| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 10 Dec 2021 17:25:02 +0100
From: Paolo Bonzini <pbonzini@...hat.com>
To: Yang Zhong <yang.zhong@...el.com>, x86@...nel.org,
kvm@...r.kernel.org, linux-kernel@...r.kernel.org,
tglx@...utronix.de, mingo@...hat.com, bp@...en8.de,
dave.hansen@...ux.intel.com
Cc: seanjc@...gle.com, jun.nakajima@...el.com, kevin.tian@...el.com,
jing2.liu@...ux.intel.com, jing2.liu@...el.com
Subject: Re: [PATCH 16/19] kvm: x86: Introduce KVM_{G|S}ET_XSAVE2 ioctl
On 12/8/21 01:03, Yang Zhong wrote:
> From: Jing Liu <jing2.liu@...el.com>
>
> When dynamic XSTATE features are supported, the xsave states are
> beyond 4KB. The current kvm_xsave structure and related
> KVM_{G, S}ET_XSAVE only allows 4KB which is not enough for full
> states.
>
> Introduce a new kvm_xsave2 structure and the corresponding
> KVM_GET_XSAVE2 and KVM_SET_XSAVE2 ioctls so that userspace VMM
> can get and set the full xsave states.
>
> Signed-off-by: Jing Liu <jing2.liu@...el.com>
> Signed-off-by: Yang Zhong <yang.zhong@...el.com>
> ---
> arch/x86/include/uapi/asm/kvm.h | 6 ++++
> arch/x86/kvm/x86.c | 62 +++++++++++++++++++++++++++++++++
> include/uapi/linux/kvm.h | 7 +++-
> 3 files changed, 74 insertions(+), 1 deletion(-)
>
> diff --git a/arch/x86/include/uapi/asm/kvm.h b/arch/x86/include/uapi/asm/kvm.h
> index 5a776a08f78c..de42a51e20c3 100644
> --- a/arch/x86/include/uapi/asm/kvm.h
> +++ b/arch/x86/include/uapi/asm/kvm.h
> @@ -47,6 +47,7 @@
> #define __KVM_HAVE_VCPU_EVENTS
> #define __KVM_HAVE_DEBUGREGS
> #define __KVM_HAVE_XSAVE
> +#define __KVM_HAVE_XSAVE2
> #define __KVM_HAVE_XCRS
> #define __KVM_HAVE_READONLY_MEM
>
> @@ -378,6 +379,11 @@ struct kvm_xsave {
> __u32 region[1024];
> };
>
> +struct kvm_xsave2 {
> + __u32 size;
> + __u8 state[0];
> +};
> +
> #define KVM_MAX_XCRS 16
>
> struct kvm_xcr {
> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
> index 8b033c9241d6..d212f6d2d39a 100644
> --- a/arch/x86/kvm/x86.c
> +++ b/arch/x86/kvm/x86.c
> @@ -4216,6 +4216,7 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext)
> case KVM_CAP_DEBUGREGS:
> case KVM_CAP_X86_ROBUST_SINGLESTEP:
> case KVM_CAP_XSAVE:
> + case KVM_CAP_XSAVE2:
> case KVM_CAP_ASYNC_PF:
> case KVM_CAP_ASYNC_PF_INT:
> case KVM_CAP_GET_TSC_KHZ:
> @@ -4940,6 +4941,17 @@ static void kvm_vcpu_ioctl_x86_get_xsave(struct kvm_vcpu *vcpu,
> vcpu->arch.pkru);
> }
>
> +static void kvm_vcpu_ioctl_x86_get_xsave2(struct kvm_vcpu *vcpu,
> + u8 *state, u32 size)
> +{
> + if (fpstate_is_confidential(&vcpu->arch.guest_fpu))
> + return;
> +
> + fpu_copy_guest_fpstate_to_uabi(&vcpu->arch.guest_fpu,
> + state, size,
> + vcpu->arch.pkru);
> +}
> +
> static int kvm_vcpu_ioctl_x86_set_xsave(struct kvm_vcpu *vcpu,
> struct kvm_xsave *guest_xsave)
> {
> @@ -4951,6 +4963,15 @@ static int kvm_vcpu_ioctl_x86_set_xsave(struct kvm_vcpu *vcpu,
> supported_xcr0, &vcpu->arch.pkru);
> }
>
> +static int kvm_vcpu_ioctl_x86_set_xsave2(struct kvm_vcpu *vcpu, u8 *state)
> +{
> + if (fpstate_is_confidential(&vcpu->arch.guest_fpu))
> + return 0;
> +
> + return fpu_copy_uabi_to_guest_fpstate(&vcpu->arch.guest_fpu, state,
> + supported_xcr0, &vcpu->arch.pkru);
> +}
> +
> static void kvm_vcpu_ioctl_x86_get_xcrs(struct kvm_vcpu *vcpu,
> struct kvm_xcrs *guest_xcrs)
> {
> @@ -5416,6 +5437,47 @@ long kvm_arch_vcpu_ioctl(struct file *filp,
> r = kvm_vcpu_ioctl_x86_set_xsave(vcpu, u.xsave);
> break;
> }
> + case KVM_GET_XSAVE2: {
> + struct kvm_xsave2 __user *xsave2_arg = argp;
> + struct kvm_xsave2 xsave2;
> +
> + r = -EFAULT;
> + if (copy_from_user(&xsave2, xsave2_arg, sizeof(struct kvm_xsave2)))
> + break;
> +
> + u.buffer = kzalloc(xsave2.size, GFP_KERNEL_ACCOUNT);
> +
> + r = -ENOMEM;
> + if (!u.buffer)
> + break;
> +
> + kvm_vcpu_ioctl_x86_get_xsave2(vcpu, u.buffer, xsave2.size);
> +
> + r = -EFAULT;
> + if (copy_to_user(xsave2_arg->state, u.buffer, xsave2.size))
> + break;
> +
> + r = 0;
> + break;
> + }
> + case KVM_SET_XSAVE2: {
> + struct kvm_xsave2 __user *xsave2_arg = argp;
> + struct kvm_xsave2 xsave2;
> +
> + r = -EFAULT;
> + if (copy_from_user(&xsave2, xsave2_arg, sizeof(struct kvm_xsave2)))
> + break;
> +
> + u.buffer = memdup_user(xsave2_arg->state, xsave2.size);
> +
> + if (IS_ERR(u.buffer)) {
> + r = PTR_ERR(u.buffer);
> + goto out_nofree;
> + }
> +
> + r = kvm_vcpu_ioctl_x86_set_xsave2(vcpu, u.buffer);
> + break;
> + }
> case KVM_GET_XCRS: {
> u.xcrs = kzalloc(sizeof(struct kvm_xcrs), GFP_KERNEL_ACCOUNT);
> r = -ENOMEM;
> diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h
> index 0c7b301c7254..603e1ca9ba09 100644
> --- a/include/uapi/linux/kvm.h
> +++ b/include/uapi/linux/kvm.h
> @@ -1132,7 +1132,9 @@ struct kvm_ppc_resize_hpt {
> #define KVM_CAP_EXIT_ON_EMULATION_FAILURE 204
> #define KVM_CAP_ARM_MTE 205
> #define KVM_CAP_VM_MOVE_ENC_CONTEXT_FROM 206
> -
> +#ifdef __KVM_HAVE_XSAVE2
> +#define KVM_CAP_XSAVE2 207
> +#endif
> #ifdef KVM_CAP_IRQ_ROUTING
>
> struct kvm_irq_routing_irqchip {
> @@ -1679,6 +1681,9 @@ struct kvm_xen_hvm_attr {
> #define KVM_GET_SREGS2 _IOR(KVMIO, 0xcc, struct kvm_sregs2)
> #define KVM_SET_SREGS2 _IOW(KVMIO, 0xcd, struct kvm_sregs2)
>
> +#define KVM_GET_XSAVE2 _IOR(KVMIO, 0xcf, struct kvm_xsave2)
> +#define KVM_SET_XSAVE2 _IOW(KVMIO, 0xd0, struct kvm_xsave2)
> +
> struct kvm_xen_vcpu_attr {
> __u16 type;
> __u16 pad[3];
>
Please also modify KVM_GET/SET_XSAVE to fail with ENOSPC if the
requested size is bigger than 4096.
Paolo
Powered by blists - more mailing lists