[PATCH 11/11] x86, fpu: check CPU-provided sizes against struct declarations

From: Dave Hansen
Date: Tue Aug 25 2015 - 16:12:31 EST



From: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>

We now have C structures defined for each of the XSAVE state
components that we support. This patch adds checks during our
verification pass to ensure that the CPU-provided data
enumerated in CPUID leaves matches our C structures.

If not, we warn and dump all the XSAVE CPUID leaves.

Note: this *actually* found an inconsistency with the MPX
'bndcsr' state. The hardware pads it out differently from
our C structures. This patch caught it and warned.

Signed-off-by: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>
Cc: Ingo Molnar <mingo@xxxxxxxxxx>
Cc: x86@xxxxxxxxxx
Cc: Borislav Petkov <bp@xxxxxxxxx>
Cc: Fenghua Yu <fenghua.yu@xxxxxxxxx>
Cc: Tim Chen <tim.c.chen@xxxxxxxxxxxxxxx>
Cc: linux-kernel@xxxxxxxxxxxxxxx
---

b/appendme | 6 +++
b/arch/x86/include/asm/fpu/types.h | 1
b/arch/x86/kernel/fpu/xstate.c | 62 +++++++++++++++++++++++++++++++++++--
3 files changed, 67 insertions(+), 2 deletions(-)

diff -puN /dev/null appendme
--- /dev/null 2015-07-13 14:24:11.435656502 -0700
+++ b/appendme 2015-08-25 12:50:01.857661314 -0700
@@ -0,0 +1,6 @@
+Cc: Ingo Molnar <mingo@xxxxxxxxxx>
+Cc: x86@xxxxxxxxxx
+Cc: Borislav Petkov <bp@xxxxxxxxx>
+Cc: Fenghua Yu <fenghua.yu@xxxxxxxxx>
+Cc: Tim Chen <tim.c.chen@xxxxxxxxxxxxxxx>
+Cc: linux-kernel@xxxxxxxxxxxxxxx
diff -puN arch/x86/include/asm/fpu/types.h~x86-fpu-check-against-struct-declarations arch/x86/include/asm/fpu/types.h
--- a/arch/x86/include/asm/fpu/types.h~x86-fpu-check-against-struct-declarations 2015-08-25 12:50:01.853661133 -0700
+++ b/arch/x86/include/asm/fpu/types.h 2015-08-25 12:50:01.858661359 -0700
@@ -108,6 +108,7 @@ enum xfeature_nr {
XFEATURE_NR_OPMASK,
XFEATURE_NR_ZMM_Hi256,
XFEATURE_NR_Hi16_ZMM,
+ XFEATURE_NR_PT_UNIMPLEMENTED_SO_FAR,

XFEATURES_NR_MAX,
};
diff -puN arch/x86/kernel/fpu/xstate.c~x86-fpu-check-against-struct-declarations arch/x86/kernel/fpu/xstate.c
--- a/arch/x86/kernel/fpu/xstate.c~x86-fpu-check-against-struct-declarations 2015-08-25 12:50:01.854661178 -0700
+++ b/arch/x86/kernel/fpu/xstate.c 2015-08-25 12:50:01.858661359 -0700
@@ -182,7 +182,8 @@ static int xfeature_nr_enabled(enum xfea
static void __init setup_xstate_features(void)
{
u32 eax, ebx, ecx, edx, i;
- unsigned int last_good_offset = -1;
+ /* start at the beginnning of the "extended state" */
+ unsigned int last_good_offset = offsetof(struct xregs_state, __reserved);

for (i = FIRST_EXTENDED_XFEATURE_NR; i < XFEATURES_NR_MAX; i++) {
if (!xfeature_nr_enabled(i))
@@ -196,7 +197,8 @@ static void __init setup_xstate_features
* highest-numbered xstate feature has the
* highest offset in the buffer. Ensure it does.
*/
- WARN_ON(last_good_offset > xstate_offsets[i]);
+ WARN_ONCE(last_good_offset > xstate_offsets[i],
+ "x86/fpu: misordered xstate at %d\n", last_good_offset);
last_good_offset = xstate_offsets[i];

printk(KERN_INFO "x86/fpu: xstate_offset[%d]: %04x, xstate_sizes[%d]: %04x\n", i, ebx, i, eax);
@@ -407,6 +409,52 @@ static void __xstate_dump_leaves(void)
} \
} while (0)

+
+#define XCHECK_SZ(sz, nr, nr_macro, __struct) do { \
+ if ((nr == nr_macro) && \
+ WARN_ONCE(sz != sizeof(__struct), \
+ "%s: struct is %ld bytes, cpu state %d bytes\n", \
+ __stringify(nr_macro), sizeof(__struct), sz)) { \
+ __xstate_dump_leaves(); \
+ } \
+} while (0)
+
+
+/*
+ * We have a C struct for each 'xstate'. We need to ensure
+ * that our software representation matches what the CPU
+ * tells us about the state's size.
+ */
+static void check_xstate_against_struct(int nr)
+{
+ /*
+ * Ask the CPU for the size of the state.
+ */
+ int sz = xfeature_size(nr);
+ /*
+ * Match each CPU state with the corresponding software
+ * structure.
+ */
+ XCHECK_SZ(sz, nr, XFEATURE_NR_YMM, struct ymmh_struct);
+ XCHECK_SZ(sz, nr, XFEATURE_NR_BNDREGS, struct mpx_bndreg_state);
+ XCHECK_SZ(sz, nr, XFEATURE_NR_BNDCSR, struct mpx_bndcsr_state);
+ XCHECK_SZ(sz, nr, XFEATURE_NR_OPMASK, struct avx_512_opmask_state);
+ XCHECK_SZ(sz, nr, XFEATURE_NR_ZMM_Hi256, struct avx_512_zmm_uppers_state);
+ XCHECK_SZ(sz, nr, XFEATURE_NR_Hi16_ZMM, struct avx_512_hi16_state);
+
+ /*
+ * Make *SURE* to add any feature numbers in below if
+ * there are "holes" in the xsave state component
+ * numbers.
+ */
+ if ((nr < XFEATURE_NR_YMM) ||
+ (nr >= XFEATURES_NR_MAX) ||
+ (nr == XFEATURE_NR_PT_UNIMPLEMENTED_SO_FAR)) {
+ WARN_ONCE(1, "no structure for xstate: %d\n", nr);
+ XSTATE_WARN_ON(1);
+ }
+}
+
/*
* This essentially double-checks what the cpu told us about
* how large the XSAVE buffer needs to be. We are recalculating
@@ -420,6 +468,8 @@ static void do_extra_xstate_size_checks(
for (i = FIRST_EXTENDED_XFEATURE_NR; i < XFEATURES_NR_MAX; i++) {
if (!xfeature_nr_enabled(i))
continue;
+
+ check_xstate_against_struct(i);
/*
* Supervisor state components can be managed only by
* XSAVES, which is compacted-format only.
@@ -445,6 +495,14 @@ static void do_extra_xstate_size_checks(
paranoid_xstate_size += xfeature_size(i);
}
XSTATE_WARN_ON(paranoid_xstate_size != xstate_size);
+ /*
+ * Basically, make sure that XSTATE_RESERVE has forced
+ * xregs_state to be large enough. This is not fatal
+ * because we reserve a *lot* of extra room in the init
+ * task struct, but we should at least know we got it
+ * wrong.
+ */
+ XSTATE_WARN_ON(xstate_size > sizeof(struct xregs_state));
}

/*
_
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/