From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752936AbbCYATC (ORCPT ); Tue, 24 Mar 2015 20:19:02 -0400 Received: from mail-la0-f41.google.com ([209.85.215.41]:35402 "EHLO mail-la0-f41.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752146AbbCYAS6 (ORCPT ); Tue, 24 Mar 2015 20:18:58 -0400 MIME-Version: 1.0 In-Reply-To: <5511FD59.3040503@intel.com> References: <1427235664-25318-1-git-send-email-dave.hansen@intel.com> <1427235664-25318-2-git-send-email-dave.hansen@intel.com> <5511F65A.5020505@intel.com> <5511FD59.3040503@intel.com> From: Andy Lutomirski Date: Tue, 24 Mar 2015 17:18:35 -0700 Message-ID: Subject: Re: [PATCH 01/17] x86, fpu: wrap get_xsave_addr() to make it safer To: Dave Hansen Cc: Thomas Gleixner , "linux-kernel@vger.kernel.org" , X86 ML , Dave Hansen , Rik van Riel , Suresh Siddha , Ingo Molnar , "H. Peter Anvin" , Fenghua Yu , Oleg Nesterov Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Mar 24, 2015 at 5:12 PM, Dave Hansen wrote: > On 03/24/2015 04:52 PM, Andy Lutomirski wrote: >> On Tue, Mar 24, 2015 at 4:42 PM, Dave Hansen wrote: >>> On 03/24/2015 03:28 PM, Andy Lutomirski wrote: >>>> Your function appears to be getting it for write (I assume that's what >>>> the unlazy_fpu is for), so I'd rather have it called >>>> tsk_get_xsave_field_for_write or something like that. >>> >>> It should be entirely read-only. >>> >>> For MPX (the only user of get_xsave_addr() iirc), we are only worried >>> about getting the status codes (and addresses) out of the bndstatus >>> register and making sure that the kernel-recorded bounds directory >>> address matches the bndcfgu (configuration) register. >>> >>> We don't ever write to the registers. >> >> So why are you unlazying it? > > Oleg actually suggested it. > >> IIUC, the xstae for current can be in one of three logical states: >> >> 1. Live in CPU regs. The in-memory copy is garbage and the state is >> in CPU regs. >> 2. Lazy. The in-memory copy and the CPU regs match. Writing to >> either copy is illegal. >> 3. In memory only. Writing to the in-memory copy is safe. >> >> IIUC, you want to read the xstate, do you're okay with #2 or #3. This >> would be tsk_get_xsave_field_for_read in my terminology. >> >> If you want to write the xstate, you'd need to be in state #3, which >> would be tsk_get_xsave_field_for_write. >> >> IIUC, unlazy_fpu just moves from from state 2 to 3. > > I won't completely claim to understand what's going on with the FPU > code, but I think your analysis is a bit off. > > unlazy_fpu() does __save_init_fpu() which (among other things) calls > xsave to dump the CPU registers to memory. That doesn't make any sense > to do if "The in-memory copy and the CPU regs match." > > IOW, unlazy_fpu() is called when the in-memory copy is garbage and takes > us to a state where we can look at the in-memory copy. I think that __save_init_fpu (called by unlazy_fpu) does that, but __thread_fpu_end calls __thread_clear_has_fpu, which, in turn, zaps fpu_owner_task, which will force an unnecessary xrstor. Or maybe not if we have further bugs. Holy crap these functions are poorly named. Also, what, if anything, guarantees that fpu_owner_task is set on entry to userspace? Do we even need it to be set? Oleg, help? --Andy -- Andy Lutomirski AMA Capital Management, LLC