From: "Alex Bennée" <alex.bennee@linaro.org>
To: Dave Martin <Dave.Martin@arm.com>
Cc: Christoffer Dall <cdall@kernel.org>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Marc Zyngier <marc.zyngier@arm.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will.deacon@arm.com>,
kvmarm@lists.cs.columbia.edu,
linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH v11 07/19] arm64: fpsimd: Avoid FPSIMD context leakage for the init task
Date: Fri, 25 May 2018 11:01:11 +0100 [thread overview]
Message-ID: <87sh6grr4o.fsf@linaro.org> (raw)
In-Reply-To: <1527181008-13549-8-git-send-email-Dave.Martin@arm.com>
Dave Martin <Dave.Martin@arm.com> writes:
> The init task is started with thread_flags equal to 0, which means
> that TIF_FOREIGN_FPSTATE is initially clear.
>
> It is theoretically possible (if unlikely) that the init task could
> reach userspace without ever being scheduled out. If this occurs,
> data left in the FPSIMD registers by the kernel could be exposed.
>
> This patch fixes this anomaly by ensuring that the init task's
> initial TIF_FOREIGN_FPSTATE is set.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> Fixes: 005f78cd8849 ("arm64: defer reloading a task's FPSIMD state to userland resume")
> Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Still good ;-)
> Cc: Will Deacon <will.deacon@arm.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>
> ---
>
> Changes since v10:
>
> * New patch.
> ---
> arch/arm64/include/asm/thread_info.h | 13 +++++++------
> 1 file changed, 7 insertions(+), 6 deletions(-)
>
> diff --git a/arch/arm64/include/asm/thread_info.h b/arch/arm64/include/asm/thread_info.h
> index 740aa03c..af271f9 100644
> --- a/arch/arm64/include/asm/thread_info.h
> +++ b/arch/arm64/include/asm/thread_info.h
> @@ -45,12 +45,6 @@ struct thread_info {
> int preempt_count; /* 0 => preemptable, <0 => bug */
> };
>
> -#define INIT_THREAD_INFO(tsk) \
> -{ \
> - .preempt_count = INIT_PREEMPT_COUNT, \
> - .addr_limit = KERNEL_DS, \
> -}
> -
> #define thread_saved_pc(tsk) \
> ((unsigned long)(tsk->thread.cpu_context.pc))
> #define thread_saved_sp(tsk) \
> @@ -117,5 +111,12 @@ void arch_release_task_struct(struct task_struct *tsk);
> _TIF_SYSCALL_TRACEPOINT | _TIF_SECCOMP | \
> _TIF_NOHZ)
>
> +#define INIT_THREAD_INFO(tsk) \
> +{ \
> + .flags = _TIF_FOREIGN_FPSTATE, \
> + .preempt_count = INIT_PREEMPT_COUNT, \
> + .addr_limit = KERNEL_DS, \
> +}
> +
> #endif /* __KERNEL__ */
> #endif /* __ASM_THREAD_INFO_H */
--
Alex Bennée
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
next prev parent reply other threads:[~2018-05-25 9:51 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-24 16:56 [PATCH v11 00/19] KVM: arm64: Optimise FPSIMD context switching Dave Martin
2018-05-24 16:56 ` [PATCH v11 01/19] arm64: fpsimd: Fix TIF_FOREIGN_FPSTATE after invalidating cpu regs Dave Martin
2018-05-24 16:56 ` [PATCH v11 02/19] thread_info: Add update_thread_flag() helpers Dave Martin
2018-05-24 17:02 ` Peter Zijlstra
2018-05-24 16:56 ` [PATCH v11 03/19] arm64: Use update{,_tsk}_thread_flag() Dave Martin
2018-05-24 16:56 ` [PATCH v11 04/19] KVM: arm/arm64: Introduce kvm_arch_vcpu_run_pid_change Dave Martin
2018-05-24 16:56 ` [PATCH v11 05/19] KVM: arm64: Convert lazy FPSIMD context switch trap to C Dave Martin
2018-05-24 16:56 ` [PATCH v11 06/19] arm64: fpsimd: Generalise context saving for non-task contexts Dave Martin
2018-05-24 16:56 ` [PATCH v11 07/19] arm64: fpsimd: Avoid FPSIMD context leakage for the init task Dave Martin
2018-05-25 10:01 ` Alex Bennée [this message]
2018-05-24 16:56 ` [PATCH v11 08/19] arm64: fpsimd: Eliminate task->mm checks Dave Martin
2018-05-25 9:02 ` Christoffer Dall
2018-05-25 9:52 ` Dave Martin
2018-05-25 10:04 ` Alex Bennée
2018-05-25 10:48 ` Dave Martin
2018-05-24 16:56 ` [PATCH v11 09/19] arm64/sve: Refactor user SVE trap maintenance for external use Dave Martin
2018-05-24 16:56 ` [PATCH v11 10/19] KVM: arm64: Repurpose vcpu_arch.debug_flags for general-purpose flags Dave Martin
2018-05-24 16:56 ` [PATCH v11 11/19] KVM: arm64: Optimise FPSIMD handling to reduce guest/host thrashing Dave Martin
2018-05-24 16:56 ` [PATCH v11 12/19] arm64/sve: Move read_zcr_features() out of cpufeature.h Dave Martin
2018-05-24 16:56 ` [PATCH v11 13/19] arm64/sve: Switch sve_pffr() argument from task to thread Dave Martin
2018-05-24 16:56 ` [PATCH v11 14/19] arm64/sve: Move sve_pffr() to fpsimd.h and make inline Dave Martin
2018-05-24 16:56 ` [PATCH v11 15/19] KVM: arm64: Save host SVE context as appropriate Dave Martin
2018-05-24 16:56 ` [PATCH v11 16/19] KVM: arm64: Remove eager host SVE state saving Dave Martin
2018-05-24 16:56 ` [PATCH v11 17/19] KVM: arm64: Remove redundant *exit_code changes in fpsimd_guest_exit() Dave Martin
2018-05-24 16:56 ` [PATCH v11 18/19] KVM: arm64: Fold redundant exit code checks out of fixup_guest_exit() Dave Martin
2018-05-24 16:56 ` [PATCH v11 19/19] KVM: arm64: Invoke FPSIMD context switch trap from C Dave Martin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87sh6grr4o.fsf@linaro.org \
--to=alex.bennee@linaro.org \
--cc=Dave.Martin@arm.com \
--cc=ard.biesheuvel@linaro.org \
--cc=catalin.marinas@arm.com \
--cc=cdall@kernel.org \
--cc=kvmarm@lists.cs.columbia.edu \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=marc.zyngier@arm.com \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox