Re: [tip:x86/fpu] x86/fpu: Don't export __kernel_fpu_{begin,end}()

From: Ard Biesheuvel
Date: Mon Dec 03 2018 - 16:12:34 EST


On Mon, 3 Dec 2018 at 22:04, tip-bot for Sebastian Andrzej Siewior
<tipbot@xxxxxxxxx> wrote:
>
> Commit-ID: 7d79adb87fa79e4a4c59424fd5b5a922861fc5f6
> Gitweb: https://git.kernel.org/tip/7d79adb87fa79e4a4c59424fd5b5a922861fc5f6
> Author: Sebastian Andrzej Siewior <bigeasy@xxxxxxxxxxxxx>
> AuthorDate: Thu, 29 Nov 2018 16:02:10 +0100
> Committer: Borislav Petkov <bp@xxxxxxx>
> CommitDate: Mon, 3 Dec 2018 19:37:27 +0100
>
> x86/fpu: Don't export __kernel_fpu_{begin,end}()
>
> There is one user of __kernel_fpu_begin() and before invoking it,
> it invokes preempt_disable(). So it could invoke kernel_fpu_begin()
> right away. The 32bit version of arch_efi_call_virt_setup() and
> arch_efi_call_virt_teardown() does this already.
>
> The comment above *kernel_fpu*() claims that before invoking
> __kernel_fpu_begin() preemption should be disabled and that KVM is a
> good example of doing it. Well, KVM doesn't do that since commit
>
> f775b13eedee2 ("x86,kvm: move qemu/guest FPU switching out to vcpu_run")
>
> so it is not an example anymore.
>
> With EFI gone as the last user of __kernel_fpu_{begin|end}(), both can
> be made static and not exported anymore.
>
> Signed-off-by: Sebastian Andrzej Siewior <bigeasy@xxxxxxxxxxxxx>
> Signed-off-by: Borislav Petkov <bp@xxxxxxx>
> Reviewed-by: Rik van Riel <riel@xxxxxxxxxxx>
> Cc: "H. Peter Anvin" <hpa@xxxxxxxxx>
> Cc: "Jason A. Donenfeld" <Jason@xxxxxxxxx>
> Cc: Andy Lutomirski <luto@xxxxxxxxxx>
> Cc: Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx>
> Cc: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>
> Cc: Ingo Molnar <mingo@xxxxxxxxxx>
> Cc: Nicolai Stange <nstange@xxxxxxx>
> Cc: Paolo Bonzini <pbonzini@xxxxxxxxxx>
> Cc: Radim KrÄmÃÅ <rkrcmar@xxxxxxxxxx>
> Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
> Cc: kvm ML <kvm@xxxxxxxxxxxxxxx>
> Cc: linux-efi <linux-efi@xxxxxxxxxxxxxxx>
> Cc: x86-ml <x86@xxxxxxxxxx>
> Link: https://lkml.kernel.org/r/20181129150210.2k4mawt37ow6c2vq@xxxxxxxxxxxxx
> ---
> arch/x86/include/asm/efi.h | 6 ++----
> arch/x86/include/asm/fpu/api.h | 16 ++++++----------
> arch/x86/kernel/fpu/core.c | 6 ++----
> 3 files changed, 10 insertions(+), 18 deletions(-)
>
> diff --git a/arch/x86/include/asm/efi.h b/arch/x86/include/asm/efi.h
> index eea40d52ca78..45864898f7e5 100644
> --- a/arch/x86/include/asm/efi.h
> +++ b/arch/x86/include/asm/efi.h
> @@ -82,8 +82,7 @@ struct efi_scratch {
> #define arch_efi_call_virt_setup() \
> ({ \
> efi_sync_low_kernel_mappings(); \
> - preempt_disable(); \
> - __kernel_fpu_begin(); \
> + kernel_fpu_begin(); \
> firmware_restrict_branch_speculation_start(); \
> \
> if (!efi_enabled(EFI_OLD_MEMMAP)) \
> @@ -99,8 +98,7 @@ struct efi_scratch {
> efi_switch_mm(efi_scratch.prev_mm); \
> \
> firmware_restrict_branch_speculation_end(); \
> - __kernel_fpu_end(); \
> - preempt_enable(); \
> + kernel_fpu_end(); \
> })
>
> extern void __iomem *__init efi_ioremap(unsigned long addr, unsigned long size,
> diff --git a/arch/x86/include/asm/fpu/api.h b/arch/x86/include/asm/fpu/api.h
> index a9caac9d4a72..e368d8d94ca6 100644
> --- a/arch/x86/include/asm/fpu/api.h
> +++ b/arch/x86/include/asm/fpu/api.h
> @@ -12,17 +12,13 @@
> #define _ASM_X86_FPU_API_H
>
> /*
> - * Careful: __kernel_fpu_begin/end() must be called with preempt disabled
> - * and they don't touch the preempt state on their own.
> - * If you enable preemption after __kernel_fpu_begin(), preempt notifier
> - * should call the __kernel_fpu_end() to prevent the kernel/user FPU
> - * state from getting corrupted. KVM for example uses this model.
> - *
> - * All other cases use kernel_fpu_begin/end() which disable preemption
> - * during kernel FPU usage.
> + * Use kernel_fpu_begin/end() if you intend to use FPU in kernel context. It
> + * disables preemption so be careful if you intend to use it for long periods
> + * of time.
> + * If you intend to use the FPU in softirq you need to check first with
> + * irq_fpu_usable() if it is possible.
> + * Using the FPU in hardirq is not allowed.

According to the documentation in x86/kernel/fpu/core.c, this is not
true. So which one is accurate?

> */
> -extern void __kernel_fpu_begin(void);
> -extern void __kernel_fpu_end(void);
> extern void kernel_fpu_begin(void);
> extern void kernel_fpu_end(void);
> extern bool irq_fpu_usable(void);
> diff --git a/arch/x86/kernel/fpu/core.c b/arch/x86/kernel/fpu/core.c
> index 2ea85b32421a..2e5003fef51a 100644
> --- a/arch/x86/kernel/fpu/core.c
> +++ b/arch/x86/kernel/fpu/core.c
> @@ -93,7 +93,7 @@ bool irq_fpu_usable(void)
> }
> EXPORT_SYMBOL(irq_fpu_usable);
>
> -void __kernel_fpu_begin(void)
> +static void __kernel_fpu_begin(void)
> {
> struct fpu *fpu = &current->thread.fpu;
>
> @@ -111,9 +111,8 @@ void __kernel_fpu_begin(void)
> __cpu_invalidate_fpregs_state();
> }
> }
> -EXPORT_SYMBOL(__kernel_fpu_begin);
>
> -void __kernel_fpu_end(void)
> +static void __kernel_fpu_end(void)
> {
> struct fpu *fpu = &current->thread.fpu;
>
> @@ -122,7 +121,6 @@ void __kernel_fpu_end(void)
>
> kernel_fpu_enable();
> }
> -EXPORT_SYMBOL(__kernel_fpu_end);
>
> void kernel_fpu_begin(void)
> {