1. 26 Oct, 2021 2 commits
    • Thomas Gleixner's avatar
      x86/signal: Implement sigaltstack size validation · 3aac3ebe
      Thomas Gleixner authored
      For historical reasons MINSIGSTKSZ is a constant which became already too
      small with AVX512 support.
      
      Add a mechanism to enforce strict checking of the sigaltstack size against
      the real size of the FPU frame.
      
      The strict check can be enabled via a config option and can also be
      controlled via the kernel command line option 'strict_sas_size' independent
      of the config switch.
      
      Enabling it might break existing applications which allocate a too small
      sigaltstack but 'work' because they never get a signal delivered. Though it
      can be handy to filter out binaries which are not yet aware of
      AT_MINSIGSTKSZ.
      
      Also the upcoming support for dynamically enabled FPU features requires a
      strict sanity check to ensure that:
      
         - Enabling of a dynamic feature, which changes the sigframe size fits
           into an enabled sigaltstack
      
         - Installing a too small sigaltstack after a dynamic feature has been
           added is not possible.
      
      Implement the base check which is controlled by config and command line
      options.
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Signed-off-by: default avatarChang S. Bae <chang.seok.bae@intel.com>
      Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
      Link: https://lkml.kernel.org/r/20211021225527.10184-3-chang.seok.bae@intel.com
      3aac3ebe
    • Thomas Gleixner's avatar
      signal: Add an optional check for altstack size · 1bdda24c
      Thomas Gleixner authored
      New x86 FPU features will be very large, requiring ~10k of stack in
      signal handlers.  These new features require a new approach called
      "dynamic features".
      
      The kernel currently tries to ensure that altstacks are reasonably
      sized. Right now, on x86, sys_sigaltstack() requires a size of >=2k.
      However, that 2k is a constant. Simply raising that 2k requirement
      to >10k for the new features would break existing apps which have a
      compiled-in size of 2k.
      
      Instead of universally enforcing a larger stack, prohibit a process from
      using dynamic features without properly-sized altstacks. This must be
      enforced in two places:
      
       * A dynamic feature can not be enabled without an large-enough altstack
         for each process thread.
       * Once a dynamic feature is enabled, any request to install a too-small
         altstack will be rejected
      
      The dynamic feature enabling code must examine each thread in a
      process to ensure that the altstacks are large enough. Add a new lock
      (sigaltstack_lock()) to ensure that threads can not race and change
      their altstack after being examined.
      
      Add the infrastructure in form of a config option and provide empty
      stubs for architectures which do not need dynamic altstack size checks.
      
      This implementation will be fleshed out for x86 in a future patch called
      
        x86/arch_prctl: Add controls for dynamic XSTATE components
      
        [dhansen: commit message. ]
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Signed-off-by: default avatarChang S. Bae <chang.seok.bae@intel.com>
      Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
      Link: https://lkml.kernel.org/r/20211021225527.10184-2-chang.seok.bae@intel.com
      1bdda24c
  2. 23 Oct, 2021 4 commits
    • Thomas Gleixner's avatar
    • Thomas Gleixner's avatar
      x86/kvm: Convert FPU handling to a single swap buffer · d69c1382
      Thomas Gleixner authored
      For the upcoming AMX support it's necessary to do a proper integration with
      KVM. Currently KVM allocates two FPU structs which are used for saving the user
      state of the vCPU thread and restoring the guest state when entering
      vcpu_run() and doing the reverse operation before leaving vcpu_run().
      
      With the new fpstate mechanism this can be reduced to one extra buffer by
      swapping the fpstate pointer in current::thread::fpu. This makes the
      upcoming support for AMX and XFD simpler because then fpstate information
      (features, sizes, xfd) are always consistent and it does not require any
      nasty workarounds.
      
      Convert the KVM FPU code over to this new scheme.
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
      Link: https://lkml.kernel.org/r/20211022185313.019454292@linutronix.de
      d69c1382
    • Thomas Gleixner's avatar
      x86/fpu: Provide infrastructure for KVM FPU cleanup · 69f6ed1d
      Thomas Gleixner authored
      For the upcoming AMX support it's necessary to do a proper integration with
      KVM. Currently KVM allocates two FPU structs which are used for saving the user
      state of the vCPU thread and restoring the guest state when entering
      vcpu_run() and doing the reverse operation before leaving vcpu_run().
      
      With the new fpstate mechanism this can be reduced to one extra buffer by
      swapping the fpstate pointer in current::thread::fpu. This makes the
      upcoming support for AMX and XFD simpler because then fpstate information
      (features, sizes, xfd) are always consistent and it does not require any
      nasty workarounds.
      
      Provide:
      
        - An allocator which initializes the state properly
      
        - A replacement for the existing FPU swap mechanim
      
      Aside of the reduced memory footprint, this also makes state switching
      more efficient when TIF_FPU_NEED_LOAD is set. It does not require a
      memcpy as the state is already correct in the to be swapped out fpstate.
      
      The existing interfaces will be removed once KVM is converted over.
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
      Link: https://lkml.kernel.org/r/20211022185312.954684740@linutronix.de
      69f6ed1d
    • Thomas Gleixner's avatar
      x86/fpu: Prepare for sanitizing KVM FPU code · 75c52dad
      Thomas Gleixner authored
      For the upcoming AMX support it's necessary to do a proper integration with
      KVM. To avoid more nasty hackery in KVM which violate encapsulation extend
      struct fpu and fpstate so the fpstate switching can be consolidated and
      simplified.
      
      Currently KVM allocates two FPU structs which are used for saving the user
      state of the vCPU thread and restoring the guest state when entering
      vcpu_run() and doing the reverse operation before leaving vcpu_run().
      
      With the new fpstate mechanism this can be reduced to one extra buffer by
      swapping the fpstate pointer in current::thread::fpu. This makes the
      upcoming support for AMX and XFD simpler because then fpstate information
      (features, sizes, xfd) are always consistent and it does not require any
      nasty workarounds.
      
      Add fpu::__task_fpstate to save the regular fpstate pointer while the task
      is inside vcpu_run(). Add some state fields to fpstate to indicate the
      nature of the state.
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
      Link: https://lkml.kernel.org/r/20211022185312.896403942@linutronix.de
      75c52dad
  3. 22 Oct, 2021 3 commits
  4. 21 Oct, 2021 15 commits
  5. 20 Oct, 2021 16 commits