Re: [PATCH v7 38/41] x86/fpu: Add helper for initing features

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: "Edgecombe, Rick P" <rick.p.edgecombe@xxxxxxxxx>
Subject: Re: [PATCH v7 38/41] x86/fpu: Add helper for initing features
From: Borislav Petkov <bp@xxxxxxxxx>
Date: Mon, 13 Mar 2023 18:10:31 +0100
Cc: "david@xxxxxxxxxx" <david@xxxxxxxxxx>, "bsingharora@xxxxxxxxx" <bsingharora@xxxxxxxxx>, "hpa@xxxxxxxxx" <hpa@xxxxxxxxx>, "Syromiatnikov, Eugene" <esyr@xxxxxxxxxx>, "peterz@xxxxxxxxxxxxx" <peterz@xxxxxxxxxxxxx>, "rdunlap@xxxxxxxxxxxxx" <rdunlap@xxxxxxxxxxxxx>, "keescook@xxxxxxxxxxxx" <keescook@xxxxxxxxxxxx>, "Eranian, Stephane" <eranian@xxxxxxxxxx>, "kirill.shutemov@xxxxxxxxxxxxxxx" <kirill.shutemov@xxxxxxxxxxxxxxx>, "dave.hansen@xxxxxxxxxxxxxxx" <dave.hansen@xxxxxxxxxxxxxxx>, "linux-mm@xxxxxxxxx" <linux-mm@xxxxxxxxx>, "fweimer@xxxxxxxxxx" <fweimer@xxxxxxxxxx>, "nadav.amit@xxxxxxxxx" <nadav.amit@xxxxxxxxx>, "jannh@xxxxxxxxxx" <jannh@xxxxxxxxxx>, "dethoma@xxxxxxxxxxxxx" <dethoma@xxxxxxxxxxxxx>, "kcc@xxxxxxxxxx" <kcc@xxxxxxxxxx>, "linux-arch@xxxxxxxxxxxxxxx" <linux-arch@xxxxxxxxxxxxxxx>, "pavel@xxxxxx" <pavel@xxxxxx>, "oleg@xxxxxxxxxx" <oleg@xxxxxxxxxx>, "hjl.tools@xxxxxxxxx" <hjl.tools@xxxxxxxxx>, "akpm@xxxxxxxxxxxxxxxxxxxx" <akpm@xxxxxxxxxxxxxxxxxxxx>, "Yang, Weijiang" <weijiang.yang@xxxxxxxxx>, "Lutomirski, Andy" <luto@xxxxxxxxxx>, "jamorris@xxxxxxxxxxxxxxxxxxx" <jamorris@xxxxxxxxxxxxxxxxxxx>, "arnd@xxxxxxxx" <arnd@xxxxxxxx>, "tglx@xxxxxxxxxxxxx" <tglx@xxxxxxxxxxxxx>, "Schimpe, Christina" <christina.schimpe@xxxxxxxxx>, "mike.kravetz@xxxxxxxxxx" <mike.kravetz@xxxxxxxxxx>, "debug@xxxxxxxxxxxx" <debug@xxxxxxxxxxxx>, "linux-doc@xxxxxxxxxxxxxxx" <linux-doc@xxxxxxxxxxxxxxx>, "x86@xxxxxxxxxx" <x86@xxxxxxxxxx>, "andrew.cooper3@xxxxxxxxxx" <andrew.cooper3@xxxxxxxxxx>, "john.allen@xxxxxxx" <john.allen@xxxxxxx>, "rppt@xxxxxxxxxx" <rppt@xxxxxxxxxx>, "mingo@xxxxxxxxxx" <mingo@xxxxxxxxxx>, "corbet@xxxxxxx" <corbet@xxxxxxx>, "linux-kernel@xxxxxxxxxxxxxxx" <linux-kernel@xxxxxxxxxxxxxxx>, "linux-api@xxxxxxxxxxxxxxx" <linux-api@xxxxxxxxxxxxxxx>, "gorcunov@xxxxxxxxx" <gorcunov@xxxxxxxxx>
In-reply-to: <04f821e6d4a8a736e6df2eb73ce811022cd42537.camel@intel.com>
References: <20230227222957.24501-1-rick.p.edgecombe@intel.com> <20230227222957.24501-39-rick.p.edgecombe@intel.com> <ZAx6Egh6U5SCZEby@zn.tnic> <3385eaf888f4178607ce4621ae2103d08ba79994.camel@intel.com> <20230313110335.GAZA8DB6PNSMGOGHpw@fat_crate.local> <04f821e6d4a8a736e6df2eb73ce811022cd42537.camel@intel.com>

On Mon, Mar 13, 2023 at 04:10:14PM +0000, Edgecombe, Rick P wrote:
> This seems more clear. I'm sorry for the noise here though, because
> this has made me realize that the initing logic should never be hit. We
> used to support the full CET_U state in ptrace, but then dropped it to
> just the SSP and only allowed it when shadow stack is active.

Right, you do check that at function entry.

> This means that CET_U will always have at least the CET_SHSTK_EN bit
> set and so not be in the init state. So this can probably just warn
> and bail if it sees an init state.

I don't mind the additional checks as this is a security thing so
sanity checks are good, especially if they're cheap.

And you don't need to reinit the buffer - just scream loudly when get_xsave_addr()
returns NULL.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Follow-Ups:
- Re: [PATCH v7 38/41] x86/fpu: Add helper for initing features
  - From: Edgecombe, Rick P

References:
- [PATCH v7 00/41] Shadow stacks for userspace
  - From: Rick Edgecombe
- [PATCH v7 38/41] x86/fpu: Add helper for initing features
  - From: Rick Edgecombe
- Re: [PATCH v7 38/41] x86/fpu: Add helper for initing features
  - From: Borislav Petkov
- Re: [PATCH v7 38/41] x86/fpu: Add helper for initing features
  - From: Edgecombe, Rick P
- Re: [PATCH v7 38/41] x86/fpu: Add helper for initing features
  - From: Borislav Petkov
- Re: [PATCH v7 38/41] x86/fpu: Add helper for initing features
  - From: Edgecombe, Rick P

Prev by Date: Re: [PATCH v2 2/2] x86/hyperv: VTL support for Hyper-V
Next by Date: RE: [PATCH v2 2/2] x86/hyperv: VTL support for Hyper-V
Previous by thread: Re: [PATCH v7 38/41] x86/fpu: Add helper for initing features
Next by thread: Re: [PATCH v7 38/41] x86/fpu: Add helper for initing features
Index(es):
- Date
- Thread

[Index of Archives] [Linux Kernel] [Kernel Newbies] [x86 Platform Driver] [Netdev] [Linux Wireless] [Netfilter] [Bugtraq] [Linux Filesystems] [Yosemite Discussion] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Device Mapper]