From: Borislav Petkov <bp@alien8.de>
To: Thomas Gleixner <tglx@linutronix.de>
Cc: Fenghua Yu <fenghua.yu@intel.com>,
linux-kernel <linux-kernel@vger.kernel.org>, x86 <x86@kernel.org>,
iommu@lists.linux-foundation.org, Ingo Molnar <mingo@redhat.com>,
H Peter Anvin <hpa@zytor.com>, Andy Lutomirski <luto@kernel.org>,
Jean-Philippe Brucker <jean-philippe@linaro.org>,
Christoph Hellwig <hch@infradead.org>,
Peter Zijlstra <peterz@infradead.org>,
David Woodhouse <dwmw2@infradead.org>,
Lu Baolu <baolu.lu@linux.intel.com>,
Dave Hansen <dave.hansen@intel.com>,
Tony Luck <tony.luck@intel.com>,
Randy Dunlap <rdunlap@infradead.org>,
Ashok Raj <ashok.raj@intel.com>,
Jacob Jun Pan <jacob.jun.pan@intel.com>,
Dave Jiang <dave.jiang@intel.com>,
Sohil Mehta <sohil.mehta@intel.com>,
Ravi V Shankar <ravi.v.shankar@intel.com>
Subject: Re: [PATCH] x86/cpufeatures: Force disable X86_FEATURE_ENQCMD and remove update_pasid()
Date: Mon, 31 May 2021 10:43:04 +0200 [thread overview]
Message-ID: <YLShmFEzddfm7WQs@zn.tnic> (raw)
In-Reply-To: <87mtsd6gr9.ffs@nanos.tec.linutronix.de>
On Sat, May 29, 2021 at 11:17:30AM +0200, Thomas Gleixner wrote:
> While digesting the XSAVE related horrors, which got introduced with the
> supervisor/user split, the recent addition of ENQCMD related functionality
> got on the radar and turned out to be similarly broken.
>
> update_pasid(), which is only required when X86_FEATURE_ENQCMD is
> available, is invoked from two places:
>
> 1) From switch_to() for the incoming task
>
> 2) Via a SMP function call from the IOMMU/SMV code
>
> #1 is half-ways correct as it hacks around the brokenness of get_xsave_addr()
> by enforcing the state to be 'present', but all the conditionals in that
> code are completely pointless for that.
>
> Also the invocation is just useless overhead because at that point
> it's guaranteed that TIF_NEED_FPU_LOAD is set on the incoming task
> and all of this can be handled at return to user space.
>
> #2 is broken beyond repair. The comment in the code claims that it is safe
> to invoke this in an IPI, but that's just wishful thinking.
>
> FPU state of a running task is protected by fregs_lock() which is
> nothing else than a local_bh_disable(). As BH disabled regions run
> usually with interrupts enabled the IPI can hit a code section which
> modifies FPU state and there is absolutely no guarantee that any of the
> assumptions which are made for the IPI case is true.
... so on a PASID system, your trivial reproducer would theoretically
fire the same way and corrupt FPU state just as well.
Hohumm, I'd say we need all those reproducers turned into proper self
tests and run on everything new that touches xstate. *At* *least*.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
WARNING: multiple messages have this Message-ID (diff)
From: Borislav Petkov <bp@alien8.de>
To: Thomas Gleixner <tglx@linutronix.de>
Cc: Fenghua Yu <fenghua.yu@intel.com>,
Tony Luck <tony.luck@intel.com>,
Dave Jiang <dave.jiang@intel.com>,
Ashok Raj <ashok.raj@intel.com>,
Ravi V Shankar <ravi.v.shankar@intel.com>,
Jean-Philippe Brucker <jean-philippe@linaro.org>,
Peter Zijlstra <peterz@infradead.org>, x86 <x86@kernel.org>,
linux-kernel <linux-kernel@vger.kernel.org>,
Jacob Jun Pan <jacob.jun.pan@intel.com>,
Christoph Hellwig <hch@infradead.org>,
Dave Hansen <dave.hansen@intel.com>,
iommu@lists.linux-foundation.org, Ingo Molnar <mingo@redhat.com>,
Randy Dunlap <rdunlap@infradead.org>,
Andy Lutomirski <luto@kernel.org>, H Peter Anvin <hpa@zytor.com>,
David Woodhouse <dwmw2@infradead.org>
Subject: Re: [PATCH] x86/cpufeatures: Force disable X86_FEATURE_ENQCMD and remove update_pasid()
Date: Mon, 31 May 2021 10:43:04 +0200 [thread overview]
Message-ID: <YLShmFEzddfm7WQs@zn.tnic> (raw)
In-Reply-To: <87mtsd6gr9.ffs@nanos.tec.linutronix.de>
On Sat, May 29, 2021 at 11:17:30AM +0200, Thomas Gleixner wrote:
> While digesting the XSAVE related horrors, which got introduced with the
> supervisor/user split, the recent addition of ENQCMD related functionality
> got on the radar and turned out to be similarly broken.
>
> update_pasid(), which is only required when X86_FEATURE_ENQCMD is
> available, is invoked from two places:
>
> 1) From switch_to() for the incoming task
>
> 2) Via a SMP function call from the IOMMU/SMV code
>
> #1 is half-ways correct as it hacks around the brokenness of get_xsave_addr()
> by enforcing the state to be 'present', but all the conditionals in that
> code are completely pointless for that.
>
> Also the invocation is just useless overhead because at that point
> it's guaranteed that TIF_NEED_FPU_LOAD is set on the incoming task
> and all of this can be handled at return to user space.
>
> #2 is broken beyond repair. The comment in the code claims that it is safe
> to invoke this in an IPI, but that's just wishful thinking.
>
> FPU state of a running task is protected by fregs_lock() which is
> nothing else than a local_bh_disable(). As BH disabled regions run
> usually with interrupts enabled the IPI can hit a code section which
> modifies FPU state and there is absolutely no guarantee that any of the
> assumptions which are made for the IPI case is true.
... so on a PASID system, your trivial reproducer would theoretically
fire the same way and corrupt FPU state just as well.
Hohumm, I'd say we need all those reproducers turned into proper self
tests and run on everything new that touches xstate. *At* *least*.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
_______________________________________________
iommu mailing list
iommu@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/iommu
next prev parent reply other threads:[~2021-05-31 8:43 UTC|newest]
Thread overview: 70+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-15 16:30 [PATCH v8 0/9] x86: tag application address space for devices Fenghua Yu
2020-09-15 16:30 ` [PATCH v8 1/9] drm, iommu: Change type of pasid to u32 Fenghua Yu
2020-09-18 7:42 ` [tip: x86/pasid] " tip-bot2 for Fenghua Yu
2020-09-15 16:30 ` [PATCH v8 2/9] iommu/vt-d: Change flags type to unsigned int in binding mm Fenghua Yu
2020-09-15 16:30 ` Fenghua Yu
2020-09-18 7:42 ` [tip: x86/pasid] " tip-bot2 for Fenghua Yu
2020-09-15 16:30 ` [PATCH v8 3/9] Documentation/x86: Add documentation for SVA (Shared Virtual Addressing) Fenghua Yu
2020-09-17 7:53 ` Borislav Petkov
2020-09-17 7:53 ` Borislav Petkov
2020-09-17 14:56 ` Raj, Ashok
2020-09-17 14:56 ` Raj, Ashok
2020-09-17 17:18 ` Borislav Petkov
2020-09-17 17:18 ` Borislav Petkov
2020-09-17 17:22 ` Raj, Ashok
2020-09-17 17:22 ` Raj, Ashok
2020-09-17 17:30 ` Borislav Petkov
2020-09-17 17:30 ` Borislav Petkov
2020-09-18 16:22 ` Fenghua Yu
2020-09-18 16:22 ` Fenghua Yu
2020-09-18 7:42 ` [tip: x86/pasid] " tip-bot2 for Ashok Raj
2020-09-15 16:30 ` [PATCH v8 4/9] x86/cpufeatures: Enumerate ENQCMD and ENQCMDS instructions Fenghua Yu
2020-09-15 16:30 ` Fenghua Yu
2020-09-18 7:42 ` [tip: x86/pasid] " tip-bot2 for Fenghua Yu
2020-09-15 16:30 ` [PATCH v8 5/9] x86/fpu/xstate: Add supervisor PASID state for ENQCMD feature Fenghua Yu
2020-09-15 16:30 ` Fenghua Yu
2020-09-18 7:42 ` [tip: x86/pasid] x86/fpu/xstate: Add supervisor PASID state for ENQCMD tip-bot2 for Yu-cheng Yu
2020-09-15 16:30 ` [PATCH v8 6/9] x86/msr-index: Define IA32_PASID MSR Fenghua Yu
2020-09-15 16:30 ` Fenghua Yu
2020-09-18 7:42 ` [tip: x86/pasid] x86/msr-index: Define an " tip-bot2 for Fenghua Yu
2020-09-15 16:30 ` [PATCH v8 7/9] mm: Define pasid in mm Fenghua Yu
2020-09-18 7:42 ` [tip: x86/pasid] mm: Add a pasid member to struct mm_struct tip-bot2 for Fenghua Yu
2020-09-15 16:30 ` [PATCH v8 8/9] x86/cpufeatures: Mark ENQCMD as disabled when configured out Fenghua Yu
2020-09-18 7:42 ` [tip: x86/pasid] " tip-bot2 for Fenghua Yu
2020-09-15 16:30 ` [PATCH v8 9/9] x86/mmu: Allocate/free PASID Fenghua Yu
2020-09-15 16:30 ` Fenghua Yu
2020-09-18 7:42 ` [tip: x86/pasid] x86/mmu: Allocate/free a PASID tip-bot2 for Fenghua Yu
2021-05-29 9:17 ` [PATCH] x86/cpufeatures: Force disable X86_FEATURE_ENQCMD and remove update_pasid() Thomas Gleixner
2021-05-29 9:17 ` Thomas Gleixner
2021-05-31 8:43 ` Borislav Petkov [this message]
2021-05-31 8:43 ` Borislav Petkov
2021-05-31 10:16 ` Thomas Gleixner
2021-05-31 10:16 ` Thomas Gleixner
2021-06-02 20:37 ` Luck, Tony
2021-06-02 20:37 ` Luck, Tony
2021-06-03 17:31 ` Andy Lutomirski
2021-06-03 17:31 ` Andy Lutomirski
2021-06-09 17:32 ` Luck, Tony
2021-06-09 17:32 ` Luck, Tony
2021-06-09 23:34 ` Andy Lutomirski
2021-06-09 23:34 ` Andy Lutomirski
2021-06-25 15:46 ` Luck, Tony
2021-06-25 15:46 ` Luck, Tony
2021-06-02 10:14 ` Borislav Petkov
2021-06-02 10:14 ` Borislav Petkov
2021-06-02 10:20 ` Thomas Gleixner
2021-06-02 10:20 ` Thomas Gleixner
2021-06-03 11:20 ` Vinod Koul
2021-06-03 11:20 ` Vinod Koul
2021-06-03 11:42 ` Borislav Petkov
2021-06-03 11:42 ` Borislav Petkov
2021-06-03 12:47 ` Vinod Koul
2021-06-03 12:47 ` Vinod Koul
2021-06-03 14:33 ` Borislav Petkov
2021-06-03 14:33 ` Borislav Petkov
2021-06-02 19:49 ` [tip: x86/urgent] " tip-bot2 for Thomas Gleixner
2021-06-03 14:38 ` tip-bot2 for Thomas Gleixner
2020-09-16 8:06 ` [PATCH v8 0/9] x86: tag application address space for devices Joerg Roedel
2020-09-16 8:06 ` Joerg Roedel
2020-09-17 23:53 ` Fenghua Yu
2020-09-17 23:53 ` Fenghua Yu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YLShmFEzddfm7WQs@zn.tnic \
--to=bp@alien8.de \
--cc=ashok.raj@intel.com \
--cc=baolu.lu@linux.intel.com \
--cc=dave.hansen@intel.com \
--cc=dave.jiang@intel.com \
--cc=dwmw2@infradead.org \
--cc=fenghua.yu@intel.com \
--cc=hch@infradead.org \
--cc=hpa@zytor.com \
--cc=iommu@lists.linux-foundation.org \
--cc=jacob.jun.pan@intel.com \
--cc=jean-philippe@linaro.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=ravi.v.shankar@intel.com \
--cc=rdunlap@infradead.org \
--cc=sohil.mehta@intel.com \
--cc=tglx@linutronix.de \
--cc=tony.luck@intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.