From: Suresh Siddha <suresh.b.siddha@intel.com>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: "Siddha, Suresh B" <suresh.b.siddha@intel.com>,
"x86@kernel.org" <x86@kernel.org>,
"andi@firstfloor.org" <andi@firstfloor.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
"stable@kernel.org" <stable@kernel.org>,
Ingo Molnar <mingo@elte.hu>
Subject: Re: [patch] x64, fpu: fix possible FPU leakage in error conditions
Date: Thu, 24 Jul 2008 16:02:43 -0700 [thread overview]
Message-ID: <20080724230242.GO14380@linux-os.sc.intel.com> (raw)
In-Reply-To: <alpine.LFD.1.10.0807241532240.8109@nehalem.linux-foundation.org>
On Thu, Jul 24, 2008 at 03:43:44PM -0700, Linus Torvalds wrote:
>
>
> On Thu, 24 Jul 2008, Suresh Siddha wrote:
> > >
> > > but the thing is, the only really valid reason for "restore_i387()" to
> > > fail is because the read failed.
> >
> > Not really. It can cause #GP, if someone sets reserved bits of mxcsr
> > in the memory image.
>
> Ahh, ok, I can imagine that. And I guess we might copy the data from user
> space into the memory image without validating it at points (signal
> handler restore and/or ptrace). Do we?
Today in ptrace (and in 32bit signal handling), we copy the user data and
then clear the reserved bits blindly again ;)
In 64bit signal handling, we do a fxrstor from the live user buffer and
scream then itself if we find an issue.
Andi being paranoid, added more checks for 64bit math_state_restore().
> > But restore_i387() may be in an insane state (we did clts() but doesn't
> > have the proper state in its live registers etc) when it failed to restore fpu.
> > Ideally we should fix this inside restore_i387(). But restore_i387()
> > is in header file and I have to re-arrange some of the code
> > in the header file, to call clear_fpu() from restore_i387().
>
> Ok, how about we just move restore_i387() out of the header file? I
> realize that the x86 code plays some games with this whole thing (that
> whole '#define restore_i387_ia32 restore_i387'), but that is 32-bit
> specific, and the restore_i387() in the header file is 64-bit specific.
>
> Hmm. In fact, I think that x86-64 version is actually only used in a
> single place - arch/x86/kernel/signal_64.c. So it's actively *wrong* to
> have that thing in a header file to begin with!
>
> So how about this patch as a starting point? This is the RightThing(tm) to
> do regardless, and if it then makes it easier to do some other cleanups,
> we should do it first. What do you think?
Sure. You have my Ack. I will request -stable folks to pickup multiple patches
(second patch, I will post shortly on top of yours).
thanks,
suresh
next prev parent reply other threads:[~2008-07-24 23:02 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-07-24 18:04 [patch] x64, fpu: fix possible FPU leakage in error conditions Suresh Siddha
2008-07-24 18:31 ` Linus Torvalds
2008-07-24 18:50 ` Suresh Siddha
2008-07-24 18:59 ` Linus Torvalds
2008-07-24 20:27 ` Suresh Siddha
2008-07-24 20:30 ` Linus Torvalds
2008-07-24 21:23 ` Suresh Siddha
2008-07-24 21:54 ` Linus Torvalds
2008-07-24 22:25 ` Suresh Siddha
2008-07-24 22:43 ` Linus Torvalds
2008-07-24 23:02 ` Suresh Siddha [this message]
2008-07-24 23:06 ` Suresh Siddha
2008-07-24 23:16 ` Linus Torvalds
2008-07-25 1:07 ` Suresh Siddha
2008-07-26 14:37 ` Ingo Molnar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080724230242.GO14380@linux-os.sc.intel.com \
--to=suresh.b.siddha@intel.com \
--cc=andi@firstfloor.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=stable@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.