| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 7 May 2015 17:33:02 +0200 From: Ingo Molnar <mingo@...nel.org> To: Dave Hansen <dave.hansen@...ux.intel.com> Cc: Ingo Molnar <mingo2.kernel.org@...il.com>, linux-kernel@...r.kernel.org, Andy Lutomirski <luto@...capital.net>, Borislav Petkov <bp@...en8.de>, Fenghua Yu <fenghua.yu@...el.com>, "H. Peter Anvin" <hpa@...or.com>, Linus Torvalds <torvalds@...ux-foundation.org>, Oleg Nesterov <oleg@...hat.com>, Thomas Gleixner <tglx@...utronix.de> Subject: Re: [PATCH 084/208] x86/fpu: Rename xsave.header::xstate_bv to 'xfeatures' * Dave Hansen <dave.hansen@...ux.intel.com> wrote: > > Btw., regarding XCR0.PKRU: that enables 'Protection Keys' in the > > PTE format. What's the main purpose of these keys? They seem to > > duplicate the read/write bits in the PTE, with the exception that > > they don't impact instruction fetches. So is this used to allow > > user-space to execute but otherwise not read instructions? > > > > Or some other purpose I missed? > > You can change the permissions of a given key with writes to the > register without changing the PTE. No TLB shootdown, plus the > permission changes are local to the CPU thread. interesting ... where are we doing that? kmap_atomic() is the only place I can think of in the kernel, but there we are already skipping the TLB shootdown by doing an INVLPG. > I have patches today if you're interested. I'm always interested in new CPU features ;-) > ... > >> We'd need to determine which fields are in the init state before we > >> do an xsaves. > > > > Why? I don't think that's necessary. > > "If RFBM[i] = 0, XSTATE_BV[i] is written as 0." Yes, that's natural: RFBM is the combination of XCR0 (constant) and the 'instruction mask' (constant as well) - i.e. it's a wide bitmask including all our xfeatures - essentially 'xfeatures_mask' (in tmp.fpu). > We need to pull XSTATE_BV in to the instruction mask when doing an > XSAVE* if our RFBM has bits unset that *are* set in XSTATE_BV. > Otherwise, we'll destroy the bits at XSAVE* time. But why would our RFBM be narrower than any possible XSTATE_BV we handle? Our XCR0 is at the max. Also, the XSTATE_BV value of the save area is immaterial when we do an XSAVES: all the state is in CPU registers, we want to save it to the save area. XSAVES will write it for us. > It's not a problem today because the instruction mask is always -1, > so it always has every bit set that *MIGHT* be set in XSTATE_BV. Yes. And why would we ever want to narrow it? > As for the whole bit 63 thing... It's possible and valid to have a > XCOMP_BV[62:0]=0 because the instruction mask only contained bits > that were unset in XCR0|IA32_XSS. You need bit 63 to tell you which > format you are using. So basically if you request an XSAVES to ... write nothing (XCR0 AND instruction mask is 0), then it will represent this as 0|1<<63 in XCOMP_BV? In that case it does not matter whether the area is compacted or standard: nothing was saved and nothing will have to be restored, only the xsave header area will be accessed. Am I missing something? Thanks, Ingo -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists