From: "H. Peter Anvin" <hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>
To: Matt Fleming
<matt-HNK1S37rvNbeXh+fF434Mdi2O/JbrIOy@public.gmane.org>,
Ingo Molnar <mingo-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
Cc: linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Borislav Petkov <bp-Gina5bIWoIWzQB+pC5nmwQ@public.gmane.org>,
"Luck, Tony" <tony.luck-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
Subject: Re: [GIT PULL] EFI changes for v3.16
Date: Mon, 19 May 2014 15:47:31 -0700 [thread overview]
Message-ID: <537A8A03.8060604@zytor.com> (raw)
In-Reply-To: <20140519105129.GF4798-HNK1S37rvNbeXh+fF434Mdi2O/JbrIOy@public.gmane.org>
On 05/19/2014 03:51 AM, Matt Fleming wrote:
> On Sat, 03 May, at 02:04:47PM, Matt Fleming wrote:
>> Folks, please queue the following change for v3.16 from Borislav that
>> uses the more strict kernel_fpu_{begin,end}() instead of the __*
>> verisons that won't catch buggy use in interrupt context.
>>
>> The following changes since commit e33655a386ed3b26ad36fb97a47ebb1c2ca1e928:
>>
>> efivars: Add compatibility code for compat tasks (2014-04-17 13:53:53 +0100)
>>
>> are available in the git repository at:
>>
>> git://git.kernel.org/pub/scm/linux/kernel/git/mfleming/efi.git tags/efi-next
>>
>> for you to fetch changes up to baa916f39b50ad91661534652110df40396acda0:
>>
>> x86/efi: Check for unsafe dealing with FPU state in irq ctxt (2014-05-03 06:39:25 +0100)
>>
>> ----------------------------------------------------------------
>> * Use the more strict FPU handling functions before invoking EFI
>> services to catch misuse in irq context - Borislav Petkov
>
> Ping?
>
> efi_call can happen in an irq context (pstore) and there we really need
> to make sure we're not scribbling over FPU state while we've interrupted
> a thread or kernel mode with a live FPU state. Therefore, use the
> kernel_fpu_begin/end() variants which do that check.
How on earth does this solve anything? The only thing we add here is a
WARN_ON_ONCE()... but the above text already tells us we have a problem.
It seems, rather, that we need to figure out how to deal with a pstore
in this case. There are a few possibilities:
1. We could keep an XSAVE buffer area around for this particular use.
I am *assuming* we don't let more than one CPU into EFI, because I
cannot for my life imagine that this is safe in typical CPUs.
2. Drop the pstore on the floor if !irq_fpu_usable().
3. Allow the pstore, then die (on the assumption that we're dead
anyway.)
Comments?
-hpa
WARNING: multiple messages have this Message-ID (diff)
From: "H. Peter Anvin" <hpa@zytor.com>
To: Matt Fleming <matt@console-pimps.org>, Ingo Molnar <mingo@kernel.org>
Cc: linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org,
Borislav Petkov <bp@alien8.de>,
"Luck, Tony" <tony.luck@intel.com>
Subject: Re: [GIT PULL] EFI changes for v3.16
Date: Mon, 19 May 2014 15:47:31 -0700 [thread overview]
Message-ID: <537A8A03.8060604@zytor.com> (raw)
In-Reply-To: <20140519105129.GF4798@console-pimps.org>
On 05/19/2014 03:51 AM, Matt Fleming wrote:
> On Sat, 03 May, at 02:04:47PM, Matt Fleming wrote:
>> Folks, please queue the following change for v3.16 from Borislav that
>> uses the more strict kernel_fpu_{begin,end}() instead of the __*
>> verisons that won't catch buggy use in interrupt context.
>>
>> The following changes since commit e33655a386ed3b26ad36fb97a47ebb1c2ca1e928:
>>
>> efivars: Add compatibility code for compat tasks (2014-04-17 13:53:53 +0100)
>>
>> are available in the git repository at:
>>
>> git://git.kernel.org/pub/scm/linux/kernel/git/mfleming/efi.git tags/efi-next
>>
>> for you to fetch changes up to baa916f39b50ad91661534652110df40396acda0:
>>
>> x86/efi: Check for unsafe dealing with FPU state in irq ctxt (2014-05-03 06:39:25 +0100)
>>
>> ----------------------------------------------------------------
>> * Use the more strict FPU handling functions before invoking EFI
>> services to catch misuse in irq context - Borislav Petkov
>
> Ping?
>
> efi_call can happen in an irq context (pstore) and there we really need
> to make sure we're not scribbling over FPU state while we've interrupted
> a thread or kernel mode with a live FPU state. Therefore, use the
> kernel_fpu_begin/end() variants which do that check.
How on earth does this solve anything? The only thing we add here is a
WARN_ON_ONCE()... but the above text already tells us we have a problem.
It seems, rather, that we need to figure out how to deal with a pstore
in this case. There are a few possibilities:
1. We could keep an XSAVE buffer area around for this particular use.
I am *assuming* we don't let more than one CPU into EFI, because I
cannot for my life imagine that this is safe in typical CPUs.
2. Drop the pstore on the floor if !irq_fpu_usable().
3. Allow the pstore, then die (on the assumption that we're dead
anyway.)
Comments?
-hpa
next prev parent reply other threads:[~2014-05-19 22:47 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-03 13:04 [GIT PULL] EFI changes for v3.16 Matt Fleming
2014-05-03 13:04 ` Matt Fleming
[not found] ` <20140503130447.GW26088-HNK1S37rvNbeXh+fF434Mdi2O/JbrIOy@public.gmane.org>
2014-05-19 10:51 ` Matt Fleming
2014-05-19 10:51 ` Matt Fleming
[not found] ` <20140519105129.GF4798-HNK1S37rvNbeXh+fF434Mdi2O/JbrIOy@public.gmane.org>
2014-05-19 22:47 ` H. Peter Anvin [this message]
2014-05-19 22:47 ` H. Peter Anvin
[not found] ` <537A8A03.8060604-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>
2014-05-19 23:10 ` Borislav Petkov
2014-05-19 23:10 ` Borislav Petkov
2014-05-20 0:17 ` H. Peter Anvin
2014-05-20 11:00 ` Borislav Petkov
2014-05-20 20:27 ` Matt Fleming
2014-05-20 20:27 ` Matt Fleming
-- strict thread matches above, loose matches on Subject: below --
2014-04-19 10:06 Matt Fleming
2014-04-19 10:06 ` Matt Fleming
[not found] ` <20140419100653.GA26088-HNK1S37rvNbeXh+fF434Mdi2O/JbrIOy@public.gmane.org>
2014-04-19 22:42 ` H. Peter Anvin
2014-04-19 22:42 ` H. Peter Anvin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=537A8A03.8060604@zytor.com \
--to=hpa-ymnouzjc4hwavxtiumwx3w@public.gmane.org \
--cc=bp-Gina5bIWoIWzQB+pC5nmwQ@public.gmane.org \
--cc=linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=matt-HNK1S37rvNbeXh+fF434Mdi2O/JbrIOy@public.gmane.org \
--cc=mingo-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
--cc=tony.luck-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.