| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAMj1kXHhQ41WCgGFeb_dPLVbp+SZG-JvG4uxV9pMTCs3bnGyog@mail.gmail.com> Date: Tue, 7 Oct 2025 17:53:08 -0700 From: Ard Biesheuvel <ardb@...nel.org> To: Christian König <christian.koenig@....com> Cc: Ard Biesheuvel <ardb+git@...gle.com>, linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org, will@...nel.org, catalin.marinas@....com, mark.rutland@....com, broonie@...nel.org, Austin Zheng <austin.zheng@....com>, Jun Lei <jun.lei@....com>, Harry Wentland <harry.wentland@....com>, Leo Li <sunpeng.li@....com>, Rodrigo Siqueira <siqueira@...lia.com>, Alex Deucher <alexander.deucher@....com>, amd-gfx@...ts.freedesktop.org, dri-devel@...ts.freedesktop.org Subject: Re: [PATCH] drm/amd/display: Fix unsafe uses of kernel mode FPU On Tue, 7 Oct 2025 at 13:52, Ard Biesheuvel <ardb@...nel.org> wrote: > > On Mon, 6 Oct 2025 at 12:59, Ard Biesheuvel <ardb@...nel.org> wrote: > > > > On Mon, 6 Oct 2025 at 19:42, Christian König <christian.koenig@....com> wrote: > > > > > > On 02.10.25 23:00, Ard Biesheuvel wrote: > > > > From: Ard Biesheuvel <ardb@...nel.org> > > > > > > > > The point of isolating code that uses kernel mode FPU in separate > > > > compilation units is to ensure that even implicit uses of, e.g., SIMD > > > > registers for spilling occur only in a context where this is permitted, > > > > i.e., from inside a kernel_fpu_begin/end block. > > > > > > > > This is important on arm64, which uses -mgeneral-regs-only to build all > > > > kernel code, with the exception of such compilation units where FP or > > > > SIMD registers are expected to be used. Given that the compiler may > > > > invent uses of FP/SIMD anywhere in such a unit, none of its code may be > > > > accessible from outside a kernel_fpu_begin/end block. > > > > > > > > This means that all callers into such compilation units must use the > > > > DC_FP start/end macros, which must not occur there themselves. For > > > > robustness, all functions with external linkage that reside there should > > > > call dc_assert_fp_enabled() to assert that the FPU context was set up > > > > correctly. > > > > > > Thanks a lot for that, I've pointed out this restriction before as well. > > > > > > Since we had that issue multiple times now would it be somehow possible to automate rejecting new code getting this wrong? > > > > > > E.g. adding something to the DC_FP_START()/DC_FP_END() or kernel_fpu_begin/end macros to make sure that they fail to compile on compolation units where FP use is enabled? > > > > > > > Something like the below perhaps? > > > > Never mind, that doesn't work. dc_fpu_begin() is an out-of-line > function, and so it is the DC_FP_START() macro that evaluates to > something that includes an arch-provided assert. I'll code something > and send it out. OK, so as it turns out, the logic already exists to force a build time error in this case. However, due to the way the amdgpu driver constructs its own API around kernel_fpu_begin() and kernel_fpu_end(), the logic never fires for the users for DC_FP_START. It is sufficient to include linux/fpu.h: diff --git a/drivers/gpu/drm/amd/display/dc/os_types.h b/drivers/gpu/drm/amd/display/dc/os_types.h index 782316348941..6ef9b7f5e099 100644 --- a/drivers/gpu/drm/amd/display/dc/os_types.h +++ b/drivers/gpu/drm/amd/display/dc/os_types.h @@ -32,6 +32,7 @@ #include <linux/delay.h> #include <linux/mm.h> #include <linux/vmalloc.h> +#include <linux/fpu.h> #include <asm/byteorder.h> Maybe this could be folded into this patch?
Powered by blists - more mailing lists