lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20150422104047.GA6897@pd.tnic>
Date:	Wed, 22 Apr 2015 12:40:47 +0200
From:	Borislav Petkov <bp@...en8.de>
To:	Dave Hansen <dave@...1.net>
Cc:	linux-kernel@...r.kernel.org, x86@...nel.org, tglx@...utronix.de,
	dave.hansen@...ux.intel.com, oleg@...hat.com, riel@...hat.com,
	sbsiddha@...il.com, luto@...capital.net, mingo@...hat.com,
	hpa@...or.com, fenghua.yu@...el.com
Subject: Re: [PATCH 01/16] x86, fpu: wrap get_xsave_addr() to make it safer

On Tue, Mar 31, 2015 at 05:46:24PM -0700, Dave Hansen wrote:
> +/*
> + * This wraps up the common operations that need to occur when retrieving
> + * data from an xsave struct.  It first ensures that the task was actually
> + * using the FPU and retrieves the data in to a buffer.  It then calculates
> + * the offset of the requested field in the buffer.
> + *
> + * This function is safe to call whether the FPU is in use or not.
> + *
> + * Inputs:
> + *	@tsk: the task from which we are fetching xsave state
> + *	@xsave_field: state which is defined in xsave.h (e.g. XSTATE_FP,
> + *	XSTATE_SSE, etc...)
> + * Output:
> + *	address of the state in the xsave area.
> + */
> +void *tsk_get_xsave_field(struct task_struct *tsk, int xsave_field)
> +{
> +	union thread_xstate *xstate;
> +
> +	if (!used_math())
> +		return NULL;

Shouldn't this be

	if (!tsk_used_math(tsk))

?

Because used_math() is looking at current, maybe even in
preemption-enabled paths - I'm eyeing task_get_bounds_dir() - and
that current might get changed from under us and it might happen that
current != tsk. Yes, no?

> +	/*
> +	 * unlazy_fpu() is poorly named and will actually
> +	 * save the xstate off in to the memory buffer.
> +	 */
> +	unlazy_fpu(tsk);
> +	xstate = tsk->thread.fpu.state;
> +
> +	return get_xsave_addr(&xstate->xsave, xsave_field);

And I understand this as "give me the xsave address of @tsk".

Right?

Thanks.

-- 
Regards/Gruss,
    Boris.

ECO tip #101: Trim your mails when you reply.
--
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ