From: Dave Hansen <dave.hansen@intel.com>
To: Sebastian Andrzej Siewior <bigeasy@linutronix.de>,
linux-kernel@vger.kernel.org
Cc: x86@kernel.org, "Andy Lutomirski" <luto@kernel.org>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Radim Krčmář" <rkrcmar@redhat.com>,
kvm@vger.kernel.org, "Jason A. Donenfeld" <Jason@zx2c4.com>,
"Rik van Riel" <riel@surriel.com>,
"Dave Hansen" <dave.hansen@linux.intel.com>
Subject: Re: [PATCH 14/22] x86/fpu: Eager switch PKRU state
Date: Mon, 25 Feb 2019 10:16:24 -0800 [thread overview]
Message-ID: <eedfbbbe-02d0-f977-2a64-e683b98d3904@intel.com> (raw)
In-Reply-To: <20190221115020.12385-15-bigeasy@linutronix.de>
On 2/21/19 3:50 AM, Sebastian Andrzej Siewior wrote:
> diff --git a/arch/x86/include/asm/fpu/internal.h b/arch/x86/include/asm/fpu/internal.h
> index 67e4805bccb6f..05f6fce62e9f1 100644
> --- a/arch/x86/include/asm/fpu/internal.h
> +++ b/arch/x86/include/asm/fpu/internal.h
> @@ -562,8 +562,24 @@ switch_fpu_prepare(struct fpu *old_fpu, int cpu)
> */
> static inline void switch_fpu_finish(struct fpu *new_fpu, int cpu)
> {
> - if (static_cpu_has(X86_FEATURE_FPU))
> - __fpregs_load_activate(new_fpu, cpu);
> + struct pkru_state *pk;
> + u32 pkru_val = 0;
> +
> + if (!static_cpu_has(X86_FEATURE_FPU))
> + return;
> +
> + __fpregs_load_activate(new_fpu, cpu);
This is still a bit light on comments.
Maybe:
/* PKRU state is switched eagerly because... */
> + if (!cpu_feature_enabled(X86_FEATURE_OSPKE))
> + return;
> +
> + if (current->mm) {
> + pk = get_xsave_addr(&new_fpu->state.xsave, XFEATURE_PKRU);
> + WARN_ON_ONCE(!pk);
This can trip on us of the 'init optimization' is in play because
get_xsave_addr() checks xsave->header.xfeatures. That's unlikely today
because we usually set PKRU to a restrictive value. But, it's also not
*guaranteed*.
Userspace could easily do an XRSTOR that puts PKRU back in its init
state if it wanted to, then this would end up with pk==NULL.
We might actually want a selftest that *does* that. I don't think we
have one.
> + if (pk)
> + pkru_val = pk->pkru;
> + }> + __write_pkru(pkru_val);
> }
A comment above __write_pkru() would be nice to say that it only
actually does the slow instruction on changes to the value.
BTW, this has the implicit behavior of always trying to do a
__write_pkru(0) on switches to kernel threads. That seems a bit weird
and it is likely to impose WRPKRU overhead on switches between user and
kernel threads.
The 0 value is also the most permissive, which is not great considering
that user mm's can be active the in page tables when running kernel
threads if we're being lazy.
Seems like we should either leave PKRU alone or have 'init_pkru_value'
be the default. That gives good security properties and is likely to
match the application value, removing the WRPKRU overhead.
next prev parent reply other threads:[~2019-02-25 18:16 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-21 11:49 [PATCH v7] x86: load FPU registers on return to userland Sebastian Andrzej Siewior
2019-02-21 11:49 ` [PATCH 01/22] x86/fpu: Remove fpu->initialized usage in __fpu__restore_sig() Sebastian Andrzej Siewior
2019-02-21 11:50 ` [PATCH 02/22] x86/fpu: Remove fpu__restore() Sebastian Andrzej Siewior
2019-02-21 11:50 ` [PATCH 03/22] x86/fpu: Remove preempt_disable() in fpu__clear() Sebastian Andrzej Siewior
2019-02-21 11:50 ` [PATCH 04/22] x86/fpu: Always init the `state' " Sebastian Andrzej Siewior
2019-02-21 11:50 ` [PATCH 05/22] x86/fpu: Remove fpu->initialized usage in copy_fpstate_to_sigframe() Sebastian Andrzej Siewior
2019-02-21 11:50 ` [PATCH 06/22] x86/fpu: Don't save fxregs for ia32 frames " Sebastian Andrzej Siewior
2019-02-21 11:50 ` [PATCH 07/22] x86/fpu: Remove fpu->initialized Sebastian Andrzej Siewior
2019-02-21 11:50 ` [PATCH 08/22] x86/fpu: Remove user_fpu_begin() Sebastian Andrzej Siewior
2019-02-21 11:50 ` [PATCH 09/22] x86/fpu: Add (__)make_fpregs_active helpers Sebastian Andrzej Siewior
2019-02-21 11:50 ` [PATCH 10/22] x86/fpu: Make __raw_xsave_addr() use feature number instead of mask Sebastian Andrzej Siewior
2019-02-21 11:50 ` [PATCH 11/22] x86/fpu: Make get_xsave_field_ptr() and get_xsave_addr() " Sebastian Andrzej Siewior
2019-02-21 11:50 ` [PATCH 12/22] x86/fpu: Only write PKRU if it is different from current Sebastian Andrzej Siewior
2019-02-25 18:08 ` Dave Hansen
2019-03-08 17:24 ` Sebastian Andrzej Siewior
2019-02-21 11:50 ` [PATCH 13/22] x86/pkeys: Don't check if PKRU is zero before writting it Sebastian Andrzej Siewior
2019-02-21 11:50 ` [PATCH 14/22] x86/fpu: Eager switch PKRU state Sebastian Andrzej Siewior
2019-02-25 18:16 ` Dave Hansen [this message]
2019-03-08 18:08 ` Sebastian Andrzej Siewior
2019-03-08 19:01 ` Dave Hansen
2019-03-11 11:06 ` Sebastian Andrzej Siewior
2019-03-11 14:30 ` Sebastian Andrzej Siewior
[not found] ` <cd1a34e6-f122-33e3-864f-e23c1833a6c0@intel.com>
2019-03-21 17:10 ` Sebastian Andrzej Siewior
2019-02-21 11:50 ` [PATCH 15/22] x86/entry: Add TIF_NEED_FPU_LOAD Sebastian Andrzej Siewior
2019-02-21 11:50 ` [PATCH 16/22] x86/fpu: Always store the registers in copy_fpstate_to_sigframe() Sebastian Andrzej Siewior
2019-02-21 11:50 ` [PATCH 17/22] x86/fpu: Prepare copy_fpstate_to_sigframe() for TIF_NEED_FPU_LOAD Sebastian Andrzej Siewior
2019-02-21 11:50 ` [PATCH 18/22] x86/fpu: Update xstate's PKRU value on write_pkru() Sebastian Andrzej Siewior
2019-02-21 11:50 ` [PATCH 19/22] x86/fpu: Inline copy_user_to_fpregs_zeroing() Sebastian Andrzej Siewior
2019-02-21 11:50 ` [PATCH 20/22] x86/fpu: Let __fpu__restore_sig() restore the !32bit+fxsr frame from kernel memory Sebastian Andrzej Siewior
2019-02-21 11:50 ` [PATCH 21/22] x86/fpu: Merge the two code paths in __fpu__restore_sig() Sebastian Andrzej Siewior
2019-02-21 11:50 ` [PATCH 22/22] x86/fpu: Defer FPU state load until return to userspace Sebastian Andrzej Siewior
-- strict thread matches above, loose matches on Subject: below --
2019-01-09 11:47 [PATCH v6] x86: load FPU registers on return to userland Sebastian Andrzej Siewior
2019-01-09 11:47 ` [PATCH 14/22] x86/fpu: Eager switch PKRU state Sebastian Andrzej Siewior
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=eedfbbbe-02d0-f977-2a64-e683b98d3904@intel.com \
--to=dave.hansen@intel.com \
--cc=Jason@zx2c4.com \
--cc=bigeasy@linutronix.de \
--cc=dave.hansen@linux.intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=pbonzini@redhat.com \
--cc=riel@surriel.com \
--cc=rkrcmar@redhat.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox