lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <d1b46250-793e-41a5-9b65-95ed6312bc4a@intel.com>
Date: Thu, 27 Feb 2025 15:54:58 -0800
From: Dave Hansen <dave.hansen@...el.com>
To: Ingo Molnar <mingo@...nel.org>
Cc: "Chang S. Bae" <chang.seok.bae@...el.com>, linux-kernel@...r.kernel.org,
 x86@...nel.org, tglx@...utronix.de, mingo@...hat.com, bp@...en8.de,
 dave.hansen@...ux.intel.com, Linus Torvalds <torvalds@...ux-foundation.org>,
 Sean Christopherson <seanjc@...gle.com>, Paolo Bonzini <pbonzini@...hat.com>
Subject: Re: [PATCH RFC v1 02/11] x86/fpu/xstate: Introduce xstate order table
 and accessor macro

On 2/27/25 13:37, Ingo Molnar wrote:
...
>> Like I showed in my earlier example, the CPU enumerates which XSAVE
>> features are available. These enumeration bits in CPUID leaf 0xd *ARE*
>> set at boot independent of any other enabling or enumeration. In this
>> regard, XSAVE enumeration is quite independent of the other parts of the
>> ISA. This could, in theory, be changed to become dependent on some kind
>> of APX enabling. But that would be novel for an XSAVE feature.
> 
> Yeah. That would be novel for an XSAVE feature - but so is the change 
> in ordering. With my proposal we'd avoid the 
> xfeature_noncompact_order[] indirection table AFAICS.

Yeah, so with your proposal, we could toss out most of this series, so
roughly 100 lines of code.

The downsides are:

 1. It can still confuse userspace, arguably in an architecture
    violating manner because the SDM says: "If XCR0[4:3] is 11b, the
    XSAVE feature set can be used to manage MPX state and software can
    execute Intel MPX instructions." (this would be for userspace)
   1a. Userspace like GDB still needs code to disambiguate XCR0[3:4]
 2. It would add complexity in the XSAVE enumeration microcode. CPUID
    data that comes right out of a ROM today would need to check some
    CPU enabling state and change the enumeration.
 3. Linux would still need to go fix up KVM in the kernel, like:
    https://hansen.beer/~dave/intel/mpxapx.patch . Every APX-enabling
    VMM would need something similar.

KVM folks, would you have any issues if XCR0[3:4] (the old MPX bits) got
used for this new APX feature? You'd basically need to add code to make
sure that XCR0[3:4]==0x3 don't imply MPX support, but _could_ imply APX
support instead, paired with another bit of enabling.

Looking back at Chang's series, I think there's ~40 lines of code
related to xfeature_noncompact_order[]. We'd need something like:

	https://hansen.beer/~dave/intel/mpxapx.patch

and, honestly, just hacking that together, I really dislike the idea of
reusing bits. Even little things like this hunk:

-       "MPX bounds registers",
-       "MPX CSR",
+       "MPX bounds registers or some APX registers",
+       "MPX CSR or some other APX registers",

look really funky. So, we'd need some MSR bit twiddling, some KVM fixups
and special casing of the xsave_cpuid_features[] checks. We'd save, at
most, ~20 lines of code.

Honestly, that 40 lines of code is looking pretty good.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ