| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 31 May 2024 02:03:25 -0700
From: Yang Weijiang <weijiang.yang@...el.com>
To: tglx@...utronix.de,
dave.hansen@...el.com,
x86@...nel.org,
seanjc@...gle.com,
pbonzini@...hat.com,
linux-kernel@...r.kernel.org,
kvm@...r.kernel.org
Cc: peterz@...radead.org,
chao.gao@...el.com,
rick.p.edgecombe@...el.com,
mlevitsk@...hat.com,
weijiang.yang@...el.com,
john.allen@....com
Subject: [PATCH 0/6] Introduce CET supervisor state support
This series spins off from CET KVM virtualization enabling series [1].
The purpose is to get these preparation work resolved ahead of KVM part
landing. There was a discussion about introducing CET supervisor state
support [2] [3].
CET supervisor state, i.e., IA32_PL{0,1,2}_SSP, are xsave-managed MSRs,
it can be enabled via IA32_XSS[bit 12]. KVM relies on host side CET
supervisor state support to fully enable guest CET MSR contents storage.
The benefits are: 1) No need to manually save/restore the 3 MSRs when
vCPU fpu context is sched in/out. 2) Omit manually swapping the three
MSRs at VM-Exit/VM-Entry for guest/host. 3) Make guest CET user/supervisor
states managed in a consistent manner within host kernel FPU framework.
This series tries to:
1) Fix existing issue regarding enabling guest supervisor states support.
2) Add CET supervisor state support in core kernel.
3) Introduce new FPU config for guest fpstate setup.
With the preparation work landed, for guest fpstate, we have xstate_bv[12]
== xcomp_bv[12] == 1 and CET supervisor state is saved/reloaded when
xsaves/xrstors executes on guest fpstate.
For non-guest/normal fpstate, we have xstate_bv[12] == xcomp_bv[12] == 0,
then HW can optimize xsaves/xrstors operations.
Patch1: Preserve guest supervisor xfeatures in __state_perm.
Patch2: Enable CET supervisor xstate support.
Patch3: Introduce kernel dynamic xfeature set.
Patch4: Initialize fpu_guest_cfg settings.
Patch5: Create guest fpstate with fpu_guest_cfg.
Patch6: Check invalid fpstate config before executes xsaves.
[1]: https://lore.kernel.org/all/20240219074733.122080-1-weijiang.yang@intel.com/
[2]: https://lore.kernel.org/all/ZM1jV3UPL0AMpVDI@google.com/
[3]: https://lore.kernel.org/all/2597a87b-1248-b8ce-ce60-94074bc67ea4@intel.com/
Sean Christopherson (1):
x86/fpu/xstate: Always preserve non-user xfeatures/flags in
__state_perm
Yang Weijiang (5):
x86/fpu/xstate: Add CET supervisor mode state support
x86/fpu/xstate: Introduce XFEATURE_MASK_KERNEL_DYNAMIC xfeature set
x86/fpu/xstate: Introduce fpu_guest_cfg for guest FPU configuration
x86/fpu/xstate: Create guest fpstate with guest specific config
x86/fpu/xstate: Warn if CET supervisor state is detected in normal
fpstate
arch/x86/include/asm/fpu/types.h | 16 ++++++++--
arch/x86/include/asm/fpu/xstate.h | 11 ++++---
arch/x86/kernel/fpu/core.c | 53 ++++++++++++++++++++++++-------
arch/x86/kernel/fpu/xstate.c | 35 +++++++++++++++-----
arch/x86/kernel/fpu/xstate.h | 2 ++
5 files changed, 90 insertions(+), 27 deletions(-)
base-commit: 1613e604df0cd359cf2a7fbd9be7a0bcfacfabd0
--
2.43.0
Powered by blists - more mailing lists