On 10/1/2021 8:13 AM, Andy Lutomirski wrote:
I'm just reading TFM, which is some kind of dystopian fantasy.
11.8.2.4 XRSTORS
Before restoring the user-interrupt state component, XRSTORS verifies that UINV is 0. If it is not, XRSTORS causes a general-protection fault (#GP) before loading any part of the user-interrupt state component. (UINV is IA32_UINTR_MISC[39:32]; XRSTORS does not check the contents of the remainder of that MSR.)
So if UINV is set in the memory image and you XRSTORS five times in a row, the first one will work assuming UINV was zero. The second one will #GP. And:
11.8.2.3 XSAVES After saving the user-interrupt state component, XSAVES clears UINV. (UINV is IA32_UINTR_MISC[39:32]; XSAVES does not modify the remainder of that MSR.)
So if we're running a UPID-enabled user task and we switch to a kernel thread, we do XSAVES and UINV is cleared. Then we switch back to the same task and don't do XRSTORS (or otherwise write IA32_UINTR_MISC) and UINV is still clear.
Andy,
I am still catching up with the rest of the discussion but I wanted to provide some input here.
Have you had a chance to look at the discussion on this topic in patch 5? https://lore.kernel.org/lkml/87bl4fcxz8.ffs@tglx/ The pseudo code Thomas provided and my comments on the same cover the above situation.
The UINV bits in the IA32_UINTR_MISC act as an on/off switch for detecting user interrupts (i.e. moving them from UPID.PIR to UIRR). When XSAVES saves UIRR into memory we want the switch to atomically turn off to stop detecting additional interrupts. When we restore the state back the hardware wants to be sure the switch is off before writing to UIRR. If not, the UIRR state could potentially be overwritten.
That's how I understand the XSAVES/XRSTORS behavior. I can confirm with the hardware architects if you want more details here.
Regarding the #GP trick proposal, I am planning to get some feedback from the hardware folks to see if any potential issues could arise.
I am on a pre-planned break next week. I apologize (in advance) for the delay in responding.
Thanks, Sohil