| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <167951609339.5837.3788677511456464455.tip-bot2@tip-bot2>
Date: Wed, 22 Mar 2023 20:14:53 -0000
From: "tip-bot2 for Chang S. Bae" <tip-bot2@...utronix.de>
To: linux-tip-commits@...r.kernel.org
Cc: "Chang S. Bae" <chang.seok.bae@...el.com>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Thiago Macieira <thiago.macieira@...el.com>,
Yang Zhong <yang.zhong@...el.com>,
Tony Luck <tony.luck@...el.com>, x86@...nel.org,
linux-kernel@...r.kernel.org
Subject: [tip: x86/fpu] Documentation/x86: Explain the state component
permission for guests
The following commit has been merged into the x86/fpu branch of tip:
Commit-ID: 5fbff260755750559aa12a30f6fa7f8a863666f1
Gitweb: https://git.kernel.org/tip/5fbff260755750559aa12a30f6fa7f8a863666f1
Author: Chang S. Bae <chang.seok.bae@...el.com>
AuthorDate: Fri, 20 Jan 2023 16:19:00 -08:00
Committer: Dave Hansen <dave.hansen@...ux.intel.com>
CommitterDate: Wed, 22 Mar 2023 13:08:02 -07:00
Documentation/x86: Explain the state component permission for guests
Commit 980fe2fddcff ("x86/fpu: Extend fpu_xstate_prctl() with guest
permissions") extends a couple of arch_prctl(2) options for VCPU threads.
Add description for them.
Signed-off-by: Chang S. Bae <chang.seok.bae@...el.com>
Signed-off-by: Dave Hansen <dave.hansen@...ux.intel.com>
Reviewed-by: Thiago Macieira <thiago.macieira@...el.com>
Reviewed-by: Yang Zhong <yang.zhong@...el.com>
Reviewed-by: Tony Luck <tony.luck@...el.com>
Link: https://lore.kernel.org/all/20230121001900.14900-5-chang.seok.bae%40intel.com
---
Documentation/x86/xstate.rst | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)
diff --git a/Documentation/x86/xstate.rst b/Documentation/x86/xstate.rst
index 23b1c9f..ae5c69e 100644
--- a/Documentation/x86/xstate.rst
+++ b/Documentation/x86/xstate.rst
@@ -143,3 +143,32 @@ entry if the feature is in its initial configuration. This differs from
non-dynamic features which are always written regardless of their
configuration. Signal handlers can examine the XSAVE buffer's XSTATE_BV
field to determine if a features was written.
+
+Dynamic features for virtual machines
+-------------------------------------
+
+The permission for the guest state component needs to be managed separately
+from the host, as they are exclusive to each other. A coupled of options
+are extended to control the guest permission:
+
+-ARCH_GET_XCOMP_GUEST_PERM
+
+ arch_prctl(ARCH_GET_XCOMP_GUEST_PERM, &features);
+
+ ARCH_GET_XCOMP_GUEST_PERM is a variant of ARCH_GET_XCOMP_PERM. So it
+ provides the same semantics and functionality but for the guest
+ components.
+
+-ARCH_REQ_XCOMP_GUEST_PERM
+
+ arch_prctl(ARCH_REQ_XCOMP_GUEST_PERM, feature_nr);
+
+ ARCH_REQ_XCOMP_GUEST_PERM is a variant of ARCH_REQ_XCOMP_PERM. It has the
+ same semantics for the guest permission. While providing a similar
+ functionality, this comes with a constraint. Permission is frozen when the
+ first VCPU is created. Any attempt to change permission after that point
+ is going to be rejected. So, the permission has to be requested before the
+ first VCPU creation.
+
+Note that some VMMs may have already established a set of supported state
+components. These options are not presumed to support any particular VMM.
Powered by blists - more mailing lists