From: Dave Hansen <dave.hansen@intel.com>
To: Sean Christopherson <sean.j.christopherson@intel.com>,
"Yu, Yu-cheng" <yu-cheng.yu@intel.com>
Cc: Andy Lutomirski <luto@kernel.org>,
LKML <linux-kernel@vger.kernel.org>, X86 ML <x86@kernel.org>,
Rik van Riel <riel@surriel.com>,
Andrew Cooper <andrew.cooper3@citrix.com>
Subject: Re: How should we handle illegal task FPU state?
Date: Thu, 1 Oct 2020 14:50:37 -0700 [thread overview]
Message-ID: <f1835c1f-31bc-16a9-ffa5-896b1aeb895a@intel.com> (raw)
In-Reply-To: <20201001205857.GH7474@linux.intel.com>
On 10/1/20 1:58 PM, Sean Christopherson wrote:
> One thought for a lowish effort approach to pave the way for CET would be to
> try XRSTORS multiple times in switch_fpu_return(). If the first try fails,
> then WARN, init non-supervisor state and try a second time, and if _that_ fails
> then kill the task. I.e. do the minimum effort to play nice with bad FPU
> state, but don't let anything "accidentally" turn off CET.
I'm not sure we should ever keep running userspace after an XRSTOR*
failure. For MPX, this might have provided a nice, additional vector
for an attacker to turn off MPX. Same for pkeys if we didn't correctly
differentiate between the hardware init state versus the "software init"
state that we keep in init_task.
What's the advantage of letting userspace keep running after we init its
state? That it _might_ be able to recover?
next prev parent reply other threads:[~2020-10-01 21:50 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-01 17:43 How should we handle illegal task FPU state? Andy Lutomirski
2020-10-01 20:32 ` Yu, Yu-cheng
2020-10-01 20:58 ` Sean Christopherson
2020-10-01 21:42 ` Andrew Cooper
2020-10-01 21:50 ` Dave Hansen [this message]
2020-10-01 22:04 ` Andy Lutomirski
2020-10-08 18:08 ` Yu, Yu-cheng
2020-10-09 0:08 ` Andy Lutomirski
2020-11-02 18:39 ` Borislav Petkov
2020-10-01 21:26 ` Andrew Cooper
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f1835c1f-31bc-16a9-ffa5-896b1aeb895a@intel.com \
--to=dave.hansen@intel.com \
--cc=andrew.cooper3@citrix.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=riel@surriel.com \
--cc=sean.j.christopherson@intel.com \
--cc=x86@kernel.org \
--cc=yu-cheng.yu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).