From: Paolo Bonzini <pbonzini@redhat.com>
To: Thomas Gleixner <tglx@linutronix.de>,
Yang Zhong <yang.zhong@intel.com>,
x86@kernel.org, kvm@vger.kernel.org,
linux-kernel@vger.kernel.org, mingo@redhat.com, bp@alien8.de,
dave.hansen@linux.intel.com
Cc: seanjc@google.com, jun.nakajima@intel.com, kevin.tian@intel.com,
jing2.liu@linux.intel.com, jing2.liu@intel.com
Subject: Re: [PATCH 16/19] kvm: x86: Introduce KVM_{G|S}ET_XSAVE2 ioctl
Date: Mon, 13 Dec 2021 11:43:34 +0100 [thread overview]
Message-ID: <08107331-34b9-b33d-67ee-300f216341e0@redhat.com> (raw)
In-Reply-To: <87bl1kvmqg.ffs@tglx>
On 12/13/21 11:10, Thomas Gleixner wrote:
> On Fri, Dec 10 2021 at 17:30, Paolo Bonzini wrote:
>> On 12/8/21 01:03, Yang Zhong wrote:
>>> +static int kvm_vcpu_ioctl_x86_set_xsave2(struct kvm_vcpu *vcpu, u8 *state)
>>> +{
>>> + if (fpstate_is_confidential(&vcpu->arch.guest_fpu))
>>> + return 0;
>>> +
>>> + return fpu_copy_uabi_to_guest_fpstate(&vcpu->arch.guest_fpu, state,
>>> + supported_xcr0, &vcpu->arch.pkru);
>>> +}
>>> +
>>
>> I think fpu_copy_uabi_to_guest_fpstate (and therefore
>> copy_uabi_from_kernel_to_xstate) needs to check that the size is
>> compatible with the components in the input.
>
> fpu_copy_uabi_to_guest_fpstate() expects that the input buffer is
> correctly sized. We surely can add a size check there.
fpu_copy_guest_fpstate_to_uabi is more problematic because that one
writes memory. For fpu_copy_uabi_to_guest_fpstate, we know the input
buffer size from the components and we can use it to do a properly-sized
memdup_user.
For fpu_copy_guest_fpstate_to_uabi we can just decide that KVM_GET_XSAVE
will only save up to the first 4K. Something like the following might
actually be good for 5.16-rc; right now, header.xfeatures might lead
userspace into reading uninitialized or unmapped memory:
diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c
index d28829403ed0..69609b8c3887 100644
--- a/arch/x86/kernel/fpu/xstate.c
+++ b/arch/x86/kernel/fpu/xstate.c
@@ -1138,8 +1138,10 @@ void __copy_xstate_to_uabi_buf(struct membuf to, struct fpstate *fpstate,
struct xstate_header header;
unsigned int zerofrom;
u64 mask;
+ u64 size;
int i;
+ size = to->left;
memset(&header, 0, sizeof(header));
header.xfeatures = xsave->header.xfeatures;
@@ -1186,7 +1188,20 @@ void __copy_xstate_to_uabi_buf(struct membuf to, struct fpstate *fpstate,
/* Copy xsave->i387.sw_reserved */
membuf_write(&to, xstate_fx_sw_bytes, sizeof(xsave->i387.sw_reserved));
- /* Copy the user space relevant state of @xsave->header */
+ /*
+ * Copy the user space relevant state of @xsave->header.
+ * If not all features fit in the buffer, drop them from the
+ * saved state so that userspace does not read uninitialized or
+ * unmapped memory.
+ */
+ mask = fpstate->user_xfeatures;
+ for_each_extended_xfeature(i, mask) {
+ if (xstate_offsets[i] + xstate_size[i] > size) {
+ header.xfeatures &= BIT(i) - 1;
+ mask &= BIT(i) - 1;
+ break;
+ }
+ }
membuf_write(&to, &header, sizeof(header));
zerofrom = offsetof(struct xregs_state, extended_state_area);
@@ -1197,7 +1212,6 @@ void __copy_xstate_to_uabi_buf(struct membuf to, struct fpstate *fpstate,
* but there is no state to copy from in the compacted
* init_fpstate. The gap tracking will zero these states.
*/
- mask = fpstate->user_xfeatures;
for_each_extended_xfeature(i, mask) {
/*
>> Also, IIUC the size of the AMX state will vary in different processors.
>> Is this correct? If so, this should be handled already by
>> KVM_GET/SET_XSAVE2 and therefore should be part of the
>> arch/x86/kernel/fpu APIs. In the future we want to support migrating a
>> "small AMX" host to a "large AMX" host; and also migrating from a "large
>> AMX" host to a "small AMX" host if the guest CPUID is compatible with
>> the destination of the migration.
>
> How is that supposed to work? If the AMX state size differs then the
> hosts are not compatible.
I replied with some more questions later. Basically it depends on how
Intel will define palettes that aren't part of the first implementation
of AMX.
Paolo
next prev parent reply other threads:[~2021-12-13 10:43 UTC|newest]
Thread overview: 80+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-08 0:03 [PATCH 00/19] AMX Support in KVM Yang Zhong
2021-12-08 0:03 ` [PATCH 01/19] x86/fpu: Extend prctl() with guest permissions Yang Zhong
2021-12-14 0:16 ` Thomas Gleixner
2021-12-08 0:03 ` [PATCH 02/19] x86/fpu: Prepare KVM for dynamically enabled states Yang Zhong
2021-12-13 9:12 ` Paolo Bonzini
2021-12-13 12:00 ` Thomas Gleixner
2021-12-13 12:45 ` Paolo Bonzini
2021-12-13 19:50 ` Thomas Gleixner
2021-12-08 0:03 ` [PATCH 03/19] kvm: x86: Fix xstate_required_size() to follow XSTATE alignment rule Yang Zhong
2021-12-08 0:03 ` [PATCH 04/19] kvm: x86: Check guest xstate permissions when KVM_SET_CPUID2 Yang Zhong
2021-12-08 0:03 ` [PATCH 05/19] x86/fpu: Move xfd initialization out of __fpstate_reset() to the callers Yang Zhong
2021-12-10 22:33 ` Thomas Gleixner
2021-12-08 0:03 ` [PATCH 06/19] x86/fpu: Add reallocation mechanims for KVM Yang Zhong
2021-12-08 0:03 ` [PATCH 07/19] kvm: x86: Propagate fpstate reallocation error to userspace Yang Zhong
2021-12-10 15:44 ` Paolo Bonzini
2021-12-08 0:03 ` [PATCH 08/19] x86/fpu: Move xfd_update_state() to xstate.c and export symbol Yang Zhong
2021-12-10 22:44 ` Thomas Gleixner
2021-12-08 0:03 ` [PATCH 09/19] kvm: x86: Prepare reallocation check Yang Zhong
2021-12-13 9:16 ` Paolo Bonzini
2021-12-14 7:06 ` Tian, Kevin
2021-12-14 10:16 ` Paolo Bonzini
2021-12-14 14:41 ` Liu, Jing2
2021-12-15 7:09 ` Tian, Kevin
2021-12-08 0:03 ` [PATCH 10/19] kvm: x86: Emulate WRMSR of guest IA32_XFD Yang Zhong
2021-12-10 16:02 ` Paolo Bonzini
2021-12-13 7:51 ` Liu, Jing2
2021-12-13 9:01 ` Paolo Bonzini
2021-12-14 10:26 ` Yang Zhong
2021-12-14 11:24 ` Paolo Bonzini
2021-12-10 23:09 ` Thomas Gleixner
2021-12-13 15:06 ` Paolo Bonzini
2021-12-13 19:45 ` Thomas Gleixner
2021-12-13 21:23 ` Thomas Gleixner
2021-12-14 7:16 ` Tian, Kevin
2021-12-08 0:03 ` [PATCH 11/19] kvm: x86: Check fpstate reallocation in XSETBV emulation Yang Zhong
2021-12-08 0:03 ` [PATCH 12/19] x86/fpu: Prepare KVM for bringing XFD state back in-sync Yang Zhong
2021-12-10 23:11 ` Thomas Gleixner
2021-12-08 0:03 ` [PATCH 13/19] kvm: x86: Disable WRMSR interception for IA32_XFD on demand Yang Zhong
2021-12-08 7:23 ` Liu, Jing2
2021-12-08 0:03 ` [PATCH 14/19] x86/fpu: Prepare for KVM XFD_ERR handling Yang Zhong
2021-12-10 16:16 ` Paolo Bonzini
2021-12-10 23:20 ` Thomas Gleixner
2021-12-08 0:03 ` [PATCH 15/19] kvm: x86: Save and restore guest XFD_ERR properly Yang Zhong
2021-12-10 16:23 ` Paolo Bonzini
2021-12-10 22:01 ` Paolo Bonzini
2021-12-12 13:10 ` Yang Zhong
2021-12-11 0:10 ` Thomas Gleixner
2021-12-11 1:31 ` Paolo Bonzini
2021-12-11 3:23 ` Tian, Kevin
2021-12-11 13:10 ` Thomas Gleixner
2021-12-11 3:07 ` Tian, Kevin
2021-12-11 13:29 ` Thomas Gleixner
2021-12-12 1:50 ` Tian, Kevin
2021-12-12 9:10 ` Paolo Bonzini
2021-12-08 0:03 ` [PATCH 16/19] kvm: x86: Introduce KVM_{G|S}ET_XSAVE2 ioctl Yang Zhong
2021-12-10 16:25 ` Paolo Bonzini
2021-12-10 16:30 ` Paolo Bonzini
2021-12-10 22:13 ` Paolo Bonzini
2021-12-13 8:23 ` Wang, Wei W
2021-12-13 9:24 ` Paolo Bonzini
2021-12-14 6:06 ` Wang, Wei W
2021-12-14 6:18 ` Paolo Bonzini
2021-12-15 2:39 ` Wang, Wei W
2021-12-15 13:42 ` Paolo Bonzini
2021-12-16 8:25 ` Wang, Wei W
2021-12-16 10:28 ` Paolo Bonzini
2021-12-20 17:54 ` State Component 18 and Palette 1 (Re: [PATCH 16/19] kvm: x86: Introduce KVM_{G|S}ET_XSAVE2 ioctl) Nakajima, Jun
2021-12-22 14:44 ` Paolo Bonzini
2021-12-22 23:47 ` Nakajima, Jun
2021-12-22 14:52 ` Dave Hansen
2021-12-22 23:51 ` Nakajima, Jun
2021-12-13 10:10 ` [PATCH 16/19] kvm: x86: Introduce KVM_{G|S}ET_XSAVE2 ioctl Thomas Gleixner
2021-12-13 10:43 ` Paolo Bonzini [this message]
2021-12-13 12:40 ` Thomas Gleixner
2021-12-08 0:03 ` [PATCH 17/19] docs: virt: api.rst: Document the new KVM_{G, S}ET_XSAVE2 ioctls Yang Zhong
2021-12-08 0:03 ` [PATCH 18/19] kvm: x86: AMX XCR0 support for guest Yang Zhong
2021-12-10 16:30 ` Paolo Bonzini
2021-12-08 0:03 ` [PATCH 19/19] kvm: x86: Add AMX CPUIDs support Yang Zhong
2021-12-10 21:52 ` Paolo Bonzini
2021-12-11 21:20 ` [PATCH 00/19] AMX Support in KVM Thomas Gleixner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=08107331-34b9-b33d-67ee-300f216341e0@redhat.com \
--to=pbonzini@redhat.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=jing2.liu@intel.com \
--cc=jing2.liu@linux.intel.com \
--cc=jun.nakajima@intel.com \
--cc=kevin.tian@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
--cc=yang.zhong@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.