| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 07 May 2015 08:58:17 -0700 From: Dave Hansen <dave.hansen@...ux.intel.com> To: Ingo Molnar <mingo@...nel.org> CC: Ingo Molnar <mingo2.kernel.org@...il.com>, linux-kernel@...r.kernel.org, Andy Lutomirski <luto@...capital.net>, Borislav Petkov <bp@...en8.de>, Fenghua Yu <fenghua.yu@...el.com>, "H. Peter Anvin" <hpa@...or.com>, Linus Torvalds <torvalds@...ux-foundation.org>, Oleg Nesterov <oleg@...hat.com>, Thomas Gleixner <tglx@...utronix.de> Subject: Re: [PATCH 084/208] x86/fpu: Rename xsave.header::xstate_bv to 'xfeatures' On 05/07/2015 08:33 AM, Ingo Molnar wrote: > * Dave Hansen <dave.hansen@...ux.intel.com> wrote: >>> Btw., regarding XCR0.PKRU: that enables 'Protection Keys' in the >>> PTE format. What's the main purpose of these keys? They seem to >>> duplicate the read/write bits in the PTE, with the exception that >>> they don't impact instruction fetches. So is this used to allow >>> user-space to execute but otherwise not read instructions? >>> >>> Or some other purpose I missed? >> >> You can change the permissions of a given key with writes to the >> register without changing the PTE. No TLB shootdown, plus the >> permission changes are local to the CPU thread. > > interesting ... where are we doing that? kmap_atomic() is the only > place I can think of in the kernel, but there we are already skipping > the TLB shootdown by doing an INVLPG. Userspace. :) It's for userspace-only. >>>> We'd need to determine which fields are in the init state before we >>>> do an xsaves. >>> >>> Why? I don't think that's necessary. >> >> "If RFBM[i] = 0, XSTATE_BV[i] is written as 0." > > Yes, that's natural: RFBM is the combination of XCR0 (constant) and > the 'instruction mask' (constant as well) - i.e. it's a wide bitmask > including all our xfeatures - essentially 'xfeatures_mask' (in > tmp.fpu). > >> We need to pull XSTATE_BV in to the instruction mask when doing an >> XSAVE* if our RFBM has bits unset that *are* set in XSTATE_BV. >> Otherwise, we'll destroy the bits at XSAVE* time. > > But why would our RFBM be narrower than any possible XSTATE_BV we > handle? Our XCR0 is at the max. > > Also, the XSTATE_BV value of the save area is immaterial when we do an > XSAVES: all the state is in CPU registers, we want to save it to the > save area. XSAVES will write it for us. > >> It's not a problem today because the instruction mask is always -1, >> so it always has every bit set that *MIGHT* be set in XSTATE_BV. > > Yes. And why would we ever want to narrow it? Because it actually allows us to take advantage of the compaction. Think of the layout of a task using protection keys and MPX. MPX = 8*4 + 8*2 = 48 bytes. PKEYs = 4 bytes They'll be spread out in the standard form *OR* the compacted form with a RFBM=-1. But, with the compacted form with RFBM=PK|MPX_BITS, they'll fit in a cacheline. >> As for the whole bit 63 thing... It's possible and valid to have a >> XCOMP_BV[62:0]=0 because the instruction mask only contained bits >> that were unset in XCR0|IA32_XSS. You need bit 63 to tell you which >> format you are using. > > So basically if you request an XSAVES to ... write nothing (XCR0 AND > instruction mask is 0), then it will represent this as 0|1<<63 in > XCOMP_BV? > > In that case it does not matter whether the area is compacted or > standard: nothing was saved and nothing will have to be restored, only > the xsave header area will be accessed. Am I missing something? Take a look at the SDM. There are differences in the behavior when restoring the compacted vs. standard format. I don't know the deep reasons for *WHY*, just that there are some deltas clearly spelled out there. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists