From patchwork Wed Mar 22 18:01:27 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: tip-bot2 for Thomas Gleixner X-Patchwork-Id: 73608 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:604a:0:0:0:0:0 with SMTP id j10csp2492058wrt; Wed, 22 Mar 2023 11:19:02 -0700 (PDT) X-Google-Smtp-Source: AK7set9PfFcQkXWencJOUsk5Y9upt6Y5/Z1N9HDN9MKg8XMKGepeIda9H9qHglQOwK1S/EpnY8bH X-Received: by 2002:a17:906:2c07:b0:84d:4e4f:1f85 with SMTP id e7-20020a1709062c0700b0084d4e4f1f85mr7683253ejh.59.1679509141903; Wed, 22 Mar 2023 11:19:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1679509141; cv=none; d=google.com; s=arc-20160816; b=k2gpEmsJ9Bhfu79Y+Iwao/uUKAagiFqomW6YoHS5c7CJWMYhvr5woXZgitzscmFbE6 JhbOoxCkKGyws5TdelODhrZ9ffsRjxzb+98OUoFj+yS5I3iVsPsdl8yUkrzMhuuf7uaP zp9vajt4lP3elA+cbF/ROBYde87uVAUvwtw8h6Bep74NEw7Oc/zINDzhmZRw4z0x8DNj I/LKHJs3e482UuCflUSMMyLeos9VaytuBVUd4sDg+FIzDsC5FREximMlg8Tc0IANcHwO iRANU13kS+bUo7DBgszsbyGxE9fFb1RSZqE1x3R5Mqa5GbsCdthP2MtdhyIHaSAsNbxA sDWQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:robot-unsubscribe :robot-id:message-id:mime-version:cc:subject:to:reply-to:sender:from :dkim-signature:dkim-signature:date; bh=g2/kLf12zsmjkGo2fuYgRRQLmW0ehWIkkORiB8/GozQ=; b=wOFT0HMMa5syEuY486UX7IZCKgBR5dWzLLfFpcLdcOok2sjvESy3gLvIfBY5wKho+1 B85K30CcCK6iYn71X9L9bn1A6hXkm7iH2etAqHtFtDxEZPGj4jF6H2nfzHBEaYyOcRuw ZofNQaQJojoh2FX1tRteUdmUQnCtSE3QknjtHH7FowRNQ2OVcHfZEUb2wy+i6ElyCAJv NGoo6tX5T8KGWsKTU4GqU/Xr4KMM76emH8BMxumEhEUIxc9E7JulKDxWHDZeK19f1grT uht8O5d/elOXHNEvm0Er0+5tUweJdJBYKDkWb1PxSbtx6yUyV10ACGowMwZL28js4x0c iaUQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=se9R3i7C; dkim=neutral (no key) header.i=@linutronix.de; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id xc11-20020a170907074b00b008e66e454eb9si21074034ejb.1.2023.03.22.11.18.39; Wed, 22 Mar 2023 11:19:01 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=se9R3i7C; dkim=neutral (no key) header.i=@linutronix.de; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230411AbjCVSBe (ORCPT + 99 others); Wed, 22 Mar 2023 14:01:34 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36696 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230323AbjCVSBb (ORCPT ); Wed, 22 Mar 2023 14:01:31 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [IPv6:2a0a:51c0:0:12e:550::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9578561891; Wed, 22 Mar 2023 11:01:29 -0700 (PDT) Date: Wed, 22 Mar 2023 18:01:27 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1679508088; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=g2/kLf12zsmjkGo2fuYgRRQLmW0ehWIkkORiB8/GozQ=; b=se9R3i7Ca4EoQoiPEbWwU5GlYcEbXoDpZHrXzLo6ESBs/lc4JHdzphv/3dPhhRmivjPt18 WPNzkKj/85j7UV9PxYR5pe1tI5pFYnoiPA5HBvrBmDOAazPOEUz26zQ9/LOSvXGef+EbOR v1BSAPPERjWPRT0zl+G4Sw5YO4SA/57gpmdno6WEtIrITWtJplIcTp9i+o5AP4CUhvXGJG HkqI7Ouu4Nqi7iSdNwYAOSJDjbuTifsG2u6VSi7VpGQjE4apQ9aSUEdBwryrpO3emokmm9 Npy+lHVUwL0rwEWFZVHQmguqiel2Swyu6HpjCtFxOH7EYIIh1lfgMJ1VRMNUgw== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1679508088; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=g2/kLf12zsmjkGo2fuYgRRQLmW0ehWIkkORiB8/GozQ=; b=HmByTlx9UFkb1bRKGWz5eqwNgtWzbvgxoyi0C0mf7rv6sUWCA5jYonprsmiHz9BSi0tyZq 2fUAeVRrDRZkadCw== From: "tip-bot2 for Chang S. Bae" Sender: tip-bot2@linutronix.de Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: x86/urgent] x86/fpu/xstate: Prevent false-positive warning in __copy_xstate_uabi_buf() Cc: Mingwei Zhang , "Chang S. Bae" , Dave Hansen , x86@kernel.org, linux-kernel@vger.kernel.org MIME-Version: 1.0 Message-ID: <167950808781.5837.16341412203285253820.tip-bot2@tip-bot2> Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails X-Spam-Status: No, score=-2.5 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1761092977829982327?= X-GMAIL-MSGID: =?utf-8?q?1761092977829982327?= The following commit has been merged into the x86/urgent branch of tip: Commit-ID: 736a40b528614c7f731a7e549ccfaed6ac3a6333 Gitweb: https://git.kernel.org/tip/736a40b528614c7f731a7e549ccfaed6ac3a6333 Author: Chang S. Bae AuthorDate: Mon, 27 Feb 2023 13:05:03 -08:00 Committer: Dave Hansen CommitterDate: Wed, 22 Mar 2023 10:57:17 -07:00 x86/fpu/xstate: Prevent false-positive warning in __copy_xstate_uabi_buf() __copy_xstate_to_uabi_buf() copies either from the tasks XSAVE buffer or from init_fpstate into the ptrace buffer. Dynamic features, like XTILEDATA, have an all zeroes init state and are not saved in init_fpstate, which means the corresponding bit is not set in the xfeatures bitmap of the init_fpstate header. But __copy_xstate_to_uabi_buf() retrieves addresses for both the tasks xstate and init_fpstate unconditionally via __raw_xsave_addr(). So if the tasks XSAVE buffer has a dynamic feature set, then the address retrieval for init_fpstate triggers the warning in __raw_xsave_addr() which checks the feature bit in the init_fpstate header. Remove the address retrieval from init_fpstate for extended features. They have an all zeroes init state so init_fpstate has zeros for them. Then zeroing the user buffer for the init state is the same as copying them from init_fpstate. Fixes: 2308ee57d93d ("x86/fpu/amx: Enable the AMX feature in 64-bit mode") Reported-by: Mingwei Zhang Link: https://lore.kernel.org/kvm/20230221163655.920289-2-mizhang@google.com/ Signed-off-by: Chang S. Bae Signed-off-by: Dave Hansen Tested-by: Mingwei Zhang Link: https://lore.kernel.org/all/20230227210504.18520-2-chang.seok.bae%40intel.com --- arch/x86/kernel/fpu/xstate.c | 30 ++++++++++++++---------------- 1 file changed, 14 insertions(+), 16 deletions(-) diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c index 714166c..0bab497 100644 --- a/arch/x86/kernel/fpu/xstate.c +++ b/arch/x86/kernel/fpu/xstate.c @@ -1118,21 +1118,20 @@ void __copy_xstate_to_uabi_buf(struct membuf to, struct fpstate *fpstate, zerofrom = offsetof(struct xregs_state, extended_state_area); /* - * The ptrace buffer is in non-compacted XSAVE format. In - * non-compacted format disabled features still occupy state space, - * but there is no state to copy from in the compacted - * init_fpstate. The gap tracking will zero these states. - */ - mask = fpstate->user_xfeatures; - - /* - * Dynamic features are not present in init_fpstate. When they are - * in an all zeros init state, remove those from 'mask' to zero - * those features in the user buffer instead of retrieving them - * from init_fpstate. + * This 'mask' indicates which states to copy from fpstate. + * Those extended states that are not present in fpstate are + * either disabled or initialized: + * + * In non-compacted format, disabled features still occupy + * state space but there is no state to copy from in the + * compacted init_fpstate. The gap tracking will zero these + * states. + * + * The extended features have an all zeroes init state. Thus, + * remove them from 'mask' to zero those features in the user + * buffer instead of retrieving them from init_fpstate. */ - if (fpu_state_size_dynamic()) - mask &= (header.xfeatures | xinit->header.xcomp_bv); + mask = header.xfeatures; for_each_extended_xfeature(i, mask) { /* @@ -1151,9 +1150,8 @@ void __copy_xstate_to_uabi_buf(struct membuf to, struct fpstate *fpstate, pkru.pkru = pkru_val; membuf_write(&to, &pkru, sizeof(pkru)); } else { - copy_feature(header.xfeatures & BIT_ULL(i), &to, + membuf_write(&to, __raw_xsave_addr(xsave, i), - __raw_xsave_addr(xinit, i), xstate_sizes[i]); } /*