lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 24 Mar 2022 14:47:07 +0100 (CET)
From:   Thomas Gleixner <tglx@...utronix.de>
To:     LKML <linux-kernel@...r.kernel.org>
Cc:     x86@...nel.org, "Chang S. Bae" <chang.seok.bae@...el.com>,
        Paolo Bonzini <bonzini@....org>,
        Fenghua Yu <fenghua.yu@...el.com>,
        Tony Luck <tony.luck@...el.com>
Subject: [patch 0/7] x86/fpu: Cure supervisor mode (ENQCMD) fallout

Folks!

The (re)enabling of ENQCMD or the enabling of any supervisor only state
results in a possible inconsistency of the host and guest FPU XSTATE layout
on systems which support that feature.

The reason is that on the host the FPU state has to include supervisor
features while the guest FPU state is strictly user features only.

The problem is restricted to a few places:

  1) The size calculation in the dynamic state permission PRCTL which lacks
     adding the supervisor state size for calculating the kernel buffer
     size.

  2) The offset calculations in the copy to/from UABI functions which
     use precalculated offsets which are only valid for the host.

The cure is to use runtime calculation for the offsets based on the
XCOMP_BV bitmask in the XSTATE header in case of compacted buffers. For
non-compacted format nothing changes.

The following series addresses this and it turns out to be an overall
valuable cleanup and simplification of the code:

 core.c   |    3 
 xstate.c |  211 ++++++++++++++++++---------------------------------------------
 2 files changed, 62 insertions(+), 152 deletions(-)

The result of the consolidation of the buffer size calculation (last patch
in the series) is a significant reduction of cycles spent for initializing
XSTATE due to the avoidance of a gazillion redundant CPUID invocations:

 Before: XSTATE init: 174344 cycles
 After:  XSTATE init:  73890 cycles

It builds, boots on host and guest, but is not yet extensively tested.
Testing with a AMX + PASID enabled machine has not been done at all as I
don't have easy access to such a beast.

The series is based on:

   git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git x86/urgent

and available from git:

   git://git.kernel.org/pub/scm/linux/kernel/git/tglx/devel.git x86/fpu

Thanks,

	tglx

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ