From patchwork Sat Mar 16 03:43:42 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chengen Du X-Patchwork-Id: 1912776 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4TxRnF5PXXz23qp for ; Sat, 16 Mar 2024 14:44:16 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1rlKxl-0004nQ-Cz; Sat, 16 Mar 2024 03:44:01 +0000 Received: from smtp-relay-internal-0.internal ([10.131.114.225] helo=smtp-relay-internal-0.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1rlKxe-0004mm-3E for kernel-team@lists.ubuntu.com; Sat, 16 Mar 2024 03:43:54 +0000 Received: from mail-pg1-f198.google.com (mail-pg1-f198.google.com [209.85.215.198]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 1D1B33F148 for ; Sat, 16 Mar 2024 03:43:51 +0000 (UTC) Received: by mail-pg1-f198.google.com with SMTP id 41be03b00d2f7-5dcab65d604so2078885a12.3 for ; Fri, 15 Mar 2024 20:43:51 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710560629; x=1711165429; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=MqZn49wiAqOgWsoqLVZIBarYGru1lTH1WoLE0AvSxDY=; b=SFdVzqimN0RUcFGZ+R5XvcV73zloBeb2NQKvhaCPGCBNT70MJwBRPpDYYiEfYq4Qp8 4NWp1Hspb4o6YcDbHRyCEZ68OitI4hGe0HB48Ch/6EE3dPft4aPynFU1ofLXU5sfJLTx Zk4NI3hDOsK7iW6uSocKmnwJ7FbXlySx5Fh3xLAdxvPU1FjamV1JyhZQ02KiddTqfhEn GXCclxfuOOTyBrh2nFpKnH+AQA1AfgHtGsHDS3CLkdKqSKohHQju8G9TSAT6JwfP2+Vc oysawyx+I8RlZmqxqbMXlBhLyKrUpkID8uKwWCI9W9u00kSIRAwXqJU2VGX1UZTUEXny 7Vng== X-Gm-Message-State: AOJu0YyA1ASYJT7lRdc/DwWmiKGKUmZskZ/35xywOm0+rvkO+/IFKhit Co8BqPhyis9RT4IaTEIiPv9TI7USEg7/BWQD+ItYRk0Xf230/W5Z0rFv5pngQh12P/+unGNjXjX Ofoy6uJQ0uJwtw77TAz9IFOTBOj18l3R0HekCXIbAqig8FA+5l4Z8/cn9MPeifLMB/Tzkepkdr/ 4ysL8gemnseA== X-Received: by 2002:a17:902:e5c2:b0:1de:e026:1b8e with SMTP id u2-20020a170902e5c200b001dee0261b8emr7295967plf.41.1710560628788; Fri, 15 Mar 2024 20:43:48 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEtTb9zLVmf7G2redOV1sTaKRrzJNjskxwL3adQyhn2QHjbsrbgm1zOmTo2Au6L1QdnUU5VIA== X-Received: by 2002:a17:902:e5c2:b0:1de:e026:1b8e with SMTP id u2-20020a170902e5c200b001dee0261b8emr7295947plf.41.1710560628387; Fri, 15 Mar 2024 20:43:48 -0700 (PDT) Received: from chengendu.. (111-248-145-30.dynamic-ip.hinet.net. [111.248.145.30]) by smtp.gmail.com with ESMTPSA id ki3-20020a170903068300b001dd02f4c2casm4695740plb.164.2024.03.15.20.43.46 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 15 Mar 2024 20:43:48 -0700 (PDT) From: Chengen Du To: kernel-team@lists.ubuntu.com Subject: [SRU][J][PATCH 0/2] A general-proteciton exception during guest migration to unsupported PKRU machine Date: Sat, 16 Mar 2024 11:43:42 +0800 Message-Id: <20240316034344.17515-1-chengen.du@canonical.com> X-Mailer: git-send-email 2.40.1 MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" BugLink: https://bugs.launchpad.net/bugs/2032164 SRU Justification: [Impact] When a host that supports PKRU initiates a guest that lacks PKRU support, the flag is enabled on the guest's fpstate. This information is then passed to userspace through the vcpu ioctl KVM_GET_XSAVE. However, a problem arises when the user opts to migrate the mentioned guest to another machine that does not support PKRU. In this scenario, the new host attempts to restore the guest's fpu registers. Nevertheless, due to the absence of PKRU support on the new host, a general-protection exception takes place, leading to a guest crash. [Fix] The problem is resolved by the following upstream commit: 18164f66e6c5 x86/fpu: Allow caller to constrain xfeatures when copying to uabi buffer 8647c52e9504 KVM: x86: Constrain guest-supported xfeatures only at KVM_GET_XSAVE{2} [Test Plan] Several scenarios need to be conducted to confirm the migration outcome. Patched kernel with PKRU -> kernel with PKRU Patched kernel with PKRU -> kernel without PKRU Patched kernel without PKRU -> kernel with PKRU Patched kernel without PKRU -> kernel without PKRU Kernel with PKRU -> patched kernel with PKRU Kernel with PKRU -> patched kernel without PKRU Kernel without PKRU -> patched kernel with PKRU Kernel without PKRU -> patched kernel without PKRU Patched kernel with PKRU -> patched kernel without PKRU Each scenarios shall succeed except "Kernel with PKRU -> patched kernel without PKRU" one. Addressing this case poses challenges because the most plausible solution is to clamp the FPU features at the destination during migration. However, upstream does not support this approach due to concerns about silently dropping features requested by userspace. This could potentially lead to other issues and violate KVM's ABI. [Where problems could occur] The introduced commits will impact the guest migration process, potentially leading to failures and preventing the guest from operating successfully on the migration destination. Sean Christopherson (2): x86/fpu: Allow caller to constrain xfeatures when copying to uabi buffer KVM: x86: Constrain guest-supported xfeatures only at KVM_GET_XSAVE{2} arch/x86/include/asm/fpu/api.h | 3 ++- arch/x86/kernel/fpu/core.c | 5 +++-- arch/x86/kernel/fpu/xstate.c | 7 +++++-- arch/x86/kernel/fpu/xstate.h | 3 ++- arch/x86/kvm/x86.c | 33 +++++++++++++++++++++++++++------ 5 files changed, 39 insertions(+), 12 deletions(-) Acked-by: Stefan Bader Acked-by: Roxana Nicolescu