lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <BN9PR11MB527634C540FD1BC6083E396B8C5F9@BN9PR11MB5276.namprd11.prod.outlook.com>
Date:   Tue, 25 Jan 2022 01:26:56 +0000
From:   "Tian, Kevin" <kevin.tian@...el.com>
To:     Paolo Bonzini <pbonzini@...hat.com>,
        Like Xu <like.xu.linux@...il.com>
CC:     Jim Mattson <jmattson@...gle.com>,
        "Christopherson,, Sean" <seanjc@...gle.com>,
        Vitaly Kuznetsov <vkuznets@...hat.com>,
        Wanpeng Li <wanpengli@...cent.com>,
        Joerg Roedel <joro@...tes.org>,
        "kvm@...r.kernel.org" <kvm@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: RE: [PATCH] KVM: x86/cpuid: Exclude unpermitted xfeatures sizes at
 KVM_GET_SUPPORTED_CPUID

> From: Paolo Bonzini <pbonzini@...hat.com>
> Sent: Monday, January 24, 2022 10:00 PM
> 
> On 1/24/22 09:02, Like Xu wrote:
> >   	case 0xd: {
> > -		u64 guest_perm = xstate_get_guest_group_perm();
> > +		u64 supported_xcr0 = supported_xcr0 &
> xstate_get_guest_group_perm();
> >
> > -		entry->eax &= supported_xcr0 & guest_perm;
> > +		entry->eax &= supported_xcr0;
> >   		entry->ebx = xstate_required_size(supported_xcr0, false);
> >   		entry->ecx = entry->ebx;
> > -		entry->edx &= (supported_xcr0 & guest_perm) >> 32;
> > +		entry->edx &= supported_xcr0 >> 32;
> >   		if (!supported_xcr0)
> >   			break;
> >
> 
> No, please don't use this kind of shadowing.  I'm not even sure it
> works, and one would have to read the C standard or look at the
> disassembly to be sure.  Perhaps this instead could be an idea:
> 
> diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
> index 3dcd58a138a9..03deb51d8d18 100644
> --- a/arch/x86/kvm/cpuid.c
> +++ b/arch/x86/kvm/cpuid.c
> @@ -887,13 +887,14 @@ static inline int __do_cpuid_func(struct
> kvm_cpuid_array *array, u32 function)
>   		}
>   		break;
>   	case 0xd: {
> -		u64 supported_xcr0 = supported_xcr0 &
> xstate_get_guest_group_perm();
> +		u64 permitted_xcr0 = supported_xcr0 &
> xstate_get_guest_group_perm();
> 
> -		entry->eax &= supported_xcr0;
> -		entry->ebx = xstate_required_size(supported_xcr0, false);
> +#define supported_xcr0 DO_NOT_USE_ME
> +		entry->eax &= permitted_xcr0;
> +		entry->ebx = xstate_required_size(permitted_xcr0, false);
>   		entry->ecx = entry->ebx;
> -		entry->edx &= supported_xcr0 >> 32;
> -		if (!supported_xcr0)
> +		entry->edx &= permitted_xcr0 >> 32;
> +		if (!permitted_xcr0)
>   			break;
> 
>   		entry = do_host_cpuid(array, function, 1);
> @@ -902,7 +903,7 @@ static inline int __do_cpuid_func(struct
> kvm_cpuid_array *array, u32 function)
> 
>   		cpuid_entry_override(entry, CPUID_D_1_EAX);
>   		if (entry->eax & (F(XSAVES)|F(XSAVEC)))
> -			entry->ebx = xstate_required_size(supported_xcr0 |
> supported_xss,
> +			entry->ebx = xstate_required_size(permitted_xcr0 |
> supported_xss,
>   							  true);
>   		else {
>   			WARN_ON_ONCE(supported_xss != 0);
> @@ -913,7 +914,7 @@ static inline int __do_cpuid_func(struct
> kvm_cpuid_array *array, u32 function)
> 
>   		for (i = 2; i < 64; ++i) {
>   			bool s_state;
> -			if (supported_xcr0 & BIT_ULL(i))
> +			if (permitted_xcr0 & BIT_ULL(i))
>   				s_state = false;
>   			else if (supported_xss & BIT_ULL(i))
>   				s_state = true;
> @@ -942,6 +943,7 @@ static inline int __do_cpuid_func(struct
> kvm_cpuid_array *array, u32 function)
>   			entry->edx = 0;
>   		}
>   		break;
> +#undef supported_xcr0
>   	}
>   	case 0x12:
>   		/* Intel SGX */
> 
> or alternatively add
> 
> 	u64 permitted_xss = supported_xss;
> 
> so that you use "permitted" consistently.  Anybody can vote on what they
> prefer (including "permitted_xcr0" and no #define/#undef).
> 

I prefer to permitted_xcr0 and permitted_xss. no #define/#undef.

'permitted' implies 'supported' plus certain permissions for this task. Once
both xcr0 and xss are defined consistently in this way, it's not necessary to
further guard supported_xcr0 with #define/#undef.

Thanks
Kevin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ