From: Brian Gerst <bgerst@didntduck.org>
To: "H. Peter Anvin" <hpa@zytor.com>
Cc: andrea@suse.de, ak@suse.de, linux-kernel@vger.kernel.org,
jh@suse.cz, Linus Torvalds <torvalds@transmeta.com>
Subject: [PATCH] Re: SSE related security hole
Date: Fri, 19 Apr 2002 19:12:07 -0400 [thread overview]
Message-ID: <3CC0A447.8020906@didntduck.org> (raw)
In-Reply-To: <20020419230454.C1291@dualathlon.random> <2459.131.107.184.74.1019252157.squirrel@www.zytor.com>
[-- Attachment #1: Type: text/plain, Size: 866 bytes --]
H. Peter Anvin wrote:
>>> Ummm...last I knew, fxrstor is *expensive*. The fninit/xor regs
>>> setup is likely *very* much faster. Someone should check this
>>> before we sacrifice 100 cycles needlessly or something.
>>
>> most probably yes, fxrestor needs to read ram, pxor also takes
>> some icache and bytecode ram but it sounds like it will be faster.
>>
>> Maybe we could also interleave the pxor with the xorps, since they
>> uses different parts of the cpu, Honza?
>>
>
>
> You almost certainly should. The reason I suggested FXRSTOR is that
> it would initialize the entire FPU, including any state that future
> processors may add, thus reducing the likelihood of any funnies in
> the future.
Here's a patch to do just that. It initializes the saved state in the
task struct and falls through to restore_fpu().
--
Brian Gerst
[-- Attachment #2: fpuclear-1 --]
[-- Type: text/plain, Size: 1951 bytes --]
diff -urN linux-2.5.8/arch/i386/kernel/i387.c linux/arch/i386/kernel/i387.c
--- linux-2.5.8/arch/i386/kernel/i387.c Thu Mar 7 21:18:32 2002
+++ linux/arch/i386/kernel/i387.c Fri Apr 19 18:23:53 2002
@@ -31,13 +31,20 @@
* value at reset if we support XMM instructions and then
* remeber the current task has used the FPU.
*/
-void init_fpu(void)
+void init_fpu(struct task_struct *tsk)
{
- __asm__("fninit");
- if ( cpu_has_xmm )
- load_mxcsr(0x1f80);
-
- current->used_math = 1;
+ if ( cpu_has_xmm ) {
+ memset(&tsk->thread.i387.fxsave, 0, sizeof(struct i387_fxsave_struct));
+ tsk->thread.i387.fxsave.cwd = 0x37f;
+ tsk->thread.i387.fxsave.mxcsr = 0x1f80;
+ } else {
+ memset(&tsk->thread.i387.fsave, 0, sizeof(struct i387_fsave_struct));
+ tsk->thread.i387.fsave.cwd = 0xffff037f;
+ tsk->thread.i387.fsave.swd = 0xffff0000;
+ tsk->thread.i387.fsave.twd = 0xffffffff;
+ tsk->thread.i387.fsave.fos = 0xffff0000;
+ }
+ tsk->used_math = 1;
}
/*
diff -urN linux-2.5.8/arch/i386/kernel/traps.c linux/arch/i386/kernel/traps.c
--- linux-2.5.8/arch/i386/kernel/traps.c Sun Apr 14 23:48:18 2002
+++ linux/arch/i386/kernel/traps.c Fri Apr 19 18:22:12 2002
@@ -757,13 +757,12 @@
*/
asmlinkage void math_state_restore(struct pt_regs regs)
{
+ struct task_struct *tsk = current;
clts(); /* Allow maths ops (or we recurse) */
- if (current->used_math) {
- restore_fpu(current);
- } else {
- init_fpu();
- }
+ if (!tsk->used_math)
+ init_fpu(tsk);
+ restore_fpu(tsk);
set_thread_flag(TIF_USEDFPU); /* So we fnsave on switch_to() */
}
diff -urN linux-2.5.8/include/asm-i386/i387.h linux/include/asm-i386/i387.h
--- linux-2.5.8/include/asm-i386/i387.h Fri Apr 19 18:44:48 2002
+++ linux/include/asm-i386/i387.h Fri Apr 19 18:46:12 2002
@@ -17,7 +17,7 @@
#include <asm/sigcontext.h>
#include <asm/user.h>
-extern void init_fpu(void);
+extern void init_fpu(struct task_struct *);
/*
* FPU lazy state save handling...
*/
next prev parent reply other threads:[~2002-04-19 23:14 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20020418183639.20946.qmail@science.horizon.com.suse.lists.linux.kernel>
[not found] ` <a9ncgs$2s2$1@cesium.transmeta.com.suse.lists.linux.kernel>
2002-04-19 14:06 ` SSE related security hole Andi Kleen
2002-04-19 18:00 ` Doug Ledford
2002-04-19 21:04 ` Andrea Arcangeli
2002-04-19 21:35 ` H. Peter Anvin
2002-04-19 21:42 ` Andi Kleen
2002-04-20 3:23 ` Andrea Arcangeli
2002-04-19 23:12 ` Brian Gerst [this message]
2002-04-19 23:41 ` [PATCH] " Linus Torvalds
2002-04-20 0:01 ` H. Peter Anvin
2002-04-20 0:09 ` Linus Torvalds
2002-04-20 0:11 ` Brian Gerst
2002-04-20 0:19 ` H. Peter Anvin
2002-04-20 0:29 ` Linus Torvalds
2002-04-20 0:31 ` Alan Cox
2002-04-20 0:08 ` Brian Gerst
2002-04-20 0:21 ` Linus Torvalds
2002-04-20 4:21 ` Andrea Arcangeli
2002-04-20 4:35 ` Linus Torvalds
2002-04-20 5:07 ` Andrea Arcangeli
2002-04-20 16:27 ` Linus Torvalds
2002-04-20 17:27 ` Andrea Arcangeli
2002-04-20 17:38 ` Linus Torvalds
2002-04-20 18:12 ` Andrea Arcangeli
2002-04-20 19:30 ` Linus Torvalds
2002-04-20 19:41 ` Andi Kleen
2002-04-20 21:28 ` Andrea Arcangeli
2002-04-20 22:43 ` H. Peter Anvin
2002-04-21 2:09 ` Andrea Arcangeli
2002-04-20 23:23 ` Linus Torvalds
2002-04-21 2:08 ` Andrea Arcangeli
2002-04-20 23:13 ` Linus Torvalds
2002-04-23 19:21 ` Linus Torvalds
2002-04-23 20:05 ` H. Peter Anvin
2002-04-24 0:32 ` Andrea Arcangeli
2002-04-24 2:10 ` Linus Torvalds
2002-04-26 9:13 ` Pavel Machek
2002-04-26 11:55 ` Andrea Arcangeli
2002-04-19 22:18 ` Jan Hubicka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3CC0A447.8020906@didntduck.org \
--to=bgerst@didntduck.org \
--cc=ak@suse.de \
--cc=andrea@suse.de \
--cc=hpa@zytor.com \
--cc=jh@suse.cz \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@transmeta.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.