From patchwork Wed Mar 22 18:09:05 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: tip-bot2 for Thomas Gleixner <tip-bot2@linutronix.de>
X-Patchwork-Id: 73610
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:604a:0:0:0:0:0 with SMTP id j10csp2492302wrt;
        Wed, 22 Mar 2023 11:19:29 -0700 (PDT)
X-Google-Smtp-Source: 
 AK7set+AZPNX4aOUr0cHpmdej4nyu9LVNvuC4vO7GGrV/lBFbrIBsNoK1cFCGGEKq/75QjFX0Hlg
X-Received: by 2002:a05:6402:287:b0:4c0:1120:a15d with SMTP id
 l7-20020a056402028700b004c01120a15dmr8097329edv.5.1679509169644;
        Wed, 22 Mar 2023 11:19:29 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1679509169; cv=none;
        d=google.com; s=arc-20160816;
        b=cJ16dU7Cq7G0Nmgm5lzt66B2SWbtsHk9/FAi1Eh1TBlPSJQtBV/TzTNgjSEWjVOsSx
         l/hX8Y/mTwQ9aGGNv2plinw0TUh/dPefkwGstCBH4ybXvCUDsovxOz0TFkArCDaoqz+r
         WiQproFHLeXlyt/XWHPMUcsL7+zZuBgn55bJOLoOYwBNBpWzvND8QqP3A/rCJ63pwHc8
         PICgPtGdl2pSDwp6lii5SrhH2BMDw88uWrdl9i4qLoKbRC1vsyyPD9xAY95W+JuL/Sh4
         vFHnIa7WGtwvLPBezW/2iL78GoZ/zvErS9bzcFTXf+ExOmfSnHyeasK0LIXPeMhEuZO1
         3byQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:robot-unsubscribe
         :robot-id:message-id:mime-version:cc:subject:to:reply-to:sender:from
         :dkim-signature:dkim-signature:date;
        bh=97HRmwjBhezge3ii+23T4YXnmkiLd5wpXnh8yUDkWYE=;
        b=fUqX8WtBzszIrHrY4pSZiSo0Pr6iF9XkvRbmpivdLO5GXepeVMC1F/ElAzshdLNwnP
         Kbvmn23pASgWZNOaQWz8YtQ/kavlacBOOKJoO37eu3sVZCoRvfP1YWNTx5g0csuuPka5
         sg8QMT/TTuND0jw6JKWqMqR28bF2n1h4RtBWrVrcKUQCIaARe9cemYJQBL3DJccRJc3y
         Ie79FOxx4Fr7cfB2Kuuskmi7gtWVutOBsOEQ18II7IeGJh0OzhIvYA08hbROY+DtBDvv
         5I2WBIwc6AJ9+8D/DVKAi1dQY89qY9k51OWM6oADJJVNqTq9MOfqJjIgcZfL/ELQDlkL
         mLug==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b="vFh/nOop";
       dkim=neutral (no key) header.i=@linutronix.de header.s=2020e;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 d9-20020aa7ce09000000b004acc68db144si16994097edv.295.2023.03.22.11.19.05;
        Wed, 22 Mar 2023 11:19:29 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b="vFh/nOop";
       dkim=neutral (no key) header.i=@linutronix.de header.s=2020e;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230404AbjCVSJM (ORCPT <rfc822;pusanteemu@gmail.com> + 99 others);
        Wed, 22 Mar 2023 14:09:12 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52170 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S230373AbjCVSJK (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 22 Mar 2023 14:09:10 -0400
Received: from galois.linutronix.de (Galois.linutronix.de
 [IPv6:2a0a:51c0:0:12e:550::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B77EE64A94;
        Wed, 22 Mar 2023 11:09:07 -0700 (PDT)
Date: Wed, 22 Mar 2023 18:09:05 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de;
        s=2020; t=1679508545;
        h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date:
         message-id:message-id:to:to:cc:cc:mime-version:mime-version:
         content-type:content-type:
  content-transfer-encoding:content-transfer-encoding;
        bh=97HRmwjBhezge3ii+23T4YXnmkiLd5wpXnh8yUDkWYE=;
        b=vFh/nOoplKw4UbuROuY62TYlJC/h8Jgq4lIEeHNeipeBppqBnl7evxvJ621vV99HewqXDW
        GwZrJQkvLA/YTkFcS/pJAuOSyoXvzDdZkd6tIPqu9HtlzdODWmtKTSKqdWitmyvXURkXDP
        N02J9xQeaYbczRfMo6iw/ZLSLMjeOl77tyhUwjfxhCA6F6vPFK6VJwFVV5lGo5UQMtPOzG
        rnGBZsRhpIuQL3ine6NwmYyAQzVz5Qw9OfTj9oqFzFAMnCiAHU0gzZdDwiilIAFL9UMODx
        BabDqH+ButwEPa6HwFrwyuBy4ts0+4QcDij3F40Qvhv41AsaNi+TwP521fBpaQ==
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de;
        s=2020e; t=1679508545;
        h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date:
         message-id:message-id:to:to:cc:cc:mime-version:mime-version:
         content-type:content-type:
  content-transfer-encoding:content-transfer-encoding;
        bh=97HRmwjBhezge3ii+23T4YXnmkiLd5wpXnh8yUDkWYE=;
        b=SmeoKGMuetDk6pht79emHq0v2MmijZ6G6S7tE5CT1wM503JSoYtBLU9/yfUnZzVNLj8iY9
        B++qo4k+vIrX0uBA==
From: "tip-bot2 for Chang S. Bae" <tip-bot2@linutronix.de>
Sender: tip-bot2@linutronix.de
Reply-to: linux-kernel@vger.kernel.org
To: linux-tip-commits@vger.kernel.org
Subject: [tip: x86/urgent] x86/fpu/xstate: Prevent false-positive warning in
 __copy_xstate_uabi_buf()
Cc: Mingwei Zhang <mizhang@google.com>,
        "Chang S. Bae" <chang.seok.bae@intel.com>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        stable@vger.kernel.org, x86@kernel.org,
        linux-kernel@vger.kernel.org
MIME-Version: 1.0
Message-ID: <167950854533.5837.7626101049212131569.tip-bot2@tip-bot2>
Robot-ID: <tip-bot2@linutronix.de>
Robot-Unsubscribe: Contact <mailto:tglx@linutronix.de> to get blacklisted from
 these emails
X-Spam-Status: No, score=-2.5 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
        DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_PASS,
        URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1761092977829982327?=
X-GMAIL-MSGID: =?utf-8?q?1761093006686589628?=

The following commit has been merged into the x86/urgent branch of tip:

Commit-ID:     b15888840207c2bfe678dd1f68a32db54315e71f
Gitweb:        https://git.kernel.org/tip/b15888840207c2bfe678dd1f68a32db54315e71f
Author:        Chang S. Bae <chang.seok.bae@intel.com>
AuthorDate:    Mon, 27 Feb 2023 13:05:03 -08:00
Committer:     Dave Hansen <dave.hansen@linux.intel.com>
CommitterDate: Wed, 22 Mar 2023 10:59:13 -07:00

x86/fpu/xstate: Prevent false-positive warning in __copy_xstate_uabi_buf()

__copy_xstate_to_uabi_buf() copies either from the tasks XSAVE buffer
or from init_fpstate into the ptrace buffer. Dynamic features, like
XTILEDATA, have an all zeroes init state and are not saved in
init_fpstate, which means the corresponding bit is not set in the
xfeatures bitmap of the init_fpstate header.

But __copy_xstate_to_uabi_buf() retrieves addresses for both the tasks
xstate and init_fpstate unconditionally via __raw_xsave_addr().

So if the tasks XSAVE buffer has a dynamic feature set, then the
address retrieval for init_fpstate triggers the warning in
__raw_xsave_addr() which checks the feature bit in the init_fpstate
header.

Remove the address retrieval from init_fpstate for extended features.
They have an all zeroes init state so init_fpstate has zeros for them.
Then zeroing the user buffer for the init state is the same as copying
them from init_fpstate.

Fixes: 2308ee57d93d ("x86/fpu/amx: Enable the AMX feature in 64-bit mode")
Reported-by: Mingwei Zhang <mizhang@google.com>
Link: https://lore.kernel.org/kvm/20230221163655.920289-2-mizhang@google.com/
Signed-off-by: Chang S. Bae <chang.seok.bae@intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Tested-by: Mingwei Zhang <mizhang@google.com>
Link: https://lore.kernel.org/all/20230227210504.18520-2-chang.seok.bae%40intel.com
Cc: stable@vger.kernel.org
---
 arch/x86/kernel/fpu/xstate.c | 30 ++++++++++++++----------------
 1 file changed, 14 insertions(+), 16 deletions(-)

diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c
index 714166c..0bab497 100644
--- a/arch/x86/kernel/fpu/xstate.c
+++ b/arch/x86/kernel/fpu/xstate.c
@@ -1118,21 +1118,20 @@ void __copy_xstate_to_uabi_buf(struct membuf to, struct fpstate *fpstate,
 	zerofrom = offsetof(struct xregs_state, extended_state_area);
 
 	/*
-	 * The ptrace buffer is in non-compacted XSAVE format.  In
-	 * non-compacted format disabled features still occupy state space,
-	 * but there is no state to copy from in the compacted
-	 * init_fpstate. The gap tracking will zero these states.
-	 */
-	mask = fpstate->user_xfeatures;
-
-	/*
-	 * Dynamic features are not present in init_fpstate. When they are
-	 * in an all zeros init state, remove those from 'mask' to zero
-	 * those features in the user buffer instead of retrieving them
-	 * from init_fpstate.
+	 * This 'mask' indicates which states to copy from fpstate.
+	 * Those extended states that are not present in fpstate are
+	 * either disabled or initialized:
+	 *
+	 * In non-compacted format, disabled features still occupy
+	 * state space but there is no state to copy from in the
+	 * compacted init_fpstate. The gap tracking will zero these
+	 * states.
+	 *
+	 * The extended features have an all zeroes init state. Thus,
+	 * remove them from 'mask' to zero those features in the user
+	 * buffer instead of retrieving them from init_fpstate.
 	 */
-	if (fpu_state_size_dynamic())
-		mask &= (header.xfeatures | xinit->header.xcomp_bv);
+	mask = header.xfeatures;
 
 	for_each_extended_xfeature(i, mask) {
 		/*
@@ -1151,9 +1150,8 @@ void __copy_xstate_to_uabi_buf(struct membuf to, struct fpstate *fpstate,
 			pkru.pkru = pkru_val;
 			membuf_write(&to, &pkru, sizeof(pkru));
 		} else {
-			copy_feature(header.xfeatures & BIT_ULL(i), &to,
+			membuf_write(&to,
 				     __raw_xsave_addr(xsave, i),
-				     __raw_xsave_addr(xinit, i),
 				     xstate_sizes[i]);
 		}
 		/*