Re: [PATCH] x86/fpu: Fix the os panic issue caused by the XGETBV instruction

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Sean Christopherson <seanjc@google.com>
To: "Chang S. Bae" <chang.seok.bae@intel.com>
Cc: Tony W Wang-oc <TonyWWang-oc@zhaoxin.com>,
	tglx@linutronix.de, mingo@redhat.com,  bp@alien8.de,
	dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com,
	 aruna.ramakrishna@oracle.com, pbonzini@redhat.com,
	levymitchell0@gmail.com,  attofari@amazon.de,
	linux-kernel@vger.kernel.org, CobeChen@zhaoxin.com,
	 TimGuo@zhaoxin.com, LeoLiu-oc@zhaoxin.com,
	Lyle Li <LyleLi@zhaoxin.com>
Subject: Re: [PATCH] x86/fpu: Fix the os panic issue caused by the XGETBV instruction
Date: Fri, 17 Jan 2025 14:10:01 -0800	[thread overview]
Message-ID: <Z4rVORZR2mBoRqjl@google.com> (raw)
In-Reply-To: <c603b75b-3de0-4d50-9645-47853d84cc20@intel.com>

On Wed, Jan 15, 2025, Chang S. Bae wrote:
> On 1/1/2025 11:54 PM, Tony W Wang-oc wrote:
> > From: Lyle Li <LyleLi@zhaoxin.com>
> > 
> > The callers of the xfeatures_in_use function must ensure that the
> > current processor has the X86_FEATURE_XGETBV1 feature. However, in some
> > places where xfeatures_in_use is called, there is no check to see if the
> > processor supports this feature, leading to the execution of the XGETBV
> > XCR1 instruction on processors that do not support this feature,
> > triggering a #GP exception, and ultimately causing an OS panic.
> 
> I doubt this is a real issue. An XFD implementation without XGETBV1 is
> considerably broken; every AMX system includes XGETBV1. Similarly, as far as
> I can see, PKU implementations also include XGETBV1. QEMU's CPU feature list
> [1] seems consistent with this.

QEMU's CPU models are not authoritative when it comes to architecture, they are
purely what CPUs hardware vendors have shipped.  The absense of a model with PKU
but not XGETBV1 simply reflects that neither Intel nor AMD have ever shipped such
a model.

> Maybe a wild clearcpuid use may clear off the XGETBV1 flag. Adding this
> dependency to the table would make the relationship explicit:
> 
> static const struct cpuid_dep cpuid_deps[] = {
> ...
> +       { X86_FEATURE_PKU,                      X86_FEATURE_XGETBV1   },
>         {}
>  };
> 
> Note that XFD is already listed as dependent on XGETBV1.
> 
> But I doubt the kernel needs to be resilient to deliberately misconfigured
> or crazy virtual machine setups.

I don't see anything in the SDM that suggests this is a misconfigured CPU.  Intel
might not have plans to ship such CPUs, but AFAICT it's not a violation of the
architecture as defined in the SDM.

The SDM even explicitly says that protection keys can exist and be used without
PKU state being supported in XSAVE at all, at which point assuming the existence
of XGETBV1 is rather nonsensical.

  XCR0[9] is associated with PKRU state (see Section 13.5.7). Software can use
  the XSAVE feature set to manage PKRU state only if XCR0[9] = 1. The value of
  XCR0[9] in no way determines whether software can use protection keys or execute
  other instructions that access PKRU state (these instructions can be executed even
  if XCR0[9] = 0).

  XCR0[9] is 0 coming out of RESET. As noted in Section 13.2, a processor allows
  software to set XCR0[9] if and only if CPUID.(EAX=0DH,ECX=0):EAX[9] = 1.

next prev parent reply	other threads:[~2025-01-17 22:10 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-01-02  7:54 [PATCH] x86/fpu: Fix the os panic issue caused by the XGETBV instruction Tony W Wang-oc
2025-01-15 18:39 ` Chang S. Bae
2025-01-17 22:10   ` Sean Christopherson [this message]
2025-01-17 23:24     ` Chang S. Bae
2025-01-18  3:13     ` H. Peter Anvin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Z4rVORZR2mBoRqjl@google.com \
    --to=seanjc@google.com \
    --cc=CobeChen@zhaoxin.com \
    --cc=LeoLiu-oc@zhaoxin.com \
    --cc=LyleLi@zhaoxin.com \
    --cc=TimGuo@zhaoxin.com \
    --cc=TonyWWang-oc@zhaoxin.com \
    --cc=aruna.ramakrishna@oracle.com \
    --cc=attofari@amazon.de \
    --cc=bp@alien8.de \
    --cc=chang.seok.bae@intel.com \
    --cc=dave.hansen@linux.intel.com \
    --cc=hpa@zytor.com \
    --cc=levymitchell0@gmail.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=tglx@linutronix.de \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox