AV: E=McAfee;i="6700,10204,11365"; a="46344484" X-IronPort-AV: E=Sophos;i="6.14,229,1736841600"; d="scan'208";a="46344484" Received: from orviesa004.jf.intel.com ([10.64.159.144]) by fmvoesa106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Mar 2025 08:39:24 -0800 X-CSE-ConnectionGUID: N0O6DtYQS2Cydw31vqnyow== X-CSE-MsgGUID: IP6nfA3ZQ2K3WD8m23fAmw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.14,229,1736841600"; d="scan'208";a="124397993" Received: from spr.sh.intel.com ([10.239.53.19]) by orviesa004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Mar 2025 08:39:21 -0800 From: Chao Gao To: chao.gao@intel.com, tglx@linutronix.de, dave.hansen@intel.com, x86@kernel.org, seanjc@google.com, pbonzini@redhat.com, linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: peterz@infradead.org, rick.p.edgecombe@intel.com, weijiang.yang@intel.com, john.allen@amd.com, bp@alien8.de Subject: [PATCH v3 09/10] x86/fpu/xstate: Introduce XFEATURE_MASK_KERNEL_DYNAMIC xfeature set Date: Sat, 8 Mar 2025 00:41:22 +0800 Message-ID: <20250307164123.1613414-10-chao.gao@intel.com> X-Mailer: git-send-email 2.46.1 In-Reply-To: <20250307164123.1613414-1-chao.gao@intel.com> References: <20250307164123.1613414-1-chao.gao@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Yang Weijiang Define a new XFEATURE_MASK_KERNEL_DYNAMIC mask to specify the features that can be optionally enabled by kernel components. This is similar to XFEATURE_MASK_USER_DYNAMIC in that it contains optional xfeatures that can allows the FPU buffer to be dynamically sized. The difference is that the KERNEL variant contains supervisor features and will be enabled by kernel components that need them, and not directly by the user. Currently it's used by KVM to configure guest dedicated fpstate for calculating the xfeature and fpstate storage size etc. Kernel dynamic features are enabled for the guest FPU and disabled for the kernel FPU, effectively making them guest-only features. Set XFEATURE_CET_KERNEL as the first kernel dynamic feature, as it is required only by the guest FPU for the upcoming CET virtualization support in KVM. Suggested-by: Dave Hansen Signed-off-by: Yang Weijiang Signed-off-by: Chao Gao Reviewed-by: Rick Edgecombe --- I am tempted to rename XFEATURE_MASK_KERNEL_DYNAMIC to XFEATURE_MASK_GUEST_ONLY. But I am not sure if this was discussed and rejected. --- arch/x86/include/asm/fpu/xstate.h | 5 ++++- arch/x86/kernel/fpu/xstate.c | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/fpu/xstate.h b/arch/x86/include/asm/fpu/xstate.h index 8990cf381bef..f342715d204b 100644 --- a/arch/x86/include/asm/fpu/xstate.h +++ b/arch/x86/include/asm/fpu/xstate.h @@ -42,9 +42,12 @@ #define XFEATURE_MASK_USER_RESTORE \ (XFEATURE_MASK_USER_SUPPORTED & ~XFEATURE_MASK_PKRU) -/* Features which are dynamically enabled for a process on request */ +/* Features which are dynamically enabled per userspace request */ #define XFEATURE_MASK_USER_DYNAMIC XFEATURE_MASK_XTILE_DATA +/* Features which are dynamically enabled per kernel side request */ +#define XFEATURE_MASK_KERNEL_DYNAMIC XFEATURE_MASK_CET_KERNEL + /* All currently supported supervisor features */ #define XFEATURE_MASK_SUPERVISOR_SUPPORTED (XFEATURE_MASK_PASID | \ XFEATURE_MASK_CET_USER | \ diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c index 12613ebdbb5d..e5284e67dfec 100644 --- a/arch/x86/kernel/fpu/xstate.c +++ b/arch/x86/kernel/fpu/xstate.c @@ -826,6 +826,7 @@ void __init fpu__init_system_xstate(unsigned int legacy_size) /* Clean out dynamic features from default */ fpu_kernel_cfg.default_features = fpu_kernel_cfg.max_features; fpu_kernel_cfg.default_features &= ~XFEATURE_MASK_USER_DYNAMIC; + fpu_kernel_cfg.default_features &= ~XFEATURE_MASK_KERNEL_DYNAMIC; fpu_user_cfg.default_features = fpu_user_cfg.max_features; fpu_user_cfg.default_features &= ~XFEATURE_MASK_USER_DYNAMIC; From patchwork Fri Mar 7 16:41:23 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chao Gao X-Patchwork-Id: 14006767 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3434B2459FB; Fri, 7 Mar 2025 16:39:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.12 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741365569; cv=none; b=P2h7zJIMDr4elQvPJjgSgNtLESoeKamhiAnarh8MA0bIfupU39vOvbZbjt2Pcy/lDqq21kVpi2rdECSDamY8QVv3hbfwcG1l6IMhAl9Do8j3B9jW7zbsrn3XS14I0CgdKCwsPXAJrYB4c7+E66WiIM4gTv5auuBMUEKVURJq/3Y= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741365569; c=relaxed/simple; bh=2hhYjWrJvAfBJ4AhFSf2YTZ4BTSlANboUlb41O46vuY=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=iSxlp0k/tSkRx3a3U1uvUlrY3R0y87nQiIyoy/U3z0R+lKNuP+H0WY214M8YxDXc9UxVhl+CfSWMyvYJBk5kvUQnFZC+d7IGHAystNdKzNVqEplnqz7okDkDLPHi7VBxokLeIeGBpx+zIB4MBiWrFh3o/tr4OQNqYOANdZ5Ekdo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=BhHVYdTC; arc=none smtp.client-ip=192.198.163.12 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="BhHVYdTC" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1741365568; x=1772901568; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=2hhYjWrJvAfBJ4AhFSf2YTZ4BTSlANboUlb41O46vuY=; b=BhHVYdTCMCVQBSihV476A/FuQDfb7GgVTKEp1j/uNrWSlj7uSra6pWZj mgD8vxP8kEuOr51Z5LMMGL0XiFC40o3Fdajvprn/EKXBGZ+HVhjtbZmEJ 9oit+bO0gI+DitSuEAD6QlwTa/R8Y2I3zL67EDOv8k1HDwYaJv7RgUbdJ v2tYvrvjLxl9veJLI+xmX5xXI9AMu5IsldJuTjZN5WmbgayRlgZCJlt3r h+qawRQx9mnCF6hJQ1fYc12vivDPiueGd9PRXUeBkctJJX7Q41cwtKkgR zriGjulIWuHny+1rB0ZBhpx6gPJ5koCFJjJk42M51PQ8yfBe9A4dMV+Zt Q==; X-CSE-ConnectionGUID: KxzbGAzWRa2x5vNuigVi/Q== X-CSE-MsgGUID: 32HUdmtBTxiMI0Uvr0FQBQ== X-IronPort-AV: E=McAfee;i="6700,10204,11365"; a="46344499" X-IronPort-AV: E=Sophos;i="6.14,229,1736841600"; d="scan'208";a="46344499" Received: from orviesa004.jf.intel.com ([10.64.159.144]) by fmvoesa106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Mar 2025 08:39:28 -0800 X-CSE-ConnectionGUID: DTY15gl7SC204CwW+A8v4w== X-CSE-MsgGUID: CSlach8FTiStkdZCCd8UmA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.14,229,1736841600"; d="scan'208";a="124397997" Received: from spr.sh.intel.com ([10.239.53.19]) by orviesa004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Mar 2025 08:39:25 -0800 From: Chao Gao To: chao.gao@intel.com, tglx@linutronix.de, dave.hansen@intel.com, x86@kernel.org, seanjc@google.com, pbonzini@redhat.com, linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: peterz@infradead.org, rick.p.edgecombe@intel.com, weijiang.yang@intel.com, john.allen@amd.com, bp@alien8.de Subject: [PATCH v3 10/10] x86/fpu/xstate: Warn if CET supervisor state is detected in normal fpstate Date: Sat, 8 Mar 2025 00:41:23 +0800 Message-ID: <20250307164123.1613414-11-chao.gao@intel.com> X-Mailer: git-send-email 2.46.1 In-Reply-To: <20250307164123.1613414-1-chao.gao@intel.com> References: <20250307164123.1613414-1-chao.gao@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Yang Weijiang CET supervisor state bit is __ONLY__ enabled for guest fpstate, i.e., never for normal kernel fpstate. The bit is set when guest FPU config is initialized. For normal fpstate, the bit should have been removed when initializes kernel FPU config settings, WARN_ONCE() if kernel detects normal fpstate xfeatures contains CET supervisor state bit before xsaves operation. Signed-off-by: Yang Weijiang Signed-off-by: Chao Gao --- arch/x86/kernel/fpu/xstate.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/x86/kernel/fpu/xstate.h b/arch/x86/kernel/fpu/xstate.h index aa16f1a1bbcf..3df135a7d8bd 100644 --- a/arch/x86/kernel/fpu/xstate.h +++ b/arch/x86/kernel/fpu/xstate.h @@ -209,6 +209,8 @@ static inline void os_xsave(struct fpstate *fpstate) WARN_ON_FPU(!alternatives_patched); xfd_validate_state(fpstate, mask, false); + WARN_ON_FPU(!fpstate->is_guest && (mask & XFEATURE_MASK_CET_KERNEL)); + XSTATE_XSAVE(&fpstate->regs.xsave, lmask, hmask, err); /* We should never fault when copying to a kernel buffer: */