lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 28 Jan 2024 22:54:08 +0100
From: Thomas Bogendoerfer <tsbogend@...ha.franken.de>
To: Xi Ruoyao <xry111@...111.site>
Cc: Jiaxun Yang <jiaxun.yang@...goat.com>, linux-mips@...r.kernel.org,
	Ralf Baechle <ralf@...ux-mips.org>,
	"Maciej W. Rozycki" <macro@...am.me.uk>,
	YunQiang Su <wzssyqa@...il.com>,
	Huacai Chen <chenhuacai@...nel.org>,
	WANG Xuerui <kernel@...0n.name>, linux-kernel@...r.kernel.org,
	stable@...r.kernel.org
Subject: Re: [PATCH v2] mips: Call lose_fpu(0) before initializing fcr31 in
 mips_set_personality_nan

On Sat, Jan 27, 2024 at 05:05:57AM +0800, Xi Ruoyao wrote:
> If we still own the FPU after initializing fcr31, when we are preempted
> the dirty value in the FPU will be read out and stored into fcr31,
> clobbering our setting.  This can cause an improper floating-point
> environment after execve().  For example:
> 
>     zsh% cat measure.c
>     #include <fenv.h>
>     int main() { return fetestexcept(FE_INEXACT); }
>     zsh% cc measure.c -o measure -lm
>     zsh% echo $((1.0/3)) # raising FE_INEXACT
>     0.33333333333333331
>     zsh% while ./measure; do ; done
>     (stopped in seconds)
> 
> Call lose_fpu(0) before setting fcr31 to prevent this.
> 
> Closes: https://lore.kernel.org/linux-mips/7a6aa1bbdbbe2e63ae96ff163fab0349f58f1b9e.camel@xry111.site/
> Fixes: 9b26616c8d9d ("MIPS: Respect the ISA level in FCSR handling")
> Cc: stable@...r.kernel.org
> Signed-off-by: Xi Ruoyao <xry111@...111.site>
> ---
> 
> v1 -> v2: Fix stable list address in Cc line.
> 
>  arch/mips/kernel/elf.c | 6 ++++++
>  1 file changed, 6 insertions(+)

applied to mips-fixes.

Thomas.

-- 
Crap can work. Given enough thrust pigs will fly, but it's not necessarily a
good idea.                                                [ RFC1925, 2.3 ]

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ