lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAKv+Gu-s59fSWrMevmbJWyBtNVYLkF7FATALGBD470CWsN9C1Q@mail.gmail.com>
Date:   Mon, 3 Dec 2018 22:12:19 +0100
From:   Ard Biesheuvel <ard.biesheuvel@...aro.org>
To:     Dave Hansen <dave.hansen@...ux.intel.com>,
        Ingo Molnar <mingo@...hat.com>,
        "the arch/x86 maintainers" <x86@...nel.org>, nstange@...e.de,
        Rik van Riel <riel@...riel.com>,
        Sebastian Andrzej Siewior <bigeasy@...utronix.de>,
        KVM devel mailing list <kvm@...r.kernel.org>,
        "Jason A. Donenfeld" <Jason@...c4.com>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Ingo Molnar <mingo@...nel.org>,
        Radim Krčmář <rkrcmar@...hat.com>,
        "H. Peter Anvin" <hpa@...or.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        Andy Lutomirski <luto@...nel.org>,
        Borislav Petkov <bp@...e.de>,
        linux-efi <linux-efi@...r.kernel.org>,
        Paolo Bonzini <pbonzini@...hat.com>
Cc:     linux-tip-commits@...r.kernel.org
Subject: Re: [tip:x86/fpu] x86/fpu: Don't export __kernel_fpu_{begin,end}()

On Mon, 3 Dec 2018 at 22:04, tip-bot for Sebastian Andrzej Siewior
<tipbot@...or.com> wrote:
>
> Commit-ID:  7d79adb87fa79e4a4c59424fd5b5a922861fc5f6
> Gitweb:     https://git.kernel.org/tip/7d79adb87fa79e4a4c59424fd5b5a922861fc5f6
> Author:     Sebastian Andrzej Siewior <bigeasy@...utronix.de>
> AuthorDate: Thu, 29 Nov 2018 16:02:10 +0100
> Committer:  Borislav Petkov <bp@...e.de>
> CommitDate: Mon, 3 Dec 2018 19:37:27 +0100
>
> x86/fpu: Don't export __kernel_fpu_{begin,end}()
>
> There is one user of __kernel_fpu_begin() and before invoking it,
> it invokes preempt_disable(). So it could invoke kernel_fpu_begin()
> right away. The 32bit version of arch_efi_call_virt_setup() and
> arch_efi_call_virt_teardown() does this already.
>
> The comment above *kernel_fpu*() claims that before invoking
> __kernel_fpu_begin() preemption should be disabled and that KVM is a
> good example of doing it. Well, KVM doesn't do that since commit
>
>   f775b13eedee2 ("x86,kvm: move qemu/guest FPU switching out to vcpu_run")
>
> so it is not an example anymore.
>
> With EFI gone as the last user of __kernel_fpu_{begin|end}(), both can
> be made static and not exported anymore.
>
> Signed-off-by: Sebastian Andrzej Siewior <bigeasy@...utronix.de>
> Signed-off-by: Borislav Petkov <bp@...e.de>
> Reviewed-by: Rik van Riel <riel@...riel.com>
> Cc: "H. Peter Anvin" <hpa@...or.com>
> Cc: "Jason A. Donenfeld" <Jason@...c4.com>
> Cc: Andy Lutomirski <luto@...nel.org>
> Cc: Ard Biesheuvel <ard.biesheuvel@...aro.org>
> Cc: Dave Hansen <dave.hansen@...ux.intel.com>
> Cc: Ingo Molnar <mingo@...hat.com>
> Cc: Nicolai Stange <nstange@...e.de>
> Cc: Paolo Bonzini <pbonzini@...hat.com>
> Cc: Radim Krčmář <rkrcmar@...hat.com>
> Cc: Thomas Gleixner <tglx@...utronix.de>
> Cc: kvm ML <kvm@...r.kernel.org>
> Cc: linux-efi <linux-efi@...r.kernel.org>
> Cc: x86-ml <x86@...nel.org>
> Link: https://lkml.kernel.org/r/20181129150210.2k4mawt37ow6c2vq@linutronix.de
> ---
>  arch/x86/include/asm/efi.h     |  6 ++----
>  arch/x86/include/asm/fpu/api.h | 16 ++++++----------
>  arch/x86/kernel/fpu/core.c     |  6 ++----
>  3 files changed, 10 insertions(+), 18 deletions(-)
>
> diff --git a/arch/x86/include/asm/efi.h b/arch/x86/include/asm/efi.h
> index eea40d52ca78..45864898f7e5 100644
> --- a/arch/x86/include/asm/efi.h
> +++ b/arch/x86/include/asm/efi.h
> @@ -82,8 +82,7 @@ struct efi_scratch {
>  #define arch_efi_call_virt_setup()                                     \
>  ({                                                                     \
>         efi_sync_low_kernel_mappings();                                 \
> -       preempt_disable();                                              \
> -       __kernel_fpu_begin();                                           \
> +       kernel_fpu_begin();                                             \
>         firmware_restrict_branch_speculation_start();                   \
>                                                                         \
>         if (!efi_enabled(EFI_OLD_MEMMAP))                               \
> @@ -99,8 +98,7 @@ struct efi_scratch {
>                 efi_switch_mm(efi_scratch.prev_mm);                     \
>                                                                         \
>         firmware_restrict_branch_speculation_end();                     \
> -       __kernel_fpu_end();                                             \
> -       preempt_enable();                                               \
> +       kernel_fpu_end();                                               \
>  })
>
>  extern void __iomem *__init efi_ioremap(unsigned long addr, unsigned long size,
> diff --git a/arch/x86/include/asm/fpu/api.h b/arch/x86/include/asm/fpu/api.h
> index a9caac9d4a72..e368d8d94ca6 100644
> --- a/arch/x86/include/asm/fpu/api.h
> +++ b/arch/x86/include/asm/fpu/api.h
> @@ -12,17 +12,13 @@
>  #define _ASM_X86_FPU_API_H
>
>  /*
> - * Careful: __kernel_fpu_begin/end() must be called with preempt disabled
> - * and they don't touch the preempt state on their own.
> - * If you enable preemption after __kernel_fpu_begin(), preempt notifier
> - * should call the __kernel_fpu_end() to prevent the kernel/user FPU
> - * state from getting corrupted. KVM for example uses this model.
> - *
> - * All other cases use kernel_fpu_begin/end() which disable preemption
> - * during kernel FPU usage.
> + * Use kernel_fpu_begin/end() if you intend to use FPU in kernel context. It
> + * disables preemption so be careful if you intend to use it for long periods
> + * of time.
> + * If you intend to use the FPU in softirq you need to check first with
> + * irq_fpu_usable() if it is possible.
> + * Using the FPU in hardirq is not allowed.

According to the documentation in x86/kernel/fpu/core.c, this is not
true. So which one is accurate?

>   */
> -extern void __kernel_fpu_begin(void);
> -extern void __kernel_fpu_end(void);
>  extern void kernel_fpu_begin(void);
>  extern void kernel_fpu_end(void);
>  extern bool irq_fpu_usable(void);
> diff --git a/arch/x86/kernel/fpu/core.c b/arch/x86/kernel/fpu/core.c
> index 2ea85b32421a..2e5003fef51a 100644
> --- a/arch/x86/kernel/fpu/core.c
> +++ b/arch/x86/kernel/fpu/core.c
> @@ -93,7 +93,7 @@ bool irq_fpu_usable(void)
>  }
>  EXPORT_SYMBOL(irq_fpu_usable);
>
> -void __kernel_fpu_begin(void)
> +static void __kernel_fpu_begin(void)
>  {
>         struct fpu *fpu = &current->thread.fpu;
>
> @@ -111,9 +111,8 @@ void __kernel_fpu_begin(void)
>                 __cpu_invalidate_fpregs_state();
>         }
>  }
> -EXPORT_SYMBOL(__kernel_fpu_begin);
>
> -void __kernel_fpu_end(void)
> +static void __kernel_fpu_end(void)
>  {
>         struct fpu *fpu = &current->thread.fpu;
>
> @@ -122,7 +121,6 @@ void __kernel_fpu_end(void)
>
>         kernel_fpu_enable();
>  }
> -EXPORT_SYMBOL(__kernel_fpu_end);
>
>  void kernel_fpu_begin(void)
>  {

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ