From: Andrea Arcangeli <andrea@suse.de>
To: Brian Gerst <bgerst@didntduck.org>
Cc: Linus Torvalds <torvalds@transmeta.com>,
"H. Peter Anvin" <hpa@zytor.com>,
ak@suse.de, linux-kernel@vger.kernel.org, jh@suse.cz
Subject: Re: [PATCH] Re: SSE related security hole
Date: Sat, 20 Apr 2002 06:21:49 +0200 [thread overview]
Message-ID: <20020420062149.G1291@dualathlon.random> (raw)
In-Reply-To: <Pine.LNX.4.44.0204191637570.20973-100000@home.transmeta.com> <3CC0B16F.1050501@didntduck.org>
On Fri, Apr 19, 2002 at 08:08:15PM -0400, Brian Gerst wrote:
> diff -urN linux-2.5.8/arch/i386/kernel/i387.c linux/arch/i386/kernel/i387.c
> --- linux-2.5.8/arch/i386/kernel/i387.c Thu Mar 7 21:18:32 2002
> +++ linux/arch/i386/kernel/i387.c Fri Apr 19 19:35:14 2002
> @@ -31,13 +31,21 @@
> * value at reset if we support XMM instructions and then
> * remeber the current task has used the FPU.
> */
> -void init_fpu(void)
> +void init_fpu(struct task_struct *tsk)
> {
> - __asm__("fninit");
> - if ( cpu_has_xmm )
> - load_mxcsr(0x1f80);
> -
> - current->used_math = 1;
> + if (cpu_has_fxsr) {
> + memset(&tsk->thread.i387.fxsave, 0, sizeof(struct i387_fxsave_struct));
> + tsk->thread.i387.fxsave.cwd = 0x37f;
> + if (cpu_has_xmm)
> + tsk->thread.i387.fxsave.mxcsr = 0x1f80;
> + } else {
> + memset(&tsk->thread.i387.fsave, 0, sizeof(struct i387_fsave_struct));
> + tsk->thread.i387.fsave.cwd = 0xffff037f;
> + tsk->thread.i387.fsave.swd = 0xffff0000;
> + tsk->thread.i387.fsave.twd = 0xffffffff;
> + tsk->thread.i387.fsave.fos = 0xffff0000;
> + }
> + tsk->used_math = 1;
> }
>
> /*
> diff -urN linux-2.5.8/arch/i386/kernel/traps.c linux/arch/i386/kernel/traps.c
> --- linux-2.5.8/arch/i386/kernel/traps.c Sun Apr 14 23:48:18 2002
> +++ linux/arch/i386/kernel/traps.c Fri Apr 19 18:22:12 2002
> @@ -757,13 +757,12 @@
> */
> asmlinkage void math_state_restore(struct pt_regs regs)
> {
> + struct task_struct *tsk = current;
> clts(); /* Allow maths ops (or we recurse) */
>
> - if (current->used_math) {
> - restore_fpu(current);
> - } else {
> - init_fpu();
> - }
> + if (!tsk->used_math)
> + init_fpu(tsk);
> + restore_fpu(tsk);
> set_thread_flag(TIF_USEDFPU); /* So we fnsave on switch_to() */
> }
>
I don't think it's good enough for merging yet. If you really want to do
the fxrestor, you should at least do the init_fpu only once during
bootup. The fxrestor is probably just overkill, but the memset + the
initializations is completly superflous in a fast path, I'd also use the
proper set_fpu_cwd and friends instead of doing it by hand. Even better
is to merge the:
/* Simulate an empty FPU. */
set_fpu_cwd(child, 0x037f);
set_fpu_swd(child, 0x0000);
set_fpu_twd(child, 0xffff);
set_fpu_mxcsr(child, 0x1f80);
/* Simulate an empty FPU. */
set_fpu_cwd(child, 0x037f);
set_fpu_swd(child, 0x0000);
set_fpu_twd(child, 0xffff);
in ptrace.c in a single function instead of duplicating functionality by
hand.
I still think the xor will be faster, no dcache pollution at all and
less I/O to ram. Future features can require change to the "empty FPU"
state anyways.
Andrea
next prev parent reply other threads:[~2002-04-20 4:20 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20020418183639.20946.qmail@science.horizon.com.suse.lists.linux.kernel>
[not found] ` <a9ncgs$2s2$1@cesium.transmeta.com.suse.lists.linux.kernel>
2002-04-19 14:06 ` SSE related security hole Andi Kleen
2002-04-19 18:00 ` Doug Ledford
2002-04-19 21:04 ` Andrea Arcangeli
2002-04-19 21:35 ` H. Peter Anvin
2002-04-19 21:42 ` Andi Kleen
2002-04-20 3:23 ` Andrea Arcangeli
2002-04-19 23:12 ` [PATCH] " Brian Gerst
2002-04-19 23:41 ` Linus Torvalds
2002-04-20 0:01 ` H. Peter Anvin
2002-04-20 0:09 ` Linus Torvalds
2002-04-20 0:11 ` Brian Gerst
2002-04-20 0:19 ` H. Peter Anvin
2002-04-20 0:29 ` Linus Torvalds
2002-04-20 0:31 ` Alan Cox
2002-04-20 0:08 ` Brian Gerst
2002-04-20 0:21 ` Linus Torvalds
2002-04-20 4:21 ` Andrea Arcangeli [this message]
2002-04-20 4:35 ` Linus Torvalds
2002-04-20 5:07 ` Andrea Arcangeli
2002-04-20 16:27 ` Linus Torvalds
2002-04-20 17:27 ` Andrea Arcangeli
2002-04-20 17:38 ` Linus Torvalds
2002-04-20 18:12 ` Andrea Arcangeli
2002-04-20 19:30 ` Linus Torvalds
2002-04-20 19:41 ` Andi Kleen
2002-04-20 21:28 ` Andrea Arcangeli
2002-04-20 22:43 ` H. Peter Anvin
2002-04-21 2:09 ` Andrea Arcangeli
2002-04-20 23:23 ` Linus Torvalds
2002-04-21 2:08 ` Andrea Arcangeli
2002-04-20 23:13 ` Linus Torvalds
2002-04-23 19:21 ` Linus Torvalds
2002-04-23 20:05 ` H. Peter Anvin
2002-04-24 0:32 ` Andrea Arcangeli
2002-04-24 2:10 ` Linus Torvalds
2002-04-26 9:13 ` Pavel Machek
2002-04-26 11:55 ` Andrea Arcangeli
2002-04-19 22:18 ` Jan Hubicka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20020420062149.G1291@dualathlon.random \
--to=andrea@suse.de \
--cc=ak@suse.de \
--cc=bgerst@didntduck.org \
--cc=hpa@zytor.com \
--cc=jh@suse.cz \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@transmeta.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.