| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 25 Sep 2019 08:10:16 -0700
From: Yu-cheng Yu <yu-cheng.yu@...el.com>
To: linux-kernel@...r.kernel.org, x86@...nel.org,
"H. Peter Anvin" <hpa@...or.com>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Tony Luck <tony.luck@...el.com>,
Andy Lutomirski <luto@...nel.org>,
Borislav Petkov <bp@...en8.de>,
Rik van Riel <riel@...riel.com>,
"Ravi V. Shankar" <ravi.v.shankar@...el.com>,
Sebastian Andrzej Siewior <bigeasy@...utronix.de>,
Fenghua Yu <fenghua.yu@...el.com>,
Peter Zijlstra <peterz@...radead.org>
Cc: Yu-cheng Yu <yu-cheng.yu@...el.com>
Subject: [PATCH 0/6] Support XSAVES supervisor states
There are two types of XSAVE-managed states (xstates): user and supervisor.
This series introduces the supervisor xstate support in preparation for new
features that will make use of supervisor xstates.
This series has been separated for ease of review from the series that add
supervisor xstate features [3].
In current and near future generations of Intel processors there are three
classes of objects that can be managed as supervisor xstates:
- Processor Trace (PT):
Linux already supports PT, but PT xstates are not saved to the FPU
context and not context-switched by the kernel. There are no plans to
integrate PT into XSAVES supervisor states.
- ENQCMD Process Address Space ID (MSR_IA32_PASID):
ENQCMD is a new instruction and will be introduced shortly in a
separate series [2].
- Control-flow Enforcement Technology (CET):
CET is being reviewed on the LKML [2] [3].
Supervisor xstates can be accessed only from the kernel (PL-0) with XSAVES/
XRSTORS instructions. They cannot be accessed with other XSAVE*/XRSTOR*
instructions. MSR_IA32_XSS sets enabled supervisor xstates, while XCR0
sets enabled user xstates.
This series separates the two xstate types by declaring new macros for each
type. The kernel finds all available features during system initialization
and stores them in xfeatures_mask_all. It then retrieves perspective
xstate type with xfeatures_mask_supervisor()/xfeatures_mask_user() for
handling signals and PTRACE.
[1] Detailed information on supervisor xstates can be found in "Intel 64
and IA-32 Architectures Software Developer's Manual":
https://software.intel.com/en-us/download/intel-64-and-ia-32-
architectures-sdm-combined-volumes-1-2a-2b-2c-2d-3a-3b-3c-3d-and-4
[2] Detailed information on CET, the ENQCMD instruction and MSR_IA32_PASID
can be found in "Intel Architecture Instruction Set Extensions and
Future Features Programming Reference":
https://software.intel.com/sites/default/files/managed/c5/15/
architecture-instruction-set-extensions-programming-reference.pdf
[3] CET patches:
https://lkml.kernel.org/r/20190813205225.12032-1-yu-cheng.yu@intel.com/
https://lkml.kernel.org/r/20190813205359.12196-1-yu-cheng.yu@intel.com/
Fenghua Yu (3):
x86/fpu/xstate: Define new macros for supervisor and user xstates
x86/fpu/xstate: Define new functions for clearing fpregs and xstates
x86/fpu/xstate: Rename validate_xstate_header() to
validate_xstate_header_from_user()
Yu-cheng Yu (3):
x86/fpu/xstate: Fix small issues before adding supervisor xstates
x86/fpu/xstate: Separate user and supervisor xfeatures mask
x86/fpu/xstate: Introduce XSAVES supervisor states
arch/x86/include/asm/fpu/internal.h | 5 +-
arch/x86/include/asm/fpu/xstate.h | 46 ++++++----
arch/x86/kernel/fpu/core.c | 32 ++++---
arch/x86/kernel/fpu/init.c | 3 +-
arch/x86/kernel/fpu/regset.c | 2 +-
arch/x86/kernel/fpu/signal.c | 21 +++--
arch/x86/kernel/fpu/xstate.c | 131 ++++++++++++++++------------
arch/x86/kernel/process.c | 2 +-
arch/x86/kernel/signal.c | 2 +-
9 files changed, 149 insertions(+), 95 deletions(-)
--
2.17.1
Powered by blists - more mailing lists