From patchwork Tue Mar 18 15:31:51 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chao Gao X-Patchwork-Id: 14021162 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 734F620E339; Tue, 18 Mar 2025 15:30:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1742311828; cv=none; b=PN2p7Lvs09gpJGb+ues8PSawlPZ8kwZVy1Es0z72DaHqYX+5LLBpImAbMrwvu0aCgVvOE5ZA0p0KFGNBZ93M11Q3HjrKqwuwKL1lFMNHNysOAWbRzEzcLuy5qpsnmyiU1Ay5II/csBhjO2g/kIDUFq81rn7pb8FmHepo+dU5nZ4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1742311828; c=relaxed/simple; bh=dVTgCjECHNFUGZ5smhOruc8qZotEImSz/cS8p0ZOxk4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=BgGk4M3g7YbDPFMIqdQq8wayGqnDFI7Fm25/8KqZJ97LLCKyATLi6Y6PS5YkthHMaj7Y3w3JoLamlDaLhS0Db5gaND01crqWi2T9Y0s8B+lhHployYzUcFBdiFxfCU2BPr0MWbqKD6DwQawY0lEhglSyiNXiDBWMSJ2Qv1OeEes= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=Kg2W4vLQ; arc=none smtp.client-ip=192.198.163.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="Kg2W4vLQ" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1742311826; x=1773847826; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=dVTgCjECHNFUGZ5smhOruc8qZotEImSz/cS8p0ZOxk4=; b=Kg2W4vLQvJEFQkWkTdPQVcuoNcuYMTk6MOtwqlMIY6hC4T3i1kfrX43x M9sLZfoXCMS0hSqZIIhe2bVLW9BGMY2FhklAxTDAaSW72G3JpX1yJKrXY sH+B+vwihGKYFGA5jQV/voHCsITikVtcuwG/XPocbT0d9kExp446feETN yPK6X+6SkuUvBizyAymZj5R5oi2jwpuoUvSliytu0al2ODvuDx4Irps7x Y108mG5RVBmHuo68QgtXHgd1d0VfDit31ze7qBbgdc/vudO+he01QIIQS T3AoKueUbPpm3hqq4hAZMUbdBFGTbKaEAxNmIiWst3RlwcavC/xz7eZMI g==; X-CSE-ConnectionGUID: LuNft2EeSO6a9AtSHuYY9Q== X-CSE-MsgGUID: MpkPVbo2T1eDgBGXcCNU7g== X-IronPort-AV: E=McAfee;i="6700,10204,11377"; a="46224109" X-IronPort-AV: E=Sophos;i="6.14,257,1736841600"; d="scan'208";a="46224109" Received: from fmviesa006.fm.intel.com ([10.60.135.146]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Mar 2025 08:30:26 -0700 X-CSE-ConnectionGUID: QcbhAMg0Tp2piiJ8WEcuxg== X-CSE-MsgGUID: RprmjlgpTY61Y5bGnxHdPw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.14,257,1736841600"; d="scan'208";a="122121801" Received: from spr.sh.intel.com ([10.239.53.19]) by fmviesa006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Mar 2025 08:30:20 -0700 From: Chao Gao To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, tglx@linutronix.de, dave.hansen@intel.com, seanjc@google.com, pbonzini@redhat.com Cc: peterz@infradead.org, rick.p.edgecombe@intel.com, weijiang.yang@intel.com, john.allen@amd.com, bp@alien8.de, chang.seok.bae@intel.com, xin3.li@intel.com, Chao Gao , Maxim Levitsky , Ingo Molnar , Dave Hansen , "H. Peter Anvin" , Mitchell Levy , Samuel Holland , Li RongQing , Adamos Ttofari , Vignesh Balasubramanian , Aruna Ramakrishna Subject: [PATCH v4 1/8] x86/fpu/xstate: Always preserve non-user xfeatures/flags in __state_perm Date: Tue, 18 Mar 2025 23:31:51 +0800 Message-ID: <20250318153316.1970147-2-chao.gao@intel.com> X-Mailer: git-send-email 2.46.1 In-Reply-To: <20250318153316.1970147-1-chao.gao@intel.com> References: <20250318153316.1970147-1-chao.gao@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Sean Christopherson When granting userspace or a KVM guest access to an xfeature, preserve the entity's existing supervisor and software-defined permissions as tracked by __state_perm, i.e. use __state_perm to track *all* permissions even though all supported supervisor xfeatures are granted to all FPUs and FPU_GUEST_PERM_LOCKED disallows changing permissions. Effectively clobbering supervisor permissions results in inconsistent behavior, as xstate_get_group_perm() will report supervisor features for process that do NOT request access to dynamic user xfeatures, whereas any and all supervisor features will be absent from the set of permissions for any process that is granted access to one or more dynamic xfeatures (which right now means AMX). The inconsistency isn't problematic because fpu_xstate_prctl() already strips out everything except user xfeatures: case ARCH_GET_XCOMP_PERM: /* * Lockless snapshot as it can also change right after the * dropping the lock. */ permitted = xstate_get_host_group_perm(); permitted &= XFEATURE_MASK_USER_SUPPORTED; return put_user(permitted, uptr); case ARCH_GET_XCOMP_GUEST_PERM: permitted = xstate_get_guest_group_perm(); permitted &= XFEATURE_MASK_USER_SUPPORTED; return put_user(permitted, uptr); and similarly KVM doesn't apply the __state_perm to supervisor states (kvm_get_filtered_xcr0() incorporates xstate_get_guest_group_perm()): case 0xd: { u64 permitted_xcr0 = kvm_get_filtered_xcr0(); u64 permitted_xss = kvm_caps.supported_xss; But if KVM in particular were to ever change, dropping supervisor permissions would result in subtle bugs in KVM's reporting of supported CPUID settings. And the above behavior also means that having supervisor xfeatures in __state_perm is correctly handled by all users. Dropping supervisor permissions also creates another landmine for KVM. If more dynamic user xfeatures are ever added, requesting access to multiple xfeatures in separate ARCH_REQ_XCOMP_GUEST_PERM calls will result in the second invocation of __xstate_request_perm() computing the wrong ksize, as as the mask passed to xstate_calculate_size() would not contain *any* supervisor features. Commit 781c64bfcb73 ("x86/fpu/xstate: Handle supervisor states in XSTATE permissions") fudged around the size issue for userspace FPUs, but for reasons unknown skipped guest FPUs. Lack of a fix for KVM "works" only because KVM doesn't yet support virtualizing features that have supervisor xfeatures, i.e. as of today, KVM guest FPUs will never need the relevant xfeatures. Simply extending the hack-a-fix for guests would temporarily solve the ksize issue, but wouldn't address the inconsistency issue and would leave another lurking pitfall for KVM. KVM support for virtualizing CET will likely add CET_KERNEL as a guest-only xfeature, i.e. CET_KERNEL will not be set in xfeatures_mask_supervisor() and would again be dropped when granting access to dynamic xfeatures. Note, the existing clobbering behavior is rather subtle. The @permitted parameter to __xstate_request_perm() comes from: permitted = xstate_get_group_perm(guest); which is either fpu->guest_perm.__state_perm or fpu->perm.__state_perm, where __state_perm is initialized to: fpu->perm.__state_perm = fpu_kernel_cfg.default_features; and copied to the guest side of things: /* Same defaults for guests */ fpu->guest_perm = fpu->perm; fpu_kernel_cfg.default_features contains everything except the dynamic xfeatures, i.e. everything except XFEATURE_MASK_XTILE_DATA: fpu_kernel_cfg.default_features = fpu_kernel_cfg.max_features; fpu_kernel_cfg.default_features &= ~XFEATURE_MASK_USER_DYNAMIC; When __xstate_request_perm() restricts the local "mask" variable to compute the user state size: mask &= XFEATURE_MASK_USER_SUPPORTED; usize = xstate_calculate_size(mask, false); it subtly overwrites the target __state_perm with "mask" containing only user xfeatures: perm = guest ? &fpu->guest_perm : &fpu->perm; /* Pairs with the READ_ONCE() in xstate_get_group_perm() */ WRITE_ONCE(perm->__state_perm, mask); Signed-off-by: Sean Christopherson Signed-off-by: Yang Weijiang Signed-off-by: Chao Gao Reviewed-by: Maxim Levitsky Reviewed-by: Rick Edgecombe Acked-by: Dave Hansen Cc: Maxim Levitsky Cc: Weijiang Yang Cc: Dave Hansen Cc: Paolo Bonzini Cc: Peter Zijlstra Cc: Chao Gao Cc: Rick Edgecombe Cc: John Allen Cc: kvm@vger.kernel.org Link: https://lore.kernel.org/all/ZTqgzZl-reO1m01I@google.com --- arch/x86/include/asm/fpu/types.h | 8 +++++--- arch/x86/kernel/fpu/xstate.c | 18 +++++++++++------- 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/arch/x86/include/asm/fpu/types.h b/arch/x86/include/asm/fpu/types.h index de16862bf230..46cc263f9f4f 100644 --- a/arch/x86/include/asm/fpu/types.h +++ b/arch/x86/include/asm/fpu/types.h @@ -407,9 +407,11 @@ struct fpu_state_perm { /* * @__state_perm: * - * This bitmap indicates the permission for state components, which - * are available to a thread group. The permission prctl() sets the - * enabled state bits in thread_group_leader()->thread.fpu. + * This bitmap indicates the permission for state components + * available to a thread group, including both user and supervisor + * components and software-defined bits like FPU_GUEST_PERM_LOCKED. + * The permission prctl() sets the enabled state bits in + * thread_group_leader()->thread.fpu. * * All run time operations use the per thread information in the * currently active fpu.fpstate which contains the xfeature masks diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c index 6a41d1610d8b..40621ee4d65b 100644 --- a/arch/x86/kernel/fpu/xstate.c +++ b/arch/x86/kernel/fpu/xstate.c @@ -1606,16 +1606,20 @@ static int __xstate_request_perm(u64 permitted, u64 requested, bool guest) if ((permitted & requested) == requested) return 0; - /* Calculate the resulting kernel state size */ + /* + * Calculate the resulting kernel state size. Note, @permitted also + * contains supervisor xfeatures even though supervisor are always + * permitted for kernel and guest FPUs, and never permitted for user + * FPUs. + */ mask = permitted | requested; - /* Take supervisor states into account on the host */ - if (!guest) - mask |= xfeatures_mask_supervisor(); ksize = xstate_calculate_size(mask, compacted); - /* Calculate the resulting user state size */ - mask &= XFEATURE_MASK_USER_SUPPORTED; - usize = xstate_calculate_size(mask, false); + /* + * Calculate the resulting user state size. Take care not to clobber + * the supervisor xfeatures in the new mask! + */ + usize = xstate_calculate_size(mask & XFEATURE_MASK_USER_SUPPORTED, false); if (!guest) { ret = validate_sigaltstack(usize); From patchwork Tue Mar 18 15:31:52 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chao Gao X-Patchwork-Id: 14021163 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 88FF020E6E4; Tue, 18 Mar 2025 15:30:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1742311837; cv=none; b=UOdZkMvx6c6FkLUZhISYtBFi/Q4IkYDMLBUOv8I9d/8MQlZHfJdmEoSxpeQJJoo/He6Ltkz983i00tJLDh/KEl1QXFxyvPeUwbQQbcj+4Mdul+BBEVpF2xNgH6nnrO9JHmM+FQ6Z3wbBTxWKgO6ybNFdKboMD1j3h+VpVuciJC4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1742311837; c=relaxed/simple; bh=9HeHdk992vPt0k3jgDoyiyk9O7G3efAu3/tJ/3loWmI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=qvrqaci3ldrBhsf7Sd4VKVVpQ1dSL7BnXyQywbnJhnot5IUeKkkNSyp05x3vvg4Sbi3FZ70dEpfKrAYmrUN0EO24tUbjPWzfnTkn7fjDwo6xReJJNmoYixXBHDNU2EZ/jPOGjbHSvcN2luUfCPpDYqjPBbejYjo/oZCMPPdyqsU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=UDk/OqQG; arc=none smtp.client-ip=192.198.163.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="UDk/OqQG" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1742311835; x=1773847835; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=9HeHdk992vPt0k3jgDoyiyk9O7G3efAu3/tJ/3loWmI=; b=UDk/OqQGbQylWbtS5XbooU+jsbeEA7j+/k067vDoGodGMysIkJDQ98EX MdDYiGRG1GG13O9bUM5F2zUcWGtPcJsIa4wColfRwnQGLgLeYJPcyXGCl ewTchLtSEcUA/Crv31G7bHUFZTVU79N2y7/Uael+OI4opn12p7Xvk8Vce K1l8TIPFKmX3bodLkrfma5XTQMXE2OB9v4nOcPS/316hycW298Wf2ekCq RQvdRJBjtAtS4Uvd/we10ySnpMHSWRv6TGqx8IP+E8l7Ck64NIUH1cXHc eQbY+ltOs+KSvLqP+RSw67ZBVZ7e5FzNBaJcBP+fnPXKkyQrJKKx+x4X0 w==; X-CSE-ConnectionGUID: ceq/4xl3RKeeQbhyOEWqlg== X-CSE-MsgGUID: gwCKpnMySZuuZSQ6+pPBcw== X-IronPort-AV: E=McAfee;i="6700,10204,11377"; a="46224150" X-IronPort-AV: E=Sophos;i="6.14,257,1736841600"; d="scan'208";a="46224150" Received: from fmviesa006.fm.intel.com ([10.60.135.146]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Mar 2025 08:30:35 -0700 X-CSE-ConnectionGUID: +5Kq97WORG2SE9ho5vANSQ== X-CSE-MsgGUID: DWmk5wYIRxOI/2Ctcjxgtg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.14,257,1736841600"; d="scan'208";a="122121838" Received: from spr.sh.intel.com ([10.239.53.19]) by fmviesa006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Mar 2025 08:30:29 -0700 From: Chao Gao To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, tglx@linutronix.de, dave.hansen@intel.com, seanjc@google.com, pbonzini@redhat.com Cc: peterz@infradead.org, rick.p.edgecombe@intel.com, weijiang.yang@intel.com, john.allen@amd.com, bp@alien8.de, chang.seok.bae@intel.com, xin3.li@intel.com, Chao Gao , Maxim Levitsky , Ingo Molnar , Dave Hansen , "H. Peter Anvin" , Samuel Holland , Mitchell Levy , Stanislav Spassov , Eric Biggers , Uros Bizjak Subject: [PATCH v4 2/8] x86/fpu: Drop @perm from guest pseudo FPU container Date: Tue, 18 Mar 2025 23:31:52 +0800 Message-ID: <20250318153316.1970147-3-chao.gao@intel.com> X-Mailer: git-send-email 2.46.1 In-Reply-To: <20250318153316.1970147-1-chao.gao@intel.com> References: <20250318153316.1970147-1-chao.gao@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Remove @perm from the guest pseudo FPU container. The field is initialized during allocation and never used later. Rename fpu_init_guest_permissions() to show that its sole purpose is to lock down guest permissions. Suggested-by: Maxim Levitsky Signed-off-by: Chao Gao --- arch/x86/include/asm/fpu/types.h | 7 ------- arch/x86/kernel/fpu/core.c | 7 ++----- 2 files changed, 2 insertions(+), 12 deletions(-) diff --git a/arch/x86/include/asm/fpu/types.h b/arch/x86/include/asm/fpu/types.h index 46cc263f9f4f..9f9ed406b179 100644 --- a/arch/x86/include/asm/fpu/types.h +++ b/arch/x86/include/asm/fpu/types.h @@ -526,13 +526,6 @@ struct fpu_guest { */ u64 xfeatures; - /* - * @perm: xfeature bitmap of features which are - * permitted to be enabled for the guest - * vCPU. - */ - u64 perm; - /* * @xfd_err: Save the guest value. */ diff --git a/arch/x86/kernel/fpu/core.c b/arch/x86/kernel/fpu/core.c index 1b734a9ff088..0b695c23bbfb 100644 --- a/arch/x86/kernel/fpu/core.c +++ b/arch/x86/kernel/fpu/core.c @@ -202,7 +202,7 @@ void fpu_reset_from_exception_fixup(void) #if IS_ENABLED(CONFIG_KVM) static void __fpstate_reset(struct fpstate *fpstate, u64 xfd); -static void fpu_init_guest_permissions(struct fpu_guest *gfpu) +static void fpu_lock_guest_permissions(struct fpu_guest *gfpu) { struct fpu_state_perm *fpuperm; u64 perm; @@ -218,8 +218,6 @@ static void fpu_init_guest_permissions(struct fpu_guest *gfpu) WRITE_ONCE(fpuperm->__state_perm, perm | FPU_GUEST_PERM_LOCKED); spin_unlock_irq(¤t->sighand->siglock); - - gfpu->perm = perm & ~FPU_GUEST_PERM_LOCKED; } bool fpu_alloc_guest_fpstate(struct fpu_guest *gfpu) @@ -240,7 +238,6 @@ bool fpu_alloc_guest_fpstate(struct fpu_guest *gfpu) gfpu->fpstate = fpstate; gfpu->xfeatures = fpu_kernel_cfg.default_features; - gfpu->perm = fpu_kernel_cfg.default_features; /* * KVM sets the FP+SSE bits in the XSAVE header when copying FPU state @@ -255,7 +252,7 @@ bool fpu_alloc_guest_fpstate(struct fpu_guest *gfpu) if (WARN_ON_ONCE(fpu_user_cfg.default_size > gfpu->uabi_size)) gfpu->uabi_size = fpu_user_cfg.default_size; - fpu_init_guest_permissions(gfpu); + fpu_lock_guest_permissions(gfpu); return true; } From patchwork Tue Mar 18 15:31:53 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chao Gao X-Patchwork-Id: 14021164 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8903C20764A; Tue, 18 Mar 2025 15:30:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1742311847; cv=none; b=XbtKy6OQnGr1hjLszgU1ElbHtwewzHSw97SDv+FHU9jSeLSrsg2e+PeAHLbQXYunjDoAVjNBVB9Is6kXraHtqRqmeXVNhj0w4RgUboetEv73cehLz70hTthd9m77Qx5GPITGjKmzG5xdp1Q2G7uoSbFTQCiEBeH/LCmOnPtr88g= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1742311847; c=relaxed/simple; bh=CfBZ+8mXBGLM/YmSmwqXprMbHg+9lkZP+XXoFIjAyQU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=R8B/G/sU7we8n66uxH8mwlQwasP4ybC5qBk24mhIXJo8umyEjR72YVRS9YtTbwqbejPh6BJC9EuL5erJaIHSHB+Xn9cOTdor42Cvp6zJ4KmvPufCdF4lXq3d+i57g04SBjuaRFfdJsSpJhV7WcEPIGa0Ockt/xVZ6L0Dp+OlG5k= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=iTtumEFa; arc=none smtp.client-ip=192.198.163.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="iTtumEFa" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1742311845; x=1773847845; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=CfBZ+8mXBGLM/YmSmwqXprMbHg+9lkZP+XXoFIjAyQU=; b=iTtumEFal+yzrvqryhgliLpaoGCx82RNOjTnN335yzjugcekvl2DoJrI ou5RNz/+LGmiu6U9wuJp3hQkS2WiW7lY/a8JoWRRecjC0b97UrnO6DuGt BexlNyB3OQC3NB4Wky3lAy+HIXsa/y2GUE/wMXFAsDRWsL64xQZbLINzn de/PfgtanWrAD9NPo82jy6B3Ij2QcCXalyJ97SWIh/ppGGEZklM35ZjFq w1eZoSPGzunaBQsoRMEYrX+4SpDZ79o4LGUoJVR3PgejZkJZrE0ObIa45 BVwqnA6FFb42cZTlgTsQnKdwYAOvRf5CzI7J0rfLgVlRYexPxFVw6g0/J w==; X-CSE-ConnectionGUID: qdyjY2MsQDalN7WkPC4O8w== X-CSE-MsgGUID: 4zVn1lY1RXuWFgjM1zX2KA== X-IronPort-AV: E=McAfee;i="6700,10204,11377"; a="46224170" X-IronPort-AV: E=Sophos;i="6.14,257,1736841600"; d="scan'208";a="46224170" Received: from fmviesa006.fm.intel.com ([10.60.135.146]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Mar 2025 08:30:45 -0700 X-CSE-ConnectionGUID: NsNFwotwTR+UJawzz+EY3A== X-CSE-MsgGUID: 5lm04kP0RnKRQizoVR4irA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.14,257,1736841600"; d="scan'208";a="122121858" Received: from spr.sh.intel.com ([10.239.53.19]) by fmviesa006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Mar 2025 08:30:40 -0700 From: Chao Gao To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, tglx@linutronix.de, dave.hansen@intel.com, seanjc@google.com, pbonzini@redhat.com Cc: peterz@infradead.org, rick.p.edgecombe@intel.com, weijiang.yang@intel.com, john.allen@amd.com, bp@alien8.de, chang.seok.bae@intel.com, xin3.li@intel.com, Chao Gao , Maxim Levitsky , Ingo Molnar , Dave Hansen , "H. Peter Anvin" , Mitchell Levy , Samuel Holland , Aruna Ramakrishna , Vignesh Balasubramanian Subject: [PATCH v4 3/8] x86/fpu/xstate: Add CET supervisor xfeature support Date: Tue, 18 Mar 2025 23:31:53 +0800 Message-ID: <20250318153316.1970147-4-chao.gao@intel.com> X-Mailer: git-send-email 2.46.1 In-Reply-To: <20250318153316.1970147-1-chao.gao@intel.com> References: <20250318153316.1970147-1-chao.gao@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Yang Weijiang To support CET virtualization, KVM needs the kernel to save and restore the CET supervisor xstate in guest FPUs when switching between guest and host FPUs. Add CET supervisor xstate support in preparation for the upcoming CET virtualization in KVM. Currently, host FPUs do not utilize the CET supervisor xstate. Enabling this state for host FPUs would lead to a 24-byte waste in the XSAVE buffer on CET-capable parts. Signed-off-by: Yang Weijiang Signed-off-by: Chao Gao Reviewed-by: Rick Edgecombe Reviewed-by: Maxim Levitsky --- arch/x86/include/asm/fpu/types.h | 14 ++++++++++++-- arch/x86/include/asm/fpu/xstate.h | 6 +++--- arch/x86/kernel/fpu/xstate.c | 5 ++++- 3 files changed, 19 insertions(+), 6 deletions(-) diff --git a/arch/x86/include/asm/fpu/types.h b/arch/x86/include/asm/fpu/types.h index 9f9ed406b179..d555f89db42f 100644 --- a/arch/x86/include/asm/fpu/types.h +++ b/arch/x86/include/asm/fpu/types.h @@ -118,7 +118,7 @@ enum xfeature { XFEATURE_PKRU, XFEATURE_PASID, XFEATURE_CET_USER, - XFEATURE_CET_KERNEL_UNUSED, + XFEATURE_CET_KERNEL, XFEATURE_RSRVD_COMP_13, XFEATURE_RSRVD_COMP_14, XFEATURE_LBR, @@ -141,7 +141,7 @@ enum xfeature { #define XFEATURE_MASK_PKRU (1 << XFEATURE_PKRU) #define XFEATURE_MASK_PASID (1 << XFEATURE_PASID) #define XFEATURE_MASK_CET_USER (1 << XFEATURE_CET_USER) -#define XFEATURE_MASK_CET_KERNEL (1 << XFEATURE_CET_KERNEL_UNUSED) +#define XFEATURE_MASK_CET_KERNEL (1 << XFEATURE_CET_KERNEL) #define XFEATURE_MASK_LBR (1 << XFEATURE_LBR) #define XFEATURE_MASK_XTILE_CFG (1 << XFEATURE_XTILE_CFG) #define XFEATURE_MASK_XTILE_DATA (1 << XFEATURE_XTILE_DATA) @@ -266,6 +266,16 @@ struct cet_user_state { u64 user_ssp; }; +/* + * State component 12 is Control-flow Enforcement supervisor states + */ +struct cet_supervisor_state { + /* supervisor ssp pointers */ + u64 pl0_ssp; + u64 pl1_ssp; + u64 pl2_ssp; +}; + /* * State component 15: Architectural LBR configuration state. * The size of Arch LBR state depends on the number of LBRs (lbr_depth). diff --git a/arch/x86/include/asm/fpu/xstate.h b/arch/x86/include/asm/fpu/xstate.h index 7f39fe7980c5..8990cf381bef 100644 --- a/arch/x86/include/asm/fpu/xstate.h +++ b/arch/x86/include/asm/fpu/xstate.h @@ -47,7 +47,8 @@ /* All currently supported supervisor features */ #define XFEATURE_MASK_SUPERVISOR_SUPPORTED (XFEATURE_MASK_PASID | \ - XFEATURE_MASK_CET_USER) + XFEATURE_MASK_CET_USER | \ + XFEATURE_MASK_CET_KERNEL) /* * A supervisor state component may not always contain valuable information, @@ -74,8 +75,7 @@ * Unsupported supervisor features. When a supervisor feature in this mask is * supported in the future, move it to the supported supervisor feature mask. */ -#define XFEATURE_MASK_SUPERVISOR_UNSUPPORTED (XFEATURE_MASK_PT | \ - XFEATURE_MASK_CET_KERNEL) +#define XFEATURE_MASK_SUPERVISOR_UNSUPPORTED (XFEATURE_MASK_PT) /* All supervisor states including supported and unsupported states. */ #define XFEATURE_MASK_SUPERVISOR_ALL (XFEATURE_MASK_SUPERVISOR_SUPPORTED | \ diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c index 40621ee4d65b..14c3a8285f50 100644 --- a/arch/x86/kernel/fpu/xstate.c +++ b/arch/x86/kernel/fpu/xstate.c @@ -55,7 +55,7 @@ static const char *xfeature_names[] = "Protection Keys User registers", "PASID state", "Control-flow User registers", - "Control-flow Kernel registers (unused)", + "Control-flow Kernel registers", "unknown xstate feature", "unknown xstate feature", "unknown xstate feature", @@ -78,6 +78,7 @@ static unsigned short xsave_cpuid_features[] __initdata = { [XFEATURE_PKRU] = X86_FEATURE_OSPKE, [XFEATURE_PASID] = X86_FEATURE_ENQCMD, [XFEATURE_CET_USER] = X86_FEATURE_SHSTK, + [XFEATURE_CET_KERNEL] = X86_FEATURE_SHSTK, [XFEATURE_XTILE_CFG] = X86_FEATURE_AMX_TILE, [XFEATURE_XTILE_DATA] = X86_FEATURE_AMX_TILE, }; @@ -340,6 +341,7 @@ static __init void os_xrstor_booting(struct xregs_state *xstate) XFEATURE_MASK_BNDCSR | \ XFEATURE_MASK_PASID | \ XFEATURE_MASK_CET_USER | \ + XFEATURE_MASK_CET_KERNEL | \ XFEATURE_MASK_XTILE) /* @@ -540,6 +542,7 @@ static bool __init check_xstate_against_struct(int nr) case XFEATURE_PASID: return XCHECK_SZ(sz, nr, struct ia32_pasid_state); case XFEATURE_XTILE_CFG: return XCHECK_SZ(sz, nr, struct xtile_cfg); case XFEATURE_CET_USER: return XCHECK_SZ(sz, nr, struct cet_user_state); + case XFEATURE_CET_KERNEL: return XCHECK_SZ(sz, nr, struct cet_supervisor_state); case XFEATURE_XTILE_DATA: check_xtile_data_against_struct(sz); return true; default: XSTATE_WARN_ON(1, "No structure for xstate: %d\n", nr); From patchwork Tue Mar 18 15:31:54 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chao Gao X-Patchwork-Id: 14021165 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 66F8C20B1E1; Tue, 18 Mar 2025 15:30:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1742311860; cv=none; b=SBHaEH6ViJLODQD0mUD2ESAy+huXkfAV5cg01zpokwS+wC9wlnJmKsoAcReiZB4/1ZECt7pAcmOX+XJpHHig9FBUrmDYwn3QzVY7yHD8Bp5gMof0Cmk/4KpTA1cr+ifWUf0w9Xxcnmw3S5xS8pFIxiP9tdZA9QnlUMGsSLvirzY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1742311860; c=relaxed/simple; bh=HW3jnHDj7a24/dMKV/EiSkN7soAtag6a5upSBSAMtbA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=lGy3++FC7wOYP/90c8MRw9S+ItpbeXR9Jww1te8YeaXxGuxXUTCdsUSNDp9SO7fH67bIL9355tbaD0PEyHfvxlm5K3vEpH8peydootEgIpen9WsMDUDmqlr6yQSnxrBTpwScZJETzUT88E0EGc+qFne0Aa4jHfBmpjayLmtTVCg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=AFT4ES1O; arc=none smtp.client-ip=192.198.163.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="AFT4ES1O" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1742311855; x=1773847855; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=HW3jnHDj7a24/dMKV/EiSkN7soAtag6a5upSBSAMtbA=; b=AFT4ES1OE69SzPoFnoq2mo7nWoUL1rAHeGq/eeGcmCz5FOnDwcyaGMdb 4LkQHqALhcftz83C/V/MC3hejj7iSdtwO0X/14Fc/Vf/H/GRxSLAex/Q0 SqIAFjgGo3mQYQKHI4Y9m50KDXcGpzzWjsh+8Skpy4dTjAqkRMwHS8LPk TLJQeyRyHJ4b+NSeeIxL2wb/P5tRorz7xlZxM2hjb8gLiQpk2lg9CPD3i +PPBudX5wY93NU7TFi6AFEmfxCqZgEQToDcap+rV8lPrOtV1tREWTjCRr 6aHbX08dgDyvoJfLJf7cBIthLQTAdsqenZGu9XibrS2As3YRRtnUsWaSQ g==; X-CSE-ConnectionGUID: pWDccBn2TCKHlzuKfuIXuw== X-CSE-MsgGUID: K7hPfCsET2u5Wt9rTlrL9g== X-IronPort-AV: E=McAfee;i="6700,10204,11377"; a="46224212" X-IronPort-AV: E=Sophos;i="6.14,257,1736841600"; d="scan'208";a="46224212" Received: from fmviesa006.fm.intel.com ([10.60.135.146]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Mar 2025 08:30:54 -0700 X-CSE-ConnectionGUID: B+9LgOjJT5WkfO19WtMcYg== X-CSE-MsgGUID: kjlX3rQyT56ArpVXuYX2vQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.14,257,1736841600"; d="scan'208";a="122121880" Received: from spr.sh.intel.com ([10.239.53.19]) by fmviesa006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Mar 2025 08:30:48 -0700 From: Chao Gao To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, tglx@linutronix.de, dave.hansen@intel.com, seanjc@google.com, pbonzini@redhat.com Cc: peterz@infradead.org, rick.p.edgecombe@intel.com, weijiang.yang@intel.com, john.allen@amd.com, bp@alien8.de, chang.seok.bae@intel.com, xin3.li@intel.com, Chao Gao , Ingo Molnar , Dave Hansen , "H. Peter Anvin" , Maxim Levitsky , Mitchell Levy , Samuel Holland , Vignesh Balasubramanian , Aruna Ramakrishna Subject: [PATCH v4 4/8] x86/fpu/xstate: Differentiate default features for host and guest FPUs Date: Tue, 18 Mar 2025 23:31:54 +0800 Message-ID: <20250318153316.1970147-5-chao.gao@intel.com> X-Mailer: git-send-email 2.46.1 In-Reply-To: <20250318153316.1970147-1-chao.gao@intel.com> References: <20250318153316.1970147-1-chao.gao@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Currently, guest and host FPUs share the same default features. However, the CET supervisor xstate is the first feature that needs to be enabled exclusively for guest FPUs. Enabling it for host FPUs leads to a waste of 24 bytes in the XSAVE buffer. To support "guest-only" features, introduce two new members, guest_default_features and guest_default_size, in fpu_kernel_cfg to clearly differentiate the default features for host and guest FPUs. An alternative approach is adding a guest_only_xfeatures member to fpu_kernel_cfg and adding two helper functions to calculate the guest default xfeatures and size. However, calculating these defaults at runtime would introduce unnecessary overhead. Note that, for now, the default features for guest and host FPUs remain the same. This will change in a follow-up patch once guest permissions, default xfeatures, and fpstate size are all converted to use the guest defaults. Signed-off-by: Chao Gao --- arch/x86/include/asm/fpu/types.h | 20 ++++++++++++++++++++ arch/x86/kernel/fpu/xstate.c | 16 +++++++++++----- 2 files changed, 31 insertions(+), 5 deletions(-) diff --git a/arch/x86/include/asm/fpu/types.h b/arch/x86/include/asm/fpu/types.h index d555f89db42f..80647c060b32 100644 --- a/arch/x86/include/asm/fpu/types.h +++ b/arch/x86/include/asm/fpu/types.h @@ -573,6 +573,16 @@ struct fpu_state_config { */ unsigned int default_size; + /* + * @guest_default_size: + * + * The default size of the register state buffer in guest FPUs. + * Includes all supported features except independent managed + * features and features which have to be requested by user space + * before usage. + */ + unsigned int guest_default_size; + /* * @max_features: * @@ -589,6 +599,16 @@ struct fpu_state_config { * be requested by user space before usage. */ u64 default_features; + + /* + * @guest_default_features: + * + * The default supported features bitmap in guest FPUs. Does not + * include independent managed features and features which have + * to be requested by user space before usage. + */ + u64 guest_default_features; + /* * @legacy_features: * diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c index 14c3a8285f50..1dd6ddba8723 100644 --- a/arch/x86/kernel/fpu/xstate.c +++ b/arch/x86/kernel/fpu/xstate.c @@ -673,7 +673,7 @@ static unsigned int __init get_xsave_size_user(void) static int __init init_xstate_size(void) { /* Recompute the context size for enabled features: */ - unsigned int user_size, kernel_size, kernel_default_size; + unsigned int user_size, kernel_size; bool compacted = cpu_feature_enabled(X86_FEATURE_XCOMPACTED); /* Uncompacted user space size */ @@ -692,18 +692,20 @@ static int __init init_xstate_size(void) else kernel_size = user_size; - kernel_default_size = - xstate_calculate_size(fpu_kernel_cfg.default_features, compacted); - if (!paranoid_xstate_size_valid(kernel_size)) return -EINVAL; fpu_kernel_cfg.max_size = kernel_size; fpu_user_cfg.max_size = user_size; - fpu_kernel_cfg.default_size = kernel_default_size; + fpu_kernel_cfg.default_size = + xstate_calculate_size(fpu_kernel_cfg.default_features, compacted); + fpu_kernel_cfg.guest_default_size = + xstate_calculate_size(fpu_kernel_cfg.guest_default_features, compacted); fpu_user_cfg.default_size = xstate_calculate_size(fpu_user_cfg.default_features, false); + fpu_user_cfg.guest_default_size = + xstate_calculate_size(fpu_user_cfg.guest_default_features, false); return 0; } @@ -721,8 +723,10 @@ static void __init fpu__init_disable_system_xstate(unsigned int legacy_size) /* Restore the legacy size.*/ fpu_kernel_cfg.max_size = legacy_size; fpu_kernel_cfg.default_size = legacy_size; + fpu_kernel_cfg.guest_default_size = legacy_size; fpu_user_cfg.max_size = legacy_size; fpu_user_cfg.default_size = legacy_size; + fpu_user_cfg.guest_default_size = legacy_size; /* * Prevent enabling the static branch which enables writes to the @@ -807,9 +811,11 @@ void __init fpu__init_system_xstate(unsigned int legacy_size) /* Clean out dynamic features from default */ fpu_kernel_cfg.default_features = fpu_kernel_cfg.max_features; fpu_kernel_cfg.default_features &= ~XFEATURE_MASK_USER_DYNAMIC; + fpu_kernel_cfg.guest_default_features = fpu_kernel_cfg.default_features; fpu_user_cfg.default_features = fpu_user_cfg.max_features; fpu_user_cfg.default_features &= ~XFEATURE_MASK_USER_DYNAMIC; + fpu_user_cfg.guest_default_features = fpu_user_cfg.default_features; /* Store it for paranoia check at the end */ xfeatures = fpu_kernel_cfg.max_features; From patchwork Tue Mar 18 15:31:55 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chao Gao X-Patchwork-Id: 14021166 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 64EBA20DD66; Tue, 18 Mar 2025 15:31:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1742311861; cv=none; b=fthXmZJdU51+u672X18Gu38kECiRj6KZJ7G2Uivn5RDLWDTGHGYhVyKVvXlxSDNef3ZyPbdLJXXMZFh08NZ0yCs7QPpMpfhHC/7akeAnUyA+2j2cNp48FdVArpk1p3JekrmD5uYPVB/Yyv+uSbFC4t2EFVA9PcAkwS6P+Yf+bsw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1742311861; c=relaxed/simple; bh=5T+vyTdGLw+gTxi+8RWL2+dXmbPwVZ4yey4u8CiXLKg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=d36cChCsX4XgOcvjYFdt3fJ5aH0NMXMkFvCK5xNmDWyKpdz6QlB3XykHLYTmEp/a2TW5Wgb6yOm2EoCKn0F+Kmn6y4XVKk9X03uwyrkxubpBl//AQV+KS7KEg2KFCP3R2piArY98A16G1gg5XgnCrRQmTdh4MjaUDVIbWzpf6yU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=dPh6CQMq; arc=none smtp.client-ip=192.198.163.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="dPh6CQMq" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1742311860; x=1773847860; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=5T+vyTdGLw+gTxi+8RWL2+dXmbPwVZ4yey4u8CiXLKg=; b=dPh6CQMqwB1/vggJmxMBrelgNA0ELK3MDATqylaEALIMovKgZW93qZZj 5lGj2kstnwVIL5lEBvkbxA6WgZshBaG3JvYFsEyiSeyEc22JFNnvVNFXX 8G2abCZIvGKveKaAZS9nK58SvGemER8zY/eNMopKnDcyiCnudkCgl3Gyq 01heZGaHZmLdClK8FKx1ZXUj6EUeEVLEZP3JxIgLNAbCG5MWM/COGetfQ 65USIZatGab2JwL8kcsGY4+f4vIB9HGGJnixJzhJcAg1HRksXqVMZ0nZJ 5Q/dMu12ueM43iyFMTGfRM/XOZixSp6J8k/uR3aXbtsSbD07CFGyh9dIX g==; X-CSE-ConnectionGUID: N5AbTAaBQpmVxF44OllNKw== X-CSE-MsgGUID: 3Pq7yrdqQyOpq/Ba3Mwb6w== X-IronPort-AV: E=McAfee;i="6700,10204,11377"; a="46224237" X-IronPort-AV: E=Sophos;i="6.14,257,1736841600"; d="scan'208";a="46224237" Received: from fmviesa006.fm.intel.com ([10.60.135.146]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Mar 2025 08:30:59 -0700 X-CSE-ConnectionGUID: pGzlSG4LS3WTVFdL3mm9CQ== X-CSE-MsgGUID: WBmMwIAQTgGa1aTMdtcSNw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.14,257,1736841600"; d="scan'208";a="122121895" Received: from spr.sh.intel.com ([10.239.53.19]) by fmviesa006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Mar 2025 08:30:55 -0700 From: Chao Gao To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, tglx@linutronix.de, dave.hansen@intel.com, seanjc@google.com, pbonzini@redhat.com Cc: peterz@infradead.org, rick.p.edgecombe@intel.com, weijiang.yang@intel.com, john.allen@amd.com, bp@alien8.de, chang.seok.bae@intel.com, xin3.li@intel.com, Chao Gao , Ingo Molnar , Dave Hansen , "H. Peter Anvin" , Uros Bizjak , Eric Biggers , Stanislav Spassov Subject: [PATCH v4 5/8] x86/fpu: Initialize guest FPU permissions from guest defaults Date: Tue, 18 Mar 2025 23:31:55 +0800 Message-ID: <20250318153316.1970147-6-chao.gao@intel.com> X-Mailer: git-send-email 2.46.1 In-Reply-To: <20250318153316.1970147-1-chao.gao@intel.com> References: <20250318153316.1970147-1-chao.gao@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Currently, fpu->guest_perm is copied from fpu->perm, which is derived from fpu_kernel_cfg.default_features. Initialize guest FPU permissions from guest defaults instead of host defaults. This ensures that any changes to guest_default_{features,size} are automatically reflected in guest permissions, which in turn guarantees that fpstate_realloc() allocates a correctly sized XSAVE buffer for guest FPUs. Signed-off-by: Chao Gao --- arch/x86/kernel/fpu/core.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/fpu/core.c b/arch/x86/kernel/fpu/core.c index 0b695c23bbfb..52df97a8a61b 100644 --- a/arch/x86/kernel/fpu/core.c +++ b/arch/x86/kernel/fpu/core.c @@ -542,8 +542,10 @@ void fpstate_reset(struct fpu *fpu) fpu->perm.__state_perm = fpu_kernel_cfg.default_features; fpu->perm.__state_size = fpu_kernel_cfg.default_size; fpu->perm.__user_state_size = fpu_user_cfg.default_size; - /* Same defaults for guests */ - fpu->guest_perm = fpu->perm; + + fpu->guest_perm.__state_perm = fpu_kernel_cfg.guest_default_features; + fpu->guest_perm.__state_size = fpu_kernel_cfg.guest_default_size; + fpu->guest_perm.__user_state_size = fpu_user_cfg.guest_default_size; } static inline void fpu_inherit_perms(struct fpu *dst_fpu) From patchwork Tue Mar 18 15:31:56 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chao Gao X-Patchwork-Id: 14021167 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BE4B520E704; Tue, 18 Mar 2025 15:31:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1742311868; cv=none; b=YrKtNZzdQJjCn4sjJnZU6r4uYLX1SAgrObaPb7ZJwBxNGSuRzfdHtL9IMeMwwlgb7h/nhkuwH6VIelBzhWqPVf50/qpd9H4LgqGCEz7GwdA+OcG17EXkrhWO0anHjOXGXh51zl90A11qEr7DSp5ykUwPss8Lz4O+sSfAT66Lar4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1742311868; c=relaxed/simple; bh=Ys76oYNT/q1qSOn1LbY6YJ/3JhQN83P+tzFUg1WTGLI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ETe1fBCQtZVnpSPL5ErmZahh75FcR5Hz64ag9UISbzLnvjkeEABV9XD0xTtsR2pL0n9bGDvJlLoZUD+Tc1IGWU2QEjrlWzQ5m0UFIMMjAW4mmDZ5fIbN/Gcy0ik8BOpLZpT3Sbc6KhpnMoVlmiBoKp9zzSh/wMDoKRoT8F5OkAM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=XYJ3fmnc; arc=none smtp.client-ip=192.198.163.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="XYJ3fmnc" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1742311867; x=1773847867; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Ys76oYNT/q1qSOn1LbY6YJ/3JhQN83P+tzFUg1WTGLI=; b=XYJ3fmncz/ZkEgg6MbBXqxFkAsna3Gg9Dx7wHjM65VuSHoYONTYcZD0x bStkfkh0ktz7ezpIa7xqq2aTf1Jrn85iP3LF3oDm23EVhoB6ttuJc1qTE nXz0qM5SbrT/U0sB+dJdnSDDWyY7HQhTuwMAnZkPJJ6/oSKRv0VhvEUch EOkTGR2xyPAC74fpMFoMOwDCxZlJsP6/0CPp/eb/vU71z6WV6lwyXNzJ8 h+mxYCy0R1NjVJmbymV8scnFGVdp8fUJeLl8GIu7ro/j+MA2mQBRQVJAi lkKKwcuids4bopmPM1nttq/X+L1rfS9D1v94YKG7F1K0Ej/FpJXlfH6HP g==; X-CSE-ConnectionGUID: bpG67gqxQgqtGtcMyhDWlg== X-CSE-MsgGUID: /29rdWasRG6WCv9qF5mxsQ== X-IronPort-AV: E=McAfee;i="6700,10204,11377"; a="46224260" X-IronPort-AV: E=Sophos;i="6.14,257,1736841600"; d="scan'208";a="46224260" Received: from fmviesa006.fm.intel.com ([10.60.135.146]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Mar 2025 08:31:06 -0700 X-CSE-ConnectionGUID: qXYctK0TSrOwbbQVxOlu1Q== X-CSE-MsgGUID: o3w8wac3R+afEoDgXV9CNg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.14,257,1736841600"; d="scan'208";a="122121991" Received: from spr.sh.intel.com ([10.239.53.19]) by fmviesa006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Mar 2025 08:31:01 -0700 From: Chao Gao To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, tglx@linutronix.de, dave.hansen@intel.com, seanjc@google.com, pbonzini@redhat.com Cc: peterz@infradead.org, rick.p.edgecombe@intel.com, weijiang.yang@intel.com, john.allen@amd.com, bp@alien8.de, chang.seok.bae@intel.com, xin3.li@intel.com, Chao Gao , Ingo Molnar , Dave Hansen , "H. Peter Anvin" , Stanislav Spassov , Uros Bizjak , Eric Biggers Subject: [PATCH v4 6/8] x86/fpu: Initialize guest fpstate and FPU pseudo container from guest defaults Date: Tue, 18 Mar 2025 23:31:56 +0800 Message-ID: <20250318153316.1970147-7-chao.gao@intel.com> X-Mailer: git-send-email 2.46.1 In-Reply-To: <20250318153316.1970147-1-chao.gao@intel.com> References: <20250318153316.1970147-1-chao.gao@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 fpu_alloc_guest_fpstate() currently uses host defaults to initialize guest fpstate and pseudo containers. Guest defaults were introduced to differentiate the features and sizes of host and guest FPUs. Update the function to use guest defaults instead. Signed-off-by: Chao Gao --- arch/x86/kernel/fpu/core.c | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/arch/x86/kernel/fpu/core.c b/arch/x86/kernel/fpu/core.c index 52df97a8a61b..b00e4032d75f 100644 --- a/arch/x86/kernel/fpu/core.c +++ b/arch/x86/kernel/fpu/core.c @@ -200,7 +200,16 @@ void fpu_reset_from_exception_fixup(void) } #if IS_ENABLED(CONFIG_KVM) -static void __fpstate_reset(struct fpstate *fpstate, u64 xfd); +static void __guest_fpstate_reset(struct fpstate *fpstate, u64 xfd) +{ + /* Initialize sizes and feature masks */ + fpstate->size = fpu_kernel_cfg.guest_default_size; + fpstate->user_size = fpu_user_cfg.guest_default_size; + fpstate->xfeatures = fpu_kernel_cfg.guest_default_features; + fpstate->user_xfeatures = fpu_user_cfg.guest_default_features; + fpstate->xfd = xfd; +} + static void fpu_lock_guest_permissions(struct fpu_guest *gfpu) { @@ -225,19 +234,21 @@ bool fpu_alloc_guest_fpstate(struct fpu_guest *gfpu) struct fpstate *fpstate; unsigned int size; - size = fpu_kernel_cfg.default_size + ALIGN(offsetof(struct fpstate, regs), 64); + size = fpu_kernel_cfg.guest_default_size + + ALIGN(offsetof(struct fpstate, regs), 64); + fpstate = vzalloc(size); if (!fpstate) return false; /* Leave xfd to 0 (the reset value defined by spec) */ - __fpstate_reset(fpstate, 0); + __guest_fpstate_reset(fpstate, 0); fpstate_init_user(fpstate); fpstate->is_valloc = true; fpstate->is_guest = true; gfpu->fpstate = fpstate; - gfpu->xfeatures = fpu_kernel_cfg.default_features; + gfpu->xfeatures = fpu_kernel_cfg.guest_default_features; /* * KVM sets the FP+SSE bits in the XSAVE header when copying FPU state @@ -249,8 +260,8 @@ bool fpu_alloc_guest_fpstate(struct fpu_guest *gfpu) * all features that can expand the uABI size must be opt-in. */ gfpu->uabi_size = sizeof(struct kvm_xsave); - if (WARN_ON_ONCE(fpu_user_cfg.default_size > gfpu->uabi_size)) - gfpu->uabi_size = fpu_user_cfg.default_size; + if (WARN_ON_ONCE(fpu_user_cfg.guest_default_size > gfpu->uabi_size)) + gfpu->uabi_size = fpu_user_cfg.guest_default_size; fpu_lock_guest_permissions(gfpu); From patchwork Tue Mar 18 15:31:57 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chao Gao X-Patchwork-Id: 14021168 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 16C7F19C56C; Tue, 18 Mar 2025 15:31:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1742311879; cv=none; b=YgGAsgcFyd6i/PvqWFJRd2Mh6b/w0KIA1lZrsmYDpUjp5nx/ViaR0E4uHWmrZLvmhgzKbJWzl692rLeyvr0WE7PjYqGn8xkhAyRzEKVOykh4mcunFwhSZ+jML7kkFTt6/MI5sTb+y2asKQkFQBFdGqSALvnSwzoPGylBxrzvrK0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1742311879; c=relaxed/simple; bh=nCXar2WdGQZ0X6LdpHvfSLsjNYgYiXeRXcUmw8zvhAA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=qDjXKmxbnC7jNNZleQNiIJ612OOyrRa+cs9qUlyOvhH7I3Q2qCckob1oLjX5bzGl4AewVEc8UNonawZ7/fQIyCe4YGgIQ1nn86KbCjzDk5EbdM2oLv7jN4Pm5cJWgxPGZgQxxci+2M+Vjugs/HGnhLRHOqPwiPEFqKSx8utbNEs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=fT7Ek0IY; arc=none smtp.client-ip=192.198.163.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="fT7Ek0IY" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1742311878; x=1773847878; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=nCXar2WdGQZ0X6LdpHvfSLsjNYgYiXeRXcUmw8zvhAA=; b=fT7Ek0IYsP/WPsWun0E/qLHh2DESnijFNCXlvsZ+lJD7qM+8rc6X60gN 3M7yuHe3PmeSbY3MHiN9OpwYK+wtXx+5k4TBj+C9NQ5nVttKE9CKny1OY q4KcGmMdUWjZwwGH/BVol/NOmZTJ4ZTdlTzWhdGTMr7zgvzDNeUZEVsu4 MEobDCaScy4t8Q4e4a7P1+WAY9bIC89VSSaXOec97ekARgo+u0V82TiBF MlFL7U8BE6TWqtlHbt7hiUG99MrusjfViwpjhQaA4yJedW4Df+OvL/MG4 CqgVzdbl4NNaSif7PPmdOOzylyjU5ZRDGZFPgM7cMmX0TpzisA8msK6CF A==; X-CSE-ConnectionGUID: mvl10m9kTtuY5gcyhrslCQ== X-CSE-MsgGUID: +gqV6QW5SNSSFevZzbA1xw== X-IronPort-AV: E=McAfee;i="6700,10204,11377"; a="46224316" X-IronPort-AV: E=Sophos;i="6.14,257,1736841600"; d="scan'208";a="46224316" Received: from fmviesa006.fm.intel.com ([10.60.135.146]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Mar 2025 08:31:17 -0700 X-CSE-ConnectionGUID: tMpVw26YQgaplfNV7iZi1Q== X-CSE-MsgGUID: R5i14et9SKuHhqW/h7BoLg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.14,257,1736841600"; d="scan'208";a="122122084" Received: from spr.sh.intel.com ([10.239.53.19]) by fmviesa006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Mar 2025 08:31:11 -0700 From: Chao Gao To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, tglx@linutronix.de, dave.hansen@intel.com, seanjc@google.com, pbonzini@redhat.com Cc: peterz@infradead.org, rick.p.edgecombe@intel.com, weijiang.yang@intel.com, john.allen@amd.com, bp@alien8.de, chang.seok.bae@intel.com, xin3.li@intel.com, Chao Gao , Ingo Molnar , Dave Hansen , "H. Peter Anvin" , Maxim Levitsky , Samuel Holland , Mitchell Levy , Li RongQing , Vignesh Balasubramanian , Aruna Ramakrishna Subject: [PATCH v4 7/8] x86/fpu/xstate: Introduce "guest-only" supervisor xfeature set Date: Tue, 18 Mar 2025 23:31:57 +0800 Message-ID: <20250318153316.1970147-8-chao.gao@intel.com> X-Mailer: git-send-email 2.46.1 In-Reply-To: <20250318153316.1970147-1-chao.gao@intel.com> References: <20250318153316.1970147-1-chao.gao@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Yang Weijiang Define a new XFEATURE_MASK_SUPERVISOR_GUEST mask to specify the features that are enabled by default in guest FPUs but not in host FPUs. Add CET_KERNEL as the first guest-only feature to save host FPUs from allocating XSAVE buffer space for all threads on CET-capable parts. Co-developed-by: Chao Gao Signed-off-by: Chao Gao Signed-off-by: Yang Weijiang --- Dropped Dave's Suggested-by as the patch has been changed significantly --- arch/x86/include/asm/fpu/types.h | 9 +++++---- arch/x86/include/asm/fpu/xstate.h | 3 +++ arch/x86/kernel/fpu/xstate.c | 5 ++++- 3 files changed, 12 insertions(+), 5 deletions(-) diff --git a/arch/x86/include/asm/fpu/types.h b/arch/x86/include/asm/fpu/types.h index 80647c060b32..079f3241e25b 100644 --- a/arch/x86/include/asm/fpu/types.h +++ b/arch/x86/include/asm/fpu/types.h @@ -568,8 +568,9 @@ struct fpu_state_config { * @default_size: * * The default size of the register state buffer. Includes all - * supported features except independent managed features and - * features which have to be requested by user space before usage. + * supported features except independent managed features, + * guest-only features and features which have to be requested by + * user space before usage. */ unsigned int default_size; @@ -595,8 +596,8 @@ struct fpu_state_config { * @default_features: * * The default supported features bitmap. Does not include - * independent managed features and features which have to - * be requested by user space before usage. + * independent managed features, guest-only features and features + * which have to be requested by user space before usage. */ u64 default_features; diff --git a/arch/x86/include/asm/fpu/xstate.h b/arch/x86/include/asm/fpu/xstate.h index 8990cf381bef..69db17476061 100644 --- a/arch/x86/include/asm/fpu/xstate.h +++ b/arch/x86/include/asm/fpu/xstate.h @@ -45,6 +45,9 @@ /* Features which are dynamically enabled for a process on request */ #define XFEATURE_MASK_USER_DYNAMIC XFEATURE_MASK_XTILE_DATA +/* Supervisor features which are enabled only in guest FPUs */ +#define XFEATURE_MASK_SUPERVISOR_GUEST XFEATURE_MASK_CET_KERNEL + /* All currently supported supervisor features */ #define XFEATURE_MASK_SUPERVISOR_SUPPORTED (XFEATURE_MASK_PASID | \ XFEATURE_MASK_CET_USER | \ diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c index 1dd6ddba8723..b19960215074 100644 --- a/arch/x86/kernel/fpu/xstate.c +++ b/arch/x86/kernel/fpu/xstate.c @@ -55,7 +55,7 @@ static const char *xfeature_names[] = "Protection Keys User registers", "PASID state", "Control-flow User registers", - "Control-flow Kernel registers", + "Control-flow Kernel registers (KVM only)", "unknown xstate feature", "unknown xstate feature", "unknown xstate feature", @@ -813,6 +813,9 @@ void __init fpu__init_system_xstate(unsigned int legacy_size) fpu_kernel_cfg.default_features &= ~XFEATURE_MASK_USER_DYNAMIC; fpu_kernel_cfg.guest_default_features = fpu_kernel_cfg.default_features; + /* Clean out guest-only features from default */ + fpu_kernel_cfg.default_features &= ~XFEATURE_MASK_SUPERVISOR_GUEST; + fpu_user_cfg.default_features = fpu_user_cfg.max_features; fpu_user_cfg.default_features &= ~XFEATURE_MASK_USER_DYNAMIC; fpu_user_cfg.guest_default_features = fpu_user_cfg.default_features; From patchwork Tue Mar 18 15:31:58 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chao Gao X-Patchwork-Id: 14021169 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8FB971A5BBD; Tue, 18 Mar 2025 15:31:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1742311886; cv=none; b=UWywBORQB7+OXrjA87KflkrMiRERgQmDOvscKBB09wDNT3AE6fWydmsJVRS2MIvORJ8edTmgXlPThbpzWtY+Dy5WgeSGVPXW+h6sxUuL1Z9ziThSXzowOraHDBYLErxVO5NM2SBbQcVdAWbQKAeMiyyOmQfwnElD0/d1L4UfSFw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1742311886; c=relaxed/simple; bh=LVoPauNoN9YJTCVXQmT71pckAtEqzejXxTzw3UGRIS0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=pZpbdfwjONddAfpXtsk+Lf4oEWAUcx3GAk3gQCEMz2Ucv1sOCcDcQbwnrgYsb73de6EfHXk69rNnkCQVNQAObUWKMqH0yaf1gtoPGdZdETl4RgjTt6sZKsyh0CRyrAfwZ4TFIGv1k27CIMw3rz6slK8jHYz0PrcJt76459fee4s= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=nhPkzVsC; arc=none smtp.client-ip=192.198.163.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="nhPkzVsC" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1742311885; x=1773847885; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=LVoPauNoN9YJTCVXQmT71pckAtEqzejXxTzw3UGRIS0=; b=nhPkzVsCTOCoZujy0ILctZlQ2sI6004w4D38FLMHR5EE5YRTfnQ6XsaD IOVis2YujYgXOA3xjmx0PEjIEVmJWsTnQkZhCth5EhmgXHv/P03k/s7dv kGpyohPV9UTtiGbkB2cpBA3PDAXyTBoJsCEeEkBCM0yWByUODeaUOPUrB W9GHlXZzwqwyIDRPoxVW1SIII6kOUORwk/HiN8h/YawgY0DEnKnRmUhbw TvKW79thrcmBUzukJ3UjghsLKhhse8RE8uYytjt+g4yJNXB2cO/+zWi1n s2jg2pCK9R4vBv0qsQuhHhf4pWVvwDckn+LlcYwPP6yvA7gzwQv+Cs813 g==; X-CSE-ConnectionGUID: 0pQ9OC/DTaykENJFxD9oCw== X-CSE-MsgGUID: pakymEtVSyKYJp+icGgfCA== X-IronPort-AV: E=McAfee;i="6700,10204,11377"; a="46224364" X-IronPort-AV: E=Sophos;i="6.14,257,1736841600"; d="scan'208";a="46224364" Received: from fmviesa006.fm.intel.com ([10.60.135.146]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Mar 2025 08:31:24 -0700 X-CSE-ConnectionGUID: qOJUVvY6TzOuLYHUhPXUcQ== X-CSE-MsgGUID: G57TWK+HTvGi+tSdoMTssA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.14,257,1736841600"; d="scan'208";a="122122138" Received: from spr.sh.intel.com ([10.239.53.19]) by fmviesa006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Mar 2025 08:31:19 -0700 From: Chao Gao To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, tglx@linutronix.de, dave.hansen@intel.com, seanjc@google.com, pbonzini@redhat.com Cc: peterz@infradead.org, rick.p.edgecombe@intel.com, weijiang.yang@intel.com, john.allen@amd.com, bp@alien8.de, chang.seok.bae@intel.com, xin3.li@intel.com, Chao Gao , Ingo Molnar , Dave Hansen , "H. Peter Anvin" , Aruna Ramakrishna , Mitchell Levy , Adamos Ttofari , Uros Bizjak Subject: [PATCH v4 8/8] x86/fpu/xstate: Warn if guest-only supervisor states are detected in normal fpstate Date: Tue, 18 Mar 2025 23:31:58 +0800 Message-ID: <20250318153316.1970147-9-chao.gao@intel.com> X-Mailer: git-send-email 2.46.1 In-Reply-To: <20250318153316.1970147-1-chao.gao@intel.com> References: <20250318153316.1970147-1-chao.gao@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Yang Weijiang guest-only supervisor state bits should be __ONLY__ enabled for guest fpstate, i.e., never for normal kernel fpstate. WARN_ONCE() if normal kernel fpstate sees any of these features. Signed-off-by: Yang Weijiang Signed-off-by: Chao Gao --- arch/x86/kernel/fpu/xstate.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/x86/kernel/fpu/xstate.h b/arch/x86/kernel/fpu/xstate.h index 1418423bc4c9..f644647c0549 100644 --- a/arch/x86/kernel/fpu/xstate.h +++ b/arch/x86/kernel/fpu/xstate.h @@ -208,6 +208,8 @@ static inline void os_xsave(struct fpstate *fpstate) WARN_ON_FPU(!alternatives_patched); xfd_validate_state(fpstate, mask, false); + WARN_ON_FPU(!fpstate->is_guest && (mask & XFEATURE_MASK_SUPERVISOR_GUEST)); + XSTATE_XSAVE(&fpstate->regs.xsave, lmask, hmask, err); /* We should never fault when copying to a kernel buffer: */