lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1475353895-22175-6-git-send-email-riel@redhat.com>
Date:   Sat,  1 Oct 2016 16:31:35 -0400
From:   riel@...hat.com
To:     linux-kernel@...r.kernel.org
Cc:     x86@...nel.org, tglx@...utronix.de, pbonzini@...hat.com,
        mingo@...hat.com, luto@...nel.org, hpa@...or.com,
        dave.hansen@...ux.intel.com, bp@...e.de
Subject: [PATCH RFC 5/5] x86,fpu: kinda sorta fix up signal path

From: Rik van Riel <riel@...hat.com>

Need to ensure that the FPU save code and the lazy restore code
do not use invalid kernel or floating point register state and
copy it over to the other location.

I am pretty sure this is incomplete.

Signed-off-by: Rik van Riel <riel@...hat.com>
---
 arch/x86/kernel/fpu/core.c   | 1 +
 arch/x86/kernel/fpu/signal.c | 4 ++++
 2 files changed, 5 insertions(+)

diff --git a/arch/x86/kernel/fpu/core.c b/arch/x86/kernel/fpu/core.c
index 537eb65b6ae6..fa59cc741fa5 100644
--- a/arch/x86/kernel/fpu/core.c
+++ b/arch/x86/kernel/fpu/core.c
@@ -314,6 +314,7 @@ void fpu__activate_curr(struct fpu *fpu)
 		trace_x86_fpu_activate_state(fpu);
 		/* Safe to do for the current task: */
 		fpu->fpstate_active = 1;
+		fpu->last_cpu = -1;
 	}
 }
 EXPORT_SYMBOL_GPL(fpu__activate_curr);
diff --git a/arch/x86/kernel/fpu/signal.c b/arch/x86/kernel/fpu/signal.c
index a184c210efba..89f882983da7 100644
--- a/arch/x86/kernel/fpu/signal.c
+++ b/arch/x86/kernel/fpu/signal.c
@@ -171,6 +171,10 @@ int copy_fpstate_to_sigframe(void __user *buf, void __user *buf_fx, int size)
 			(struct _fpstate_32 __user *) buf) ? -1 : 1;
 
 	if (fpregs_active() || using_compacted_format()) {
+		/* Compacted format, but the FP state is not loaded yet. */
+		if (unlikely(!fpu_lazy_skip_restore(&tsk->thread.fpu)))
+			copy_kernel_to_fpregs(&tsk->thread.fpu.state);
+
 		/* Save the live register state to the user directly. */
 		if (copy_fpregs_to_sigframe(buf_fx))
 			return -1;
-- 
2.7.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ