lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 16 Dec 2021 01:04:01 +0000
From:   "Tian, Kevin" <kevin.tian@...el.com>
To:     Paolo Bonzini <pbonzini@...hat.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        "Wang, Wei W" <wei.w.wang@...el.com>,
        "quintela@...hat.com" <quintela@...hat.com>
CC:     LKML <linux-kernel@...r.kernel.org>,
        "Dr. David Alan Gilbert" <dgilbert@...hat.com>,
        Jing Liu <jing2.liu@...ux.intel.com>,
        "Zhong, Yang" <yang.zhong@...el.com>,
        "x86@...nel.org" <x86@...nel.org>,
        "kvm@...r.kernel.org" <kvm@...r.kernel.org>,
        "Christopherson,, Sean" <seanjc@...gle.com>,
        "Nakajima, Jun" <jun.nakajima@...el.com>,
        "Zeng, Guang" <guang.zeng@...el.com>
Subject: RE: [patch 5/6] x86/fpu: Provide fpu_update_guest_xcr0/xfd()

> From: Paolo Bonzini <paolo.bonzini@...il.com> On Behalf Of Paolo Bonzini
> Sent: Wednesday, December 15, 2021 6:28 PM
> 
> On 12/15/21 11:09, Thomas Gleixner wrote:
> > Lets assume the restore order is XSTATE, XCR0, XFD:
> >
> >       XSTATE has everything in init state, which means the default
> >       buffer is good enough
> >
> >       XCR0 has everything enabled including AMX, so the buffer is
> >       expanded
> >
> >       XFD has AMX disable set, which means the buffer expansion was
> >       pointless
> >
> > If we go there, then we can just use a full expanded buffer for KVM
> > unconditionally and be done with it. That spares a lot of code.
> 
> If we decide to use a full expanded buffer as soon as KVM_SET_CPUID2 is
> done, that would work for me.  Basically KVM_SET_CPUID2 would:
> 
> - check bits from CPUID[0xD] against the prctl requested with GUEST_PERM
> 
> - return with -ENXIO or whatever if any dynamic bits were not requested
> 
> - otherwise call fpstate_realloc if there are any dynamic bits requested
> 
> Considering that in practice all Linux guests with AMX would have XFD
> passthrough (because if there's no prctl, Linux keeps AMX disabled in
> XFD), this removes the need to do all the #NM handling too.  Just make

#NM trap is for XFD_ERR thus still required.

> XFD passthrough if it can ever be set to a nonzero value.  This costs an
> RDMSR per vmexit even if neither the host nor the guest ever use AMX.

Well, we can still trap WRMSR(XFD) in the start and then disable interception
after the 1st trap.

Thanks
Kevin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ