Remove @perm from the guest pseudo FPU container. The field is
initialized during allocation and never used later.
Rename fpu_init_guest_permissions() to show that its sole purpose is to
lock down guest permissions.
Suggested-by: Maxim Levitsky <mlevitsk@redhat.com>
Signed-off-by: Chao Gao <chao.gao@intel.com>
---
v5: drop the useless fpu_guest argument (Chang)
---
arch/x86/include/asm/fpu/types.h | 7 -------
arch/x86/kernel/fpu/core.c | 7 ++-----
2 files changed, 2 insertions(+), 12 deletions(-)
diff --git a/arch/x86/include/asm/fpu/types.h b/arch/x86/include/asm/fpu/types.h
index 46cc263f9f4f..9f9ed406b179 100644
--- a/arch/x86/include/asm/fpu/types.h
+++ b/arch/x86/include/asm/fpu/types.h
@@ -526,13 +526,6 @@ struct fpu_guest {
*/
u64 xfeatures;
- /*
- * @perm: xfeature bitmap of features which are
- * permitted to be enabled for the guest
- * vCPU.
- */
- u64 perm;
-
/*
* @xfd_err: Save the guest value.
*/
diff --git a/arch/x86/kernel/fpu/core.c b/arch/x86/kernel/fpu/core.c
index 1b734a9ff088..28ad7ec56eaa 100644
--- a/arch/x86/kernel/fpu/core.c
+++ b/arch/x86/kernel/fpu/core.c
@@ -202,7 +202,7 @@ void fpu_reset_from_exception_fixup(void)
#if IS_ENABLED(CONFIG_KVM)
static void __fpstate_reset(struct fpstate *fpstate, u64 xfd);
-static void fpu_init_guest_permissions(struct fpu_guest *gfpu)
+static void fpu_lock_guest_permissions(void)
{
struct fpu_state_perm *fpuperm;
u64 perm;
@@ -218,8 +218,6 @@ static void fpu_init_guest_permissions(struct fpu_guest *gfpu)
WRITE_ONCE(fpuperm->__state_perm, perm | FPU_GUEST_PERM_LOCKED);
spin_unlock_irq(¤t->sighand->siglock);
-
- gfpu->perm = perm & ~FPU_GUEST_PERM_LOCKED;
}
bool fpu_alloc_guest_fpstate(struct fpu_guest *gfpu)
@@ -240,7 +238,6 @@ bool fpu_alloc_guest_fpstate(struct fpu_guest *gfpu)
gfpu->fpstate = fpstate;
gfpu->xfeatures = fpu_kernel_cfg.default_features;
- gfpu->perm = fpu_kernel_cfg.default_features;
/*
* KVM sets the FP+SSE bits in the XSAVE header when copying FPU state
@@ -255,7 +252,7 @@ bool fpu_alloc_guest_fpstate(struct fpu_guest *gfpu)
if (WARN_ON_ONCE(fpu_user_cfg.default_size > gfpu->uabi_size))
gfpu->uabi_size = fpu_user_cfg.default_size;
- fpu_init_guest_permissions(gfpu);
+ fpu_lock_guest_permissions();
return true;
}
--
2.46.1On 4/10/2025 12:24 AM, Chao Gao wrote:
> Remove @perm from the guest pseudo FPU container. The field is
> initialized during allocation and never used later.
>
> Rename fpu_init_guest_permissions() to show that its sole purpose is to
> lock down guest permissions.
>
> Suggested-by: Maxim Levitsky <mlevitsk@redhat.com>
This patch appears to be new in V3, as I can see from the diff here:
https://github.com/ChangSeokBae/kernel/compare/xstate-scet-chao-v2...xstate-scet-chao-v3
However, I don’t see any relevant comment from Maxim on your V2 series.
Unlike patch 1, this one doesn’t include a URL referencing the
suggestion either -- so I suspect the Suggested-by tag might be incorrect.
> @@ -255,7 +252,7 @@ bool fpu_alloc_guest_fpstate(struct fpu_guest *gfpu)
> if (WARN_ON_ONCE(fpu_user_cfg.default_size > gfpu->uabi_size))
> gfpu->uabi_size = fpu_user_cfg.default_size;
>
> - fpu_init_guest_permissions(gfpu);
> + fpu_lock_guest_permissions();
As a future improvement, you might consider updating this to:
if (xstate_get_guest_group_perm() & FPU_GUEST_PERM_LOCKED)
fpu_lock_guest_permissions();
Or, embed the check inside fpu_lock_guest_permissions():
if (xstate_get_guest_group_perm() & FPU_GUEST_PERM_LOCKED)
return;
But for this patch itself, the change looks good to me. Please feel free
to add my tag:
Reviewed-by: Chang S. Bae <chang.seok.bae@intel.com>
Thanks,
Chang
On Fri, Apr 18, 2025 at 01:51:02PM -0700, Chang S. Bae wrote:
>On 4/10/2025 12:24 AM, Chao Gao wrote:
>> Remove @perm from the guest pseudo FPU container. The field is
>> initialized during allocation and never used later.
>>
>> Rename fpu_init_guest_permissions() to show that its sole purpose is to
>> lock down guest permissions.
>>
>> Suggested-by: Maxim Levitsky <mlevitsk@redhat.com>
>
>This patch appears to be new in V3, as I can see from the diff here:
>
>https://github.com/ChangSeokBae/kernel/compare/xstate-scet-chao-v2...xstate-scet-chao-v3
>
>However, I don’t see any relevant comment from Maxim on your V2 series.
>Unlike patch 1, this one doesn’t include a URL referencing the suggestion
>either -- so I suspect the Suggested-by tag might be incorrect.
v3 was the version where I truly began refining the patches based on my
understanding, the historical discussion, and feedback on v2 [*]. While
reviewing the historical discussion, I found Maxim's suggestion to be
valuable:
https://lore.kernel.org/kvm/af972fe5981b9e7101b64de43c7be0a8cc165323.camel@redhat.com/
So, I implemented it in v3, but I should have included the link.
[*] v2 was simply a resend of v1
https://lore.kernel.org/kvm/20241126101710.62492-1-chao.gao@intel.com/
>> @@ -255,7 +252,7 @@ bool fpu_alloc_guest_fpstate(struct fpu_guest *gfpu)
>> if (WARN_ON_ONCE(fpu_user_cfg.default_size > gfpu->uabi_size))
>> gfpu->uabi_size = fpu_user_cfg.default_size;
>> - fpu_init_guest_permissions(gfpu);
>> + fpu_lock_guest_permissions();
>
>As a future improvement, you might consider updating this to:
>
> if (xstate_get_guest_group_perm() & FPU_GUEST_PERM_LOCKED)
> fpu_lock_guest_permissions();
>
>Or, embed the check inside fpu_lock_guest_permissions():
>
> if (xstate_get_guest_group_perm() & FPU_GUEST_PERM_LOCKED)
> return;
>
>But for this patch itself, the change looks good to me. Please feel free to
>add my tag:
>
> Reviewed-by: Chang S. Bae <chang.seok.bae@intel.com>
Thanks a lot.
On 4/18/2025 1:51 PM, Chang S. Bae wrote:
> if (xstate_get_guest_group_perm() & FPU_GUEST_PERM_LOCKED)
> fpu_lock_guest_permissions();
Sorry, this should be:
if (!(xstate_get_guest_group_perm() & FPU_GUEST_PERM_LOCKED))
fpu_lock_guest_permissions();
© 2016 - 2025 Red Hat, Inc.