lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 27 Jan 2024 05:03:50 +0800
From: Xi Ruoyao <xry111@...111.site>
To: Thomas Bogendoerfer <tsbogend@...ha.franken.de>, Jiaxun Yang
	 <jiaxun.yang@...goat.com>, linux-mips@...r.kernel.org
Cc: Ralf Baechle <ralf@...ux-mips.org>, "Maciej W. Rozycki"
 <macro@...am.me.uk>,  YunQiang Su <wzssyqa@...il.com>, Huacai Chen
 <chenhuacai@...nel.org>, WANG Xuerui <kernel@...0n.name>, 
 linux-kernel@...r.kernel.org
Subject: Re: [PATCH] mips: Call lose_fpu(0) before initializing fcr31 in
 mips_set_personality_nan

Please ignore this for wrong address of stable@.  Will send v2.

On Sat, 2024-01-27 at 04:59 +0800, Xi Ruoyao wrote:
> If we still own the FPU after initializing fcr31, when we are preempted
> the dirty value in the FPU will be read out and stored into fcr31,
> clobbering our setting.  This can cause an improper floating-point
> environment after execve().  For example:
> 
>     zsh% cat measure.c
>     #include <fenv.h>
>     int main() { return fetestexcept(FE_INEXACT); }
>     zsh% cc measure.c -o measure -lm
>     zsh% echo $((1.0/3)) # raising FE_INEXACT
>     0.33333333333333331
>     zsh% while ./measure; do ; done
>     (stopped in seconds)
> 
> Call lose_fpu(0) before setting fcr31 to prevent this.
> 
> Closes: https://lore.kernel.org/linux-mips/7a6aa1bbdbbe2e63ae96ff163fab0349f58f1b9e.camel@xry111.site/
> Fixes: 9b26616c8d9d ("MIPS: Respect the ISA level in FCSR handling")
> Cc: stable@...r.linux.org
> Signed-off-by: Xi Ruoyao <xry111@...111.site>
> ---
>  arch/mips/kernel/elf.c | 6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/arch/mips/kernel/elf.c b/arch/mips/kernel/elf.c
> index 5582a4ca1e9e..7aa2c2360ff6 100644
> --- a/arch/mips/kernel/elf.c
> +++ b/arch/mips/kernel/elf.c
> @@ -11,6 +11,7 @@
>  
>  #include <asm/cpu-features.h>
>  #include <asm/cpu-info.h>
> +#include <asm/fpu.h>
>  
>  #ifdef CONFIG_MIPS_FP_SUPPORT
>  
> @@ -309,6 +310,11 @@ void mips_set_personality_nan(struct arch_elf_state *state)
>  	struct cpuinfo_mips *c = &boot_cpu_data;
>  	struct task_struct *t = current;
>  
> +	/* Do this early so t->thread.fpu.fcr31 won't be clobbered in case
> +	 * we are preempted before the lose_fpu(0) in start_thread.
> +	 */
> +	lose_fpu(0);
> +
>  	t->thread.fpu.fcr31 = c->fpu_csr31;
>  	switch (state->nan_2008) {
>  	case 0:

-- 
Xi Ruoyao <xry111@...111.site>
School of Aerospace Science and Technology, Xidian University

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ