| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAMj1kXEzNPJOE_-gndNcFmE9CjLpsFCjfytaXbvm-1Khu62XRA@mail.gmail.com> Date: Tue, 7 Oct 2025 13:52:22 -0700 From: Ard Biesheuvel <ardb@...nel.org> To: Christian König <christian.koenig@....com> Cc: Ard Biesheuvel <ardb+git@...gle.com>, linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org, will@...nel.org, catalin.marinas@....com, mark.rutland@....com, broonie@...nel.org, Austin Zheng <austin.zheng@....com>, Jun Lei <jun.lei@....com>, Harry Wentland <harry.wentland@....com>, Leo Li <sunpeng.li@....com>, Rodrigo Siqueira <siqueira@...lia.com>, Alex Deucher <alexander.deucher@....com>, amd-gfx@...ts.freedesktop.org, dri-devel@...ts.freedesktop.org Subject: Re: [PATCH] drm/amd/display: Fix unsafe uses of kernel mode FPU On Mon, 6 Oct 2025 at 12:59, Ard Biesheuvel <ardb@...nel.org> wrote: > > On Mon, 6 Oct 2025 at 19:42, Christian König <christian.koenig@....com> wrote: > > > > On 02.10.25 23:00, Ard Biesheuvel wrote: > > > From: Ard Biesheuvel <ardb@...nel.org> > > > > > > The point of isolating code that uses kernel mode FPU in separate > > > compilation units is to ensure that even implicit uses of, e.g., SIMD > > > registers for spilling occur only in a context where this is permitted, > > > i.e., from inside a kernel_fpu_begin/end block. > > > > > > This is important on arm64, which uses -mgeneral-regs-only to build all > > > kernel code, with the exception of such compilation units where FP or > > > SIMD registers are expected to be used. Given that the compiler may > > > invent uses of FP/SIMD anywhere in such a unit, none of its code may be > > > accessible from outside a kernel_fpu_begin/end block. > > > > > > This means that all callers into such compilation units must use the > > > DC_FP start/end macros, which must not occur there themselves. For > > > robustness, all functions with external linkage that reside there should > > > call dc_assert_fp_enabled() to assert that the FPU context was set up > > > correctly. > > > > Thanks a lot for that, I've pointed out this restriction before as well. > > > > Since we had that issue multiple times now would it be somehow possible to automate rejecting new code getting this wrong? > > > > E.g. adding something to the DC_FP_START()/DC_FP_END() or kernel_fpu_begin/end macros to make sure that they fail to compile on compolation units where FP use is enabled? > > > > Something like the below perhaps? > Never mind, that doesn't work. dc_fpu_begin() is an out-of-line function, and so it is the DC_FP_START() macro that evaluates to something that includes an arch-provided assert. I'll code something and send it out.
Powered by blists - more mailing lists