Re: [PATCH v4 1/2] x86/arch_prctl: Fix the ARCH_REQ_XCOMP_PERM implementation

From: Hao Xiang <hao.xiang@linux.alibaba.com>
To: chang.seok.bae@intel.com
Cc: bp@alien8.de, dave.hansen@linux.intel.com,
	linux-kernel@vger.kernel.org, mingo@redhat.com,
	ravi.v.shankar@intel.com, tglx@linutronix.de, x86@kernel.org,
	yang.zhong@intel.com
Subject: Re: [PATCH v4 1/2] x86/arch_prctl: Fix the ARCH_REQ_XCOMP_PERM implementation
Date: Mon, 7 Mar 2022 20:20:19 +0800	[thread overview]
Message-ID: <98d5a389-6856-0cec-b730-65f609ff15db@linux.alibaba.com> (raw)
In-Reply-To: <20220129173647.27981-2-chang.seok.bae@intel.com>

x86/arch_prctl: Fix the ARCH_REQ_XCOMP_PERM implementation

If WRITE_ONCE(perm->__state_perm, requested) is modified to
WRITE_ONCE(perm->__state_perm, mask), When the qemu process does not 
request the XFEATURE_MASK_XTILE_DATA xsave state permission, there may 
be a gp error (kvm: kvm_set_xcr line 1091 inject gp fault with cpl 0) 
because __kvm_set_xcr return 1.

static int __kvm_set_xcr(struct kvm_vcpu *vcpu, u32 index, u64 xcr){
     ...
     // xcr0 includes XFEATURE_MASK_XTILE_CFG by default.
     if ((xcr0 & XFEATURE_MASK_XTILE) &&
         ((xcr0 & XFEATURE_MASK_XTILE) != XFEATURE_MASK_XTILE))
         return 1;
     ...
}

diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c
index 02b3dda..2d4363e 100644
--- a/arch/x86/kernel/fpu/xstate.c
+++ b/arch/x86/kernel/fpu/xstate.c
@@ -1636,7 +1636,7 @@ static int __xstate_request_perm(u64 permitted, 
u64 requested, bool guest)

         perm = guest ? &fpu->guest_perm : &fpu->perm;
         /* Pairs with the READ_ONCE() in xstate_get_group_perm() */
-       WRITE_ONCE(perm->__state_perm, requested);
+       WRITE_ONCE(perm->__state_perm, mask);
         /* Protected by sighand lock */
         perm->__state_size = ksize;
         perm->__user_state_size = usize;
diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
index 494d4d3..e8704568 100644
--- a/arch/x86/kvm/cpuid.c
+++ b/arch/x86/kvm/cpuid.c
@@ -908,6 +908,9 @@ static inline int __do_cpuid_func(struct 
kvm_cpuid_array *array, u32 function)
                 break;
         case 0xd: {
                 u64 permitted_xcr0 = supported_xcr0 & 
xstate_get_guest_group_perm();
+               permitted_xcr0 = ((permitted_xcr0 & 
XFEATURES_MASK_XTILE) != XFEATURES_MASK_XTILE)
+                               ? permitted_xcr0
+                               : permitted_xcr0 & ~XFEATURES_MASK_XTILE;
                 u64 permitted_xss = supported_xss;

                 entry->eax &= permitted_xcr0;

