Re: [PATCHv3 1/3] x86/fpu: improve check for XSAVE* not writing FIP/FDP fields

All of lore.kernel.org
 help / color / mirror / Atom feed

From: David Vrabel <david.vrabel@citrix.com>
To: Jan Beulich <JBeulich@suse.com>, David Vrabel <david.vrabel@citrix.com>
Cc: Andrew Cooper <andrew.cooper3@citrix.com>,
	xen-devel@lists.xenproject.org
Subject: Re: [PATCHv3 1/3] x86/fpu: improve check for XSAVE* not writing FIP/FDP fields
Date: Thu, 25 Feb 2016 12:49:24 +0000	[thread overview]
Message-ID: <56CEF854.9080604@citrix.com> (raw)
In-Reply-To: <56CF015802000078000D6284@prv-mh.provo.novell.com>

On 25/02/16 12:27, Jan Beulich wrote:
>>>> On 25.02.16 at 13:18, <david.vrabel@citrix.com> wrote:
>> On 25/02/16 11:32, Jan Beulich wrote:
>>>>>> On 25.02.16 at 11:58, <david.vrabel@citrix.com> wrote:
>>>> The poison value is fixed and thus knowable by a guest (or guest
>>>> userspace).  This could allow the guest to cause Xen to incorrectly
>>>> detect that the field has not been written.  But: a) this requires the
>>>> FIP register to be a full 64 bits internally which is not the case for
>>>> all current AMD and Intel CPUs; and b) this only allows the guest (or
>>>> a guest userspace process) to corrupt its own state (i.e., it cannot
>>>> affect the state of another guest or another user space process).
>>>>
>>>> This results in smaller code with fewer branches and is more
>>>> understandable.
>>>>
>>>> Signed-off-by: David Vrabel <david.vrabel@citrix.com>
>>>
>>> Pending confirmation on FIP register width by at least Intel,
>>> Reviewed-by: Jan Beulich <jbeulich@suse.com>
>>
>> For Intel CPUs, FIP is 48-bits internally and newer CPUs have FPCSDS and
>> thus we will always use the 64-bit save.
> 
> Has Intel told you (but not us), or is this just based on experiments
> you did, or re-stating what I've found from experimenting?

I'm just restating things already mentioned in the various threads.

>> For AMD, which only writes FIP and FDP if an exception is pending, if a
>> guest wanted to use FIP to store an arbitrary 64-bit value (in some
>> future CPU) it would have to manually set an exception as pending.  Its
>> seems implausible that any software would actually do this.
> 
> All of these uses of FIP/FDP are implausible, yet we're aiming at
> correctly mimicking hardware behavior, allowing folks to even do
> implausible things that work on bare hardware.

I think:

a) On hardware with FPCSDS, we always do a 64-bit save/restore and thus
always match the hardware behaviour.

b) On hardware without FPCSDS we /cannot/ match the hardware behaviour.
 We must have some sort of heuristic to cover the common use cases.  The
existing heuristic is /already/ inadequate since Driver Verifier
confuses it. So IMO, making the heuristic a teeny, tiny bit less precise
doesn't matter.

c) For the uncommon use cases, there is always HVM_PARAM_X87_FIP_WIDTH
to force a particular behaviour.

David

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

next prev parent reply	other threads:[~2016-02-25 12:49 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-02-25 10:58 [PATCHv3 0/3] x86: workaround inability to fully restore FPU state David Vrabel
2016-02-25 10:58 ` [PATCHv3 1/3] x86/fpu: improve check for XSAVE* not writing FIP/FDP fields David Vrabel
2016-02-25 11:32   ` Jan Beulich
2016-02-25 12:18     ` David Vrabel
2016-02-25 12:27       ` Jan Beulich
2016-02-25 12:49         ` David Vrabel [this message]
2016-02-25 13:16           ` Andrew Cooper
2016-02-25 14:27             ` Jan Beulich
2016-02-25 15:07               ` Andrew Cooper
2016-02-25 15:09                 ` David Vrabel
2016-03-01  6:27         ` Tian, Kevin
2016-03-01  9:31           ` Jan Beulich
2016-02-25 10:58 ` [PATCHv3 2/3] x86/fpu: Add a per-domain field to set the width of FIP/FDP David Vrabel
2016-02-25 11:24   ` Jan Beulich
2016-02-25 11:38     ` David Vrabel
2016-02-25 11:55       ` Jan Beulich
2016-02-25 10:58 ` [PATCHv3 3/3] x86/hvm: add HVM_PARAM_X87_FIP_WIDTH David Vrabel

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=56CEF854.9080604@citrix.com \
    --to=david.vrabel@citrix.com \
    --cc=JBeulich@suse.com \
    --cc=andrew.cooper3@citrix.com \
    --cc=xen-devel@lists.xenproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.