From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Chunyan Zhang <chunyan.zhang@spreadtrum.com>,
Janet Liu <janet.liu@spreadtrum.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Will Deacon <will.deacon@arm.com>
Subject: [PATCH 3.18 17/24] arm64: flush FP/SIMD state correctly after execve()
Date: Thu, 31 Aug 2017 17:43:53 +0200 [thread overview]
Message-ID: <20170831154106.048843465@linuxfoundation.org> (raw)
In-Reply-To: <20170831154105.116844281@linuxfoundation.org>
3.18-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
commit 674c242c9323d3c293fc4f9a3a3a619fe3063290 upstream.
When a task calls execve(), its FP/SIMD state is flushed so that
none of the original program state is observeable by the incoming
program.
However, since this flushing consists of setting the in-memory copy
of the FP/SIMD state to all zeroes, the CPU field is set to CPU 0 as
well, which indicates to the lazy FP/SIMD preserve/restore code that
the FP/SIMD state does not need to be reread from memory if the task
is scheduled again on CPU 0 without any other tasks having entered
userland (or used the FP/SIMD in kernel mode) on the same CPU in the
mean time. If this happens, the FP/SIMD state of the old program will
still be present in the registers when the new program starts.
So set the CPU field to the invalid value of NR_CPUS when performing
the flush, by calling fpsimd_flush_task_state().
Reported-by: Chunyan Zhang <chunyan.zhang@spreadtrum.com>
Reported-by: Janet Liu <janet.liu@spreadtrum.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/kernel/fpsimd.c | 1 +
1 file changed, 1 insertion(+)
--- a/arch/arm64/kernel/fpsimd.c
+++ b/arch/arm64/kernel/fpsimd.c
@@ -157,6 +157,7 @@ void fpsimd_thread_switch(struct task_st
void fpsimd_flush_thread(void)
{
memset(¤t->thread.fpsimd_state, 0, sizeof(struct fpsimd_state));
+ fpsimd_flush_task_state(current);
set_thread_flag(TIF_FOREIGN_FPSTATE);
}
next prev parent reply other threads:[~2017-08-31 15:43 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-31 15:43 [PATCH 3.18 00/24] 3.18.69-stable review Greg Kroah-Hartman
2017-08-31 15:43 ` [PATCH 3.18 01/24] scsi: isci: avoid array subscript warning Greg Kroah-Hartman
2017-08-31 15:43 ` [PATCH 3.18 02/24] ALSA: au88x0: Fix zero clear of stream->resources Greg Kroah-Hartman
2017-08-31 15:43 ` [PATCH 3.18 03/24] gcov: add support for GCC 5.1 Greg Kroah-Hartman
2017-08-31 15:43 ` [PATCH 3.18 04/24] gcov: add support for gcc version >= 6 Greg Kroah-Hartman
2017-08-31 15:43 ` [PATCH 3.18 05/24] gcov: support GCC 7.1 Greg Kroah-Hartman
2017-08-31 15:43 ` [PATCH 3.18 06/24] p54: memset(0) whole array Greg Kroah-Hartman
2017-08-31 15:43 ` [PATCH 3.18 07/24] arm64: mm: abort uaccess retries upon fatal signal Greg Kroah-Hartman
2017-08-31 15:43 ` [PATCH 3.18 08/24] lib: bitmap: add alignment offset for bitmap_find_next_zero_area() Greg Kroah-Hartman
2017-08-31 15:43 ` [PATCH 3.18 09/24] mm: cma: align to physical address, not CMA region position Greg Kroah-Hartman
2017-08-31 15:43 ` [PATCH 3.18 10/24] mm/cma: make kmemleak ignore CMA regions Greg Kroah-Hartman
2017-08-31 15:43 ` [PATCH 3.18 11/24] mm: cma: split cma-reserved in dmesg log Greg Kroah-Hartman
2017-08-31 15:43 ` [PATCH 3.18 12/24] mm: cma: fix totalcma_pages to include DT defined CMA regions Greg Kroah-Hartman
2017-08-31 15:43 ` [PATCH 3.18 13/24] mm: cma: fix CMA aligned offset calculation Greg Kroah-Hartman
2017-08-31 15:43 ` [PATCH 3.18 14/24] mm: cma: constify and use correct signness in mm/cma.c Greg Kroah-Hartman
2017-08-31 15:43 ` [PATCH 3.18 15/24] mm: cma: fix incorrect type conversion for size during dma allocation Greg Kroah-Hartman
2017-08-31 15:43 ` Greg Kroah-Hartman [this message]
2017-08-31 15:43 ` [PATCH 3.18 18/24] arm64: fpsimd: Prevent registers leaking across exec Greg Kroah-Hartman
2017-08-31 15:43 ` [PATCH 3.18 19/24] x86-64: Handle PC-relative relocations on per-CPU data Greg Kroah-Hartman
2017-08-31 15:43 ` [PATCH 3.18 21/24] clk: si5351: Constify clock names and struct regmap_config Greg Kroah-Hartman
2017-08-31 15:43 ` [PATCH 3.18 22/24] scsi: sg: protect accesses to reserved page array Greg Kroah-Hartman
2017-08-31 15:43 ` [PATCH 3.18 23/24] scsi: sg: reset res_in_use after unlinking reserved array Greg Kroah-Hartman
2017-08-31 15:44 ` [PATCH 3.18 24/24] f2fs: do more integrity verification for superblock Greg Kroah-Hartman
2017-08-31 16:33 ` Greg Kroah-Hartman
2017-08-31 19:06 ` [PATCH 3.18 00/24] 3.18.69-stable review Shuah Khan
2017-08-31 19:37 ` Guenter Roeck
2017-09-01 2:30 ` Guenter Roeck
2017-09-01 5:02 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170831154106.048843465@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=ard.biesheuvel@linaro.org \
--cc=chunyan.zhang@spreadtrum.com \
--cc=janet.liu@spreadtrum.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).