From: Brian Gerst <bgerst@didntduck.org>
To: "H. Peter Anvin" <hpa@zytor.com>
Cc: andrea@suse.de, ak@suse.de, linux-kernel@vger.kernel.org,
jh@suse.cz, Linus Torvalds <torvalds@transmeta.com>
Subject: [PATCH] Re: SSE related security hole
Date: Fri, 19 Apr 2002 19:12:07 -0400 [thread overview]
Message-ID: <3CC0A447.8020906@didntduck.org> (raw)
In-Reply-To: <20020419230454.C1291@dualathlon.random> <2459.131.107.184.74.1019252157.squirrel@www.zytor.com>
[-- Attachment #1: Type: text/plain, Size: 866 bytes --]
H. Peter Anvin wrote:
>>> Ummm...last I knew, fxrstor is *expensive*. The fninit/xor regs
>>> setup is likely *very* much faster. Someone should check this
>>> before we sacrifice 100 cycles needlessly or something.
>>
>> most probably yes, fxrestor needs to read ram, pxor also takes
>> some icache and bytecode ram but it sounds like it will be faster.
>>
>> Maybe we could also interleave the pxor with the xorps, since they
>> uses different parts of the cpu, Honza?
>>
>
>
> You almost certainly should. The reason I suggested FXRSTOR is that
> it would initialize the entire FPU, including any state that future
> processors may add, thus reducing the likelihood of any funnies in
> the future.
Here's a patch to do just that. It initializes the saved state in the
task struct and falls through to restore_fpu().
--
Brian Gerst
[-- Attachment #2: fpuclear-1 --]
[-- Type: text/plain, Size: 1951 bytes --]
diff -urN linux-2.5.8/arch/i386/kernel/i387.c linux/arch/i386/kernel/i387.c
--- linux-2.5.8/arch/i386/kernel/i387.c Thu Mar 7 21:18:32 2002
+++ linux/arch/i386/kernel/i387.c Fri Apr 19 18:23:53 2002
@@ -31,13 +31,20 @@
* value at reset if we support XMM instructions and then
* remeber the current task has used the FPU.
*/
-void init_fpu(void)
+void init_fpu(struct task_struct *tsk)
{
- __asm__("fninit");
- if ( cpu_has_xmm )
- load_mxcsr(0x1f80);
-
- current->used_math = 1;
+ if ( cpu_has_xmm ) {
+ memset(&tsk->thread.i387.fxsave, 0, sizeof(struct i387_fxsave_struct));
+ tsk->thread.i387.fxsave.cwd = 0x37f;
+ tsk->thread.i387.fxsave.mxcsr = 0x1f80;
+ } else {
+ memset(&tsk->thread.i387.fsave, 0, sizeof(struct i387_fsave_struct));
+ tsk->thread.i387.fsave.cwd = 0xffff037f;
+ tsk->thread.i387.fsave.swd = 0xffff0000;
+ tsk->thread.i387.fsave.twd = 0xffffffff;
+ tsk->thread.i387.fsave.fos = 0xffff0000;
+ }
+ tsk->used_math = 1;
}
/*
diff -urN linux-2.5.8/arch/i386/kernel/traps.c linux/arch/i386/kernel/traps.c
--- linux-2.5.8/arch/i386/kernel/traps.c Sun Apr 14 23:48:18 2002
+++ linux/arch/i386/kernel/traps.c Fri Apr 19 18:22:12 2002
@@ -757,13 +757,12 @@
*/
asmlinkage void math_state_restore(struct pt_regs regs)
{
+ struct task_struct *tsk = current;
clts(); /* Allow maths ops (or we recurse) */
- if (current->used_math) {
- restore_fpu(current);
- } else {
- init_fpu();
- }
+ if (!tsk->used_math)
+ init_fpu(tsk);
+ restore_fpu(tsk);
set_thread_flag(TIF_USEDFPU); /* So we fnsave on switch_to() */
}
diff -urN linux-2.5.8/include/asm-i386/i387.h linux/include/asm-i386/i387.h
--- linux-2.5.8/include/asm-i386/i387.h Fri Apr 19 18:44:48 2002
+++ linux/include/asm-i386/i387.h Fri Apr 19 18:46:12 2002
@@ -17,7 +17,7 @@
#include <asm/sigcontext.h>
#include <asm/user.h>
-extern void init_fpu(void);
+extern void init_fpu(struct task_struct *);
/*
* FPU lazy state save handling...
*/
next prev parent reply other threads:[~2002-04-19 23:14 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20020418183639.20946.qmail@science.horizon.com.suse.lists.linux.kernel>
[not found] ` <a9ncgs$2s2$1@cesium.transmeta.com.suse.lists.linux.kernel>
2002-04-19 14:06 ` SSE related security hole Andi Kleen
2002-04-19 18:00 ` Doug Ledford
2002-04-19 21:04 ` Andrea Arcangeli
2002-04-19 21:35 ` H. Peter Anvin
2002-04-19 21:42 ` Andi Kleen
2002-04-20 3:23 ` Andrea Arcangeli
2002-04-19 23:12 ` Brian Gerst [this message]
2002-04-19 23:41 ` [PATCH] " Linus Torvalds
2002-04-20 0:01 ` H. Peter Anvin
2002-04-20 0:09 ` Linus Torvalds
2002-04-20 0:11 ` Brian Gerst
2002-04-20 0:19 ` H. Peter Anvin
2002-04-20 0:29 ` Linus Torvalds
2002-04-20 0:31 ` Alan Cox
2002-04-20 0:08 ` Brian Gerst
2002-04-20 0:21 ` Linus Torvalds
2002-04-20 4:21 ` Andrea Arcangeli
2002-04-20 4:35 ` Linus Torvalds
2002-04-20 5:07 ` Andrea Arcangeli
2002-04-20 16:27 ` Linus Torvalds
2002-04-20 17:27 ` Andrea Arcangeli
2002-04-20 17:38 ` Linus Torvalds
2002-04-20 18:12 ` Andrea Arcangeli
2002-04-20 19:30 ` Linus Torvalds
2002-04-20 19:41 ` Andi Kleen
2002-04-20 21:28 ` Andrea Arcangeli
2002-04-20 22:43 ` H. Peter Anvin
2002-04-21 2:09 ` Andrea Arcangeli
2002-04-20 23:23 ` Linus Torvalds
2002-04-21 2:08 ` Andrea Arcangeli
2002-04-20 23:13 ` Linus Torvalds
2002-04-23 19:21 ` Linus Torvalds
2002-04-23 20:05 ` H. Peter Anvin
2002-04-24 0:32 ` Andrea Arcangeli
2002-04-24 2:10 ` Linus Torvalds
2002-04-26 9:13 ` Pavel Machek
2002-04-26 11:55 ` Andrea Arcangeli
2002-04-19 22:18 ` Jan Hubicka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3CC0A447.8020906@didntduck.org \
--to=bgerst@didntduck.org \
--cc=ak@suse.de \
--cc=andrea@suse.de \
--cc=hpa@zytor.com \
--cc=jh@suse.cz \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@transmeta.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox