On Jan 22, 2021, at 03:44, Borislav Petkov <bp@xxxxxxx> wrote:
> On Wed, Dec 23, 2020 at 07:57:02AM -0800, Chang S. Bae wrote:
>> The xstate buffer is currently in-line with static size. To accommodatea
>
> "in-line" doesn't fit in this context, especially since "inline"
> is a keyword with another meaning. Please replace it with a better
> formulation in this patch.
How about ‘embedded’?,
“The xstate buffer is currently embedded into struct fpu with static size."
>> -extern unsigned int fpu_kernel_xstate_size;
>> +extern unsigned int fpu_kernel_xstate_min_size;
>> +extern unsigned int fpu_kernel_xstate_max_size;
>
> Is it time to group this into a struct so that all those settings go
> together instead in single variables?
>
> struct fpu_xstate {
> unsigned int min_size, max_size;
> unsigned int user_size;
> ...
> };
>
> etc.
<snip>
> And since we're probably going to start querying different aspects about
> the buffer, instead of exporting all kinds of variables in the future,
> maybe this should be a single exported function called
>
> get_xstate_buffer_attr(typedef buffer_attr)
>
> which gives you what you wanna know about it... For example:
>
> get_xstate_buffer_attr(MIN_SIZE);
> get_xstate_buffer_attr(MAX_SIZE);
> ...
Okay. I will prepare a separate cleanup patch that can be applied at the end
of the series. Will post the change in this thread at first.
>> /* Whitelist the FPU state from the task_struct for hardened usercopy. */
>> -static inline void arch_thread_struct_whitelist(unsigned long *offset,
>> - unsigned long *size)
>> -{
>> - *offset = offsetof(struct thread_struct, fpu.state);
>> - *size = fpu_kernel_xstate_size;
>> -}
>> +extern void arch_thread_struct_whitelist(unsigned long *offset, unsigned long *size);
>
> What's that move for?
One of my drafts had some internal helper to be called in there. No reason
prior to applying the get_xstate_buffer_attr() helper. But with it, better to
move this out of this header file I think.
>> @@ -627,13 +627,18 @@ static void check_xstate_against_struct(int nr)
>> */
>
> <-- There's a comment over this function that might need adjustment.
Do you mean an empty line? (Just want to clarify.)
>> static void do_extra_xstate_size_checks(void)
>> {
<snip>
>> if (boot_cpu_has(X86_FEATURE_XSAVES))
>
> using_compacted_format()
>
> FPU code needs to agree on one helper and not use both. :-\
Agreed. I will prepare a patch. At least will post the diff here.
<snip>
>> + /* Ensure we have the supported in-line space: */
>
> Who's "we"?
How about:
“Ensure the size fits in the statically-allocated buffer:"
>> + if (!is_supported_xstate_size(fpu_kernel_xstate_min_size))
>> + return -EINVAL;
No excuse, just pointing out the upstream code has “we” there [1].
Thanks,
Chang
[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/x86/kernel/fpu/xstate.c#n752
