From patchwork Tue Nov 15 23:09:30 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kyle Huey X-Patchwork-Id: 20634 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp2987847wru; Tue, 15 Nov 2022 15:15:49 -0800 (PST) X-Google-Smtp-Source: AA0mqf67Ngc3Gutwn0v7+OMFja9ZK2NkKkWGIfxTAGD9cTN1+kxIdeBsFI3FX68oYosqpoyhXFJJ X-Received: by 2002:a17:903:24b:b0:186:8a1e:9b46 with SMTP id j11-20020a170903024b00b001868a1e9b46mr6128186plh.80.1668554148967; Tue, 15 Nov 2022 15:15:48 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668554148; cv=none; d=google.com; s=arc-20160816; b=SioD+fbQADT6MaMA0XQdX3dgvUpr6Zicr6KfjXhz9+ehYiRORbwLrqzVL1GYq3k0sg K06qFyAhrj9U9JXTIVDX0E1dcjvXCNftZW7YuzCLTD2MSxqsAFKqrklRWUfIqRHCTJ4C d7F0hfTe6I5LZfSlFyysn+JrJNDs5t4jzq5S/JK6TrHdW3EfHl/MuqL3l3g7D7TZZhU6 Xzi46w/JpJlW+0Bo7272E9FHHMZ24h6Z2vgkfsJGD2g5SIH7ZIpiI7CFNV86KAdVORih /8UjU7twWoM/NG+y58546ArSKHgjdKnQgOvkR6EaCvLx9Om0UuirIDaGokMzXYAdlZ0N AtGQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=JUnl5mVywhHwsFoEEbFn7p+05kDcFKVp21uUWgQ1eAI=; b=MEtTCv3XGtT6wcS7ac/A7YFEF7keadoaA0kqYZAdrGNhfH9RMvJGU0twgr2fl/ptAU USwagTX8HSeUSgCuEx5J26N5/oUBT48YGH1Nzl3kwJLw+bdZD05yZmSyT9IjK7//Xcxj 8RF3otRM1o1C1rhRIs2ipJgy3DWpGfS74Nf38R2c+gFLzJXkRf/M9c1feuYqih9RNBXN 4FymofVGIf+axE1/3a2T/0q6h7SHUL1Ppmfv1mRkavo8RoP6h3aCJ6sXuu9kW9UYpBgp tJ5vEEaHD34NwSTOtxrcGCwl/hZ3IfUg+3W+DYSMZ8cvFeuJudcS2TDWhZOSdF3WFgSZ rTAw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kylehuey.com header.s=google header.b=DsjDjVjE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id i22-20020aa78d96000000b0052ee88f59c4si12680196pfr.372.2022.11.15.15.15.35; Tue, 15 Nov 2022 15:15:48 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kylehuey.com header.s=google header.b=DsjDjVjE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232067AbiKOXMG (ORCPT + 99 others); Tue, 15 Nov 2022 18:12:06 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57098 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232473AbiKOXLj (ORCPT ); Tue, 15 Nov 2022 18:11:39 -0500 Received: from mail-pg1-x535.google.com (mail-pg1-x535.google.com [IPv6:2607:f8b0:4864:20::535]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5D6132D74F for ; Tue, 15 Nov 2022 15:11:38 -0800 (PST) Received: by mail-pg1-x535.google.com with SMTP id v3so14985348pgh.4 for ; Tue, 15 Nov 2022 15:11:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kylehuey.com; s=google; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=JUnl5mVywhHwsFoEEbFn7p+05kDcFKVp21uUWgQ1eAI=; b=DsjDjVjE5eNrFy11hX+hSy394Ka7KCuWodECy1nbg4uc4FpRLFMxTr7G36Ovt+sQHk PJv0QI4UTeM0xRiJvJWeBsIm5Q1VBiC189XuLKUxCFH5vPD5+GxmyGT8AR8kM22M8GrL DCvOCfX0BrGFAKtgXxQL6ZUikSpBFMguHt956oDc3b6N7lspDsJfAG/p6bg6xbm3QlBH hoPVV1PE6f8ffwIlgLBK/5a56Bivs/clznujDp0ZxHLWrtfEJFItl/cOgwoynuqc00pq 3JeGMobmsgjOK8KhTh9+nH4EvwzFFsQiXb8Q/k0aI/lQC0M0h4gRgm9f8mFiOt5R1YBv ukLg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=JUnl5mVywhHwsFoEEbFn7p+05kDcFKVp21uUWgQ1eAI=; b=hYVhK3wK4t0ZqppZceDjsta2+WbEmednjN9Runi1ryRy81LdSiGrJWPSfBrn2HbvB/ fP7Mbfs8KNC31XJtm30zFn2C00JDPeIfq/Xi0xfjO9TD8vIBvwjmUCzth3YzoidbuKew RYYbUt+sWa5yQ3q3IaxzXc17OyrgnVaSRlLvQhMF7DgPeEGn8lJNdwa6+utYRp5Rqbk3 jMVKlc33n+BcBYuF0zH29dJ/XWEhM0dcvtVIxFEzj5upvvy+ZRxvfCt3R57w6RTeiLzj +mZuP+LyKKffnvuFx8mBk/EzzRRfzETcWVMWWRlifaK+00wONh+roH3QJpA/2I5/SHd/ YZQw== X-Gm-Message-State: ANoB5pk4pjSbgG0z3YRlKD/LAhR6192arc56b1ktlEgaGCvP1e8+h3re Rhcxvbzgxk5iAEJ/0Zm95ndI+Wou7IT9cxBj X-Received: by 2002:a63:1a24:0:b0:470:60a5:2f70 with SMTP id a36-20020a631a24000000b0047060a52f70mr18313359pga.99.1668553897780; Tue, 15 Nov 2022 15:11:37 -0800 (PST) Received: from minbar.home.kylehuey.com (c-71-198-251-229.hsd1.ca.comcast.net. [71.198.251.229]) by smtp.gmail.com with ESMTPSA id f15-20020a62380f000000b0056c360af4e3sm9308372pfa.9.2022.11.15.15.11.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 15 Nov 2022 15:11:37 -0800 (PST) From: Kyle Huey X-Google-Original-From: Kyle Huey To: Dave Hansen Cc: Linus Torvalds , Thomas Gleixner , Borislav Petkov , Ingo Molnar , x86@kernel.org, "H. Peter Anvin" , Paolo Bonzini , Andy Lutomirski , Peter Zijlstra , Sean Christopherson , linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, Robert O'Callahan , David Manouchehri , Kyle Huey , Borislav Petkov , stable@vger.kernel.org Subject: [PATCH v7 4/6] x86/fpu: Allow PKRU to be (once again) written by ptrace. Date: Tue, 15 Nov 2022 15:09:30 -0800 Message-Id: <20221115230932.7126-5-khuey@kylehuey.com> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20221115230932.7126-1-khuey@kylehuey.com> References: <20221115230932.7126-1-khuey@kylehuey.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1749605835671435435?= X-GMAIL-MSGID: =?utf-8?q?1749605835671435435?= Move KVM's PKRU handling code in fpu_copy_uabi_to_guest_fpstate() to copy_uabi_to_xstate() so that it is shared with other APIs that write the XSTATE such as PTRACE_SETREGSET with NT_X86_XSTATE. This restores the pre-5.14 behavior of ptrace. The regression can be seen by running gdb and executing `p $pkru`, `set $pkru = 42`, and `p $pkru`. On affected kernels (5.14+) the write to the PKRU register (which gdb performs through ptrace) is ignored. Fixes: e84ba47e313d ("x86/fpu: Hook up PKRU into ptrace()") Signed-off-by: Kyle Huey Cc: Dave Hansen Cc: Thomas Gleixner Cc: Borislav Petkov Cc: stable@vger.kernel.org # 5.14+ --- arch/x86/kernel/fpu/core.c | 13 +------------ arch/x86/kernel/fpu/xstate.c | 21 ++++++++++++++++++++- 2 files changed, 21 insertions(+), 13 deletions(-) diff --git a/arch/x86/kernel/fpu/core.c b/arch/x86/kernel/fpu/core.c index 550157686323..46b935bc87c8 100644 --- a/arch/x86/kernel/fpu/core.c +++ b/arch/x86/kernel/fpu/core.c @@ -391,8 +391,6 @@ int fpu_copy_uabi_to_guest_fpstate(struct fpu_guest *gfpu, const void *buf, { struct fpstate *kstate = gfpu->fpstate; const union fpregs_state *ustate = buf; - struct pkru_state *xpkru; - int ret; if (!cpu_feature_enabled(X86_FEATURE_XSAVE)) { if (ustate->xsave.header.xfeatures & ~XFEATURE_MASK_FPSSE) @@ -406,16 +404,7 @@ int fpu_copy_uabi_to_guest_fpstate(struct fpu_guest *gfpu, const void *buf, if (ustate->xsave.header.xfeatures & ~xcr0) return -EINVAL; - ret = copy_uabi_from_kernel_to_xstate(kstate, ustate, vpkru); - if (ret) - return ret; - - /* Retrieve PKRU if not in init state */ - if (kstate->regs.xsave.header.xfeatures & XFEATURE_MASK_PKRU) { - xpkru = get_xsave_addr(&kstate->regs.xsave, XFEATURE_PKRU); - *vpkru = xpkru->pkru; - } - return 0; + return copy_uabi_from_kernel_to_xstate(kstate, ustate, vpkru); } EXPORT_SYMBOL_GPL(fpu_copy_uabi_to_guest_fpstate); #endif /* CONFIG_KVM */ diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c index 3a6ced76e932..bebc30c29ed3 100644 --- a/arch/x86/kernel/fpu/xstate.c +++ b/arch/x86/kernel/fpu/xstate.c @@ -1205,10 +1205,22 @@ static int copy_from_buffer(void *dst, unsigned int offset, unsigned int size, * @fpstate: The fpstate buffer to copy to * @kbuf: The UABI format buffer, if it comes from the kernel * @ubuf: The UABI format buffer, if it comes from userspace - * @pkru: unused + * @pkru: The location to write the PKRU value to * * Converts from the UABI format into the kernel internal hardware * dependent format. + * + * This function ultimately has three different callers with distinct PKRU + * behavior. + * 1. When called from sigreturn the PKRU register will be restored from + * @fpstate via an XRSTOR. Correctly copying the UABI format buffer to + * @fpstate is sufficient to cover this case, but the caller will also + * pass a pointer to the thread_struct's pkru field in @pkru and updating + * it is harmless. + * 2. When called from ptrace the PKRU register will be restored from the + * thread_struct's pkru field. A pointer to that is passed in @pkru. + * 3. When called from KVM the PKRU register will be restored from the vcpu's + * pkru field. A pointer to that is passed in @pkru. */ static int copy_uabi_to_xstate(struct fpstate *fpstate, const void *kbuf, const void __user *ubuf, u32 *pkru) @@ -1260,6 +1272,13 @@ static int copy_uabi_to_xstate(struct fpstate *fpstate, const void *kbuf, } } + if (hdr.xfeatures & XFEATURE_MASK_PKRU) { + struct pkru_state *xpkru; + + xpkru = __raw_xsave_addr(xsave, XFEATURE_PKRU); + *pkru = xpkru->pkru; + } + /* * The state that came in from userspace was user-state only. * Mask all the user states out of 'xfeatures':