lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <c5eb624af88a4692a0c8e7a889844472@AcuMS.aculab.com>
Date:   Wed, 16 Jan 2019 10:18:41 +0000
From:   David Laight <David.Laight@...LAB.COM>
To:     'Andy Lutomirski' <luto@...nel.org>,
        Dave Hansen <dave.hansen@...el.com>,
        "Jason A. Donenfeld" <Jason@...c4.com>
CC:     Sebastian Andrzej Siewior <bigeasy@...utronix.de>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "x86@...nel.org" <x86@...nel.org>,
        Paolo Bonzini <pbonzini@...hat.com>,
        Radim Krčmář <rkrcmar@...hat.com>,
        "kvm@...r.kernel.org" <kvm@...r.kernel.org>,
        Rik van Riel <riel@...riel.com>,
        Dave Hansen <dave.hansen@...ux.intel.com>
Subject: RE: [PATCH v6] x86: load FPU registers on return to userland

From: Andy Lutomirski
> Sent: 15 January 2019 20:27
> On Tue, Jan 15, 2019 at 11:46 AM Dave Hansen <dave.hansen@...el.com> wrote:
> >
> > On 1/15/19 4:44 AM, David Laight wrote:
> > > Once this is done it might be worth while adding a parameter to
> > > kernel_fpu_begin() to request the registers only when they don't
> > > need saving.
> > > This would benefit code paths where the gains are reasonable but not massive.
> > >
> > > The return value from kernel_fpu_begin() ought to indicate which
> > > registers are available - none, SSE, SSE2, AVX, AVX512 etc.
> > > So code can use an appropriate implementation.
> > > (I've not looked to see if this is already the case!)
> >
> > Yeah, it would be sane to have both a mask passed, and returned, say:
> >
> >         got = kernel_fpu_begin(XFEATURE_MASK_AVX512, NO_XSAVE_ALLOWED);

You could merge the two arguments.

> >         if (got == XFEATURE_MASK_AVX512)

	got & XFEATURE_MASK_AVX512

> >                 do_avx_512_goo();
> >         else
> >                 do_integer_goo();
> >
> >         kernel_fpu_end(got)
> >
> > Then, kernel_fpu_begin() can actually work without even *doing* an XSAVE:
> >
> >         /* Do we have to save state for anything in 'ask_mask'? */
> >         if (all_states_are_init(ask_mask))
> >                 return ask_mask;

It almost certainly needs to disable pre-emption - there isn't another
fpu save area.

> >
> > Then kernel_fpu_end() just needs to zero out (re-init) the state, which
> > it can do with XRSTORS and a careful combination of XSTATE_BV and the
> > requested feature bitmap (RFBM).
> >
> > This is all just optimization, though.
> 
> I don't think we'd ever want kernel_fpu_end() to restore anything,
> right?  I'm a bit confused as to when this optimization would actually
> be useful.

The user register restore is deferred to 'return to user'.

What you need to ensure is that the kernel values never leak out
to userspace.

ISTR there is a flag that says that all the AVX registers are zero
(XSAVE writes one, I can't remember if it is readable).
If the registers are all zero I think the kernel code can use them
even if they are 'live' - provided they get zeroed again before
return to user.
I also can't remember whether the fpu flags register is set by AVX
instructions - I know that is a pita to recover.

Also are all system calls entered via asm stubs that look like real functions?
(I think I've seen inline system calls in a linux binary - but that was a
long time ago.)
If that assumption can be made then because the AVX registers are all
caller-saved they are not 'live' on system call entry so can be zeroed
and need not be saved on a context switch.
(They still need saving if the kernel is entered by trap or interrupt.)

	David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ