| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 31 May 2024 02:03:31 -0700 From: Yang Weijiang <weijiang.yang@...el.com> To: tglx@...utronix.de, dave.hansen@...el.com, x86@...nel.org, seanjc@...gle.com, pbonzini@...hat.com, linux-kernel@...r.kernel.org, kvm@...r.kernel.org Cc: peterz@...radead.org, chao.gao@...el.com, rick.p.edgecombe@...el.com, mlevitsk@...hat.com, weijiang.yang@...el.com, john.allen@....com Subject: [PATCH 6/6] x86/fpu/xstate: Warn if CET supervisor state is detected in normal fpstate CET supervisor state bit is __ONLY__ enabled for guest fpstate, i.e., never for normal kernel fpstate. The bit is set when guest FPU config is initialized. For normal fpstate, the bit should have been removed when initializes kernel FPU config settings, WARN_ONCE() if kernel detects normal fpstate xfeatures contains CET supervisor state bit before xsaves operation. Signed-off-by: Yang Weijiang <weijiang.yang@...el.com> --- arch/x86/kernel/fpu/xstate.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/x86/kernel/fpu/xstate.h b/arch/x86/kernel/fpu/xstate.h index 05df04f39628..b1b3e0fe02c6 100644 --- a/arch/x86/kernel/fpu/xstate.h +++ b/arch/x86/kernel/fpu/xstate.h @@ -189,6 +189,8 @@ static inline void os_xsave(struct fpstate *fpstate) WARN_ON_FPU(!alternatives_patched); xfd_validate_state(fpstate, mask, false); + WARN_ON_FPU(!fpstate->is_guest && (mask & XFEATURE_MASK_CET_KERNEL)); + XSTATE_XSAVE(&fpstate->regs.xsave, lmask, hmask, err); /* We should never fault when copying to a kernel buffer: */ -- 2.43.0
Powered by blists - more mailing lists