lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 30 Jan 2024 14:09:34 +0000
From: Mark Brown <broonie@...nel.org>
To: Will Deacon <will@...nel.org>
Cc: Catalin Marinas <catalin.marinas@....com>,
	Dave Martin <dave.martin@....com>,
	linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org,
	stable@...r.kernel.org
Subject: Re: [PATCH] arm64/signal: Don't assume that TIF_SVE means we saved
 SVE state

On Tue, Jan 30, 2024 at 11:51:07AM +0000, Will Deacon wrote:
> On Fri, Jan 19, 2024 at 12:29:13PM +0000, Mark Brown wrote:

> > -	if (test_thread_flag(TIF_SVE))
> > +	if (current->thread.fp_type == FP_STATE_SVE)
> >  		sve_to_fpsimd(current);
> >  }

> I don't think this hunk applies on -rc2 ^^.

Hrm, git seemed to figure out a rebase with no intervention - I've
thrown it at my CI and will resend assuming no changes from the rest of
the discussion.

> > -		if (add_all || test_thread_flag(TIF_SVE) ||
> > +		if (add_all || current->thread.fp_type == FP_STATE_SVE ||
> >  		    thread_sm_enabled(&current->thread)) {
> >  			int vl = max(sve_max_vl(), sme_max_vl());

> I think this code is preemptible, so I'm struggling to understand what
> happens if the fp_type changes under our feet as a result of a context
> switch.

We are relying here on having forced a flush of the floating point
register state prior to this code running, simple preemption won't
change the state from what was already saved.  The same consideration
also applies to the check for streaming mode here.

That said if this is preempted ptrace *could* come in and rewrite the
data or at worst change the vector length (which could leave us with
sve_state deallocated or a different size, possibly while we're in the
middle of accessing it).  This could also happen with the existing check
for TIF_SVE so I don't think there's anything new here - AFAICT this has
always been an issue with the vector code, unless I'm missing some
bigger thing which excludes ptrace.  I think any change that's needed
there won't overlap with this one, I'm looking.

Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ