• Chang S. Bae's avatar
    x86/arch_prctl: Add controls for dynamic XSTATE components · db8268df
    Chang S. Bae authored
    Dynamically enabled XSTATE features are by default disabled for all
    processes. A process has to request permission to use such a feature.
    
    To support this implement a architecture specific prctl() with the options:
    
       - ARCH_GET_XCOMP_SUPP
    
         Copies the supported feature bitmap into the user space provided
         u64 storage. The pointer is handed in via arg2
    
       - ARCH_GET_XCOMP_PERM
    
         Copies the process wide permitted feature bitmap into the user space
         provided u64 storage. The pointer is handed in via arg2
    
       - ARCH_REQ_XCOMP_PERM
    
         Request permission for a feature set. A feature set can be mapped to a
         facility, e.g. AMX, and can require one or more XSTATE components to
         be enabled.
    
         The feature argument is the number of the highest XSTATE component
         which is required for a facility to work.
    
         The request argument is not a user supplied bitmap because that makes
         filtering harder (think seccomp) and even impossible because to
         support 32bit tasks the argument would have to be a pointer.
    
    The permission mechanism works this way:
    
       Task asks for permission for a facility and kernel checks whether that's
       supported. If supported it does:
    
         1) Check whether permission has already been granted
    
         2) Compute the size of the required kernel and user space buffer
            (sigframe) size.
    
         3) Validate that no task has a sigaltstack installed
            which is smaller than the resulting sigframe size
    
         4) Add the requested feature bit(s) to the permission bitmap of
            current->group_leader->fpu and store the sizes in the group
            leaders fpu struct as well.
    
    If that is successful then the feature is still not enabled for any of the
    tasks. The first usage of a related instruction will result in a #NM
    trap. The trap handler validates the permission bit of the tasks group
    leader and if permitted it installs a larger kernel buffer and transfers
    the permission and size info to the new fpstate container which makes all
    the FPU functions which require per task information aware of the extended
    feature set.
    
      [ tglx: Adopted to new base code, added missing serialization,
              massaged namings, comments and changelog ]
    Signed-off-by: default avatarChang S. Bae <chang.seok.bae@intel.com>
    Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
    Signed-off-by: default avatarChang S. Bae <chang.seok.bae@intel.com>
    Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
    Link: https://lkml.kernel.org/r/20211021225527.10184-7-chang.seok.bae@intel.com
    db8268df
process.c 24.7 KB