lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20241030-arm64-fpsimd-foreign-flush-v1-1-bd7bd66905a2@kernel.org>
Date: Wed, 30 Oct 2024 20:23:50 +0000
From: Mark Brown <broonie@...nel.org>
To: Catalin Marinas <catalin.marinas@....com>, 
 Will Deacon <will@...nel.org>
Cc: Mark Rutland <mark.rutland@....com>, 
 linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org, 
 Mark Brown <broonie@...nel.org>, stable@...r.kernel.org
Subject: [PATCH 1/2] arm64/sve: Flush foreign register state in
 sve_init_regs()

When we update the in memory register state in sve_init_regs() we neglect
to flush the task's CPU binding, meaning if the task is rescheduled to
the last CPU it ran on it is possible for the check for current state in
fpsimd_thread_switch() to falsely determine that up to date register
state is present on the CPU.  This results in it incorrectly clearing
TIF_FOREIGN_FPSTATE and suppress reloading.

This will also suppress the sve_user_enable() done in
fpsimd_bind_task_to_cpu() as part of return to userspace, causing
spurious SVE access traps.

Call fpsimd_flush_task_state() to invalidate the last loaded CPU
recorded in the task.

Fixes: cccb78ce89c4 ("arm64/sve: Rework SVE access trap to convert state in registers")
Reported-by: Mark Rutlamd <mark.rutland@....com>
Signed-off-by: Mark Brown <broonie@...nel.org>
Cc: stable@...r.kernel.org
---
 arch/arm64/kernel/fpsimd.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
index 77006df20a75aee7c991cf116b6d06bfe953d1a4..6d21971ae5594f32947480cfa168db400a69a283 100644
--- a/arch/arm64/kernel/fpsimd.c
+++ b/arch/arm64/kernel/fpsimd.c
@@ -1367,6 +1367,7 @@ static void sve_init_regs(void)
 	} else {
 		fpsimd_to_sve(current);
 		current->thread.fp_type = FP_STATE_SVE;
+		fpsimd_flush_task_state(current);
 	}
 }
 

-- 
2.39.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ