| Message ID | 20181126172706.184008-1-jannh@google.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | x86/fpu: XRSTOR is expected to raise #GP | expand |
On 2018-11-26 18:27:06 [+0100], Jann Horn wrote: > commit 75045f77f7a7 ("x86/extable: Introduce _ASM_EXTABLE_UA for uaccess > fixups") incorrectly replaced the fixup entry for XSTATE_OP with a > user-#PF-only fixup. However, XRSTOR can also raise #GP when the supplied > address points to userspace memory. Change it back. The #GP is raised if the xstate content is invalid. But I guess the details don't matter. > Reported-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> > Fixes: 75045f77f7a7 ("x86/extable: Introduce _ASM_EXTABLE_UA for uaccess fixups") > Signed-off-by: Jann Horn <jannh@google.com> Acked-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> > --- > arch/x86/include/asm/fpu/internal.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/arch/x86/include/asm/fpu/internal.h b/arch/x86/include/asm/fpu/internal.h > index 5f7290e6e954..69dcdf195b61 100644 > --- a/arch/x86/include/asm/fpu/internal.h > +++ b/arch/x86/include/asm/fpu/internal.h > @@ -226,7 +226,7 @@ static inline void copy_fxregs_to_kernel(struct fpu *fpu) > "3: movl $-2,%[err]\n\t" \ > "jmp 2b\n\t" \ > ".popsection\n\t" \ > - _ASM_EXTABLE_UA(1b, 3b) \ > + _ASM_EXTABLE(1b, 3b) \ So you revert to what we had before. That works, tested. > : [err] "=r" (err) \ > : "D" (st), "m" (*st), "a" (lmask), "d" (hmask) \ > : "memory") > -- > 2.20.0.rc0.387.gc7a69e6b6c-goog Sebastian
On 11/26/18 9:49 AM, Sebastian Andrzej Siewior wrote: > On 2018-11-26 18:27:06 [+0100], Jann Horn wrote: >> commit 75045f77f7a7 ("x86/extable: Introduce _ASM_EXTABLE_UA for uaccess >> fixups") incorrectly replaced the fixup entry for XSTATE_OP with a >> user-#PF-only fixup. However, XRSTOR can also raise #GP when the supplied >> address points to userspace memory. Change it back. > > The #GP is raised if the xstate content is invalid. But I guess the > details don't matter. > >> Reported-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> >> Fixes: 75045f77f7a7 ("x86/extable: Introduce _ASM_EXTABLE_UA for uaccess fixups") >> Signed-off-by: Jann Horn <jannh@google.com> > Acked-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> > It does matter -- please correct the patch description, or we might have some serious confusion at some arbitrary point in the future with the result that the bug gets re-introduced; it would not be the first time. -hpa
From: H. Peter Anvin > Sent: 26 November 2018 19:50 > On 11/26/18 9:49 AM, Sebastian Andrzej Siewior wrote: > > On 2018-11-26 18:27:06 [+0100], Jann Horn wrote: > >> commit 75045f77f7a7 ("x86/extable: Introduce _ASM_EXTABLE_UA for uaccess > >> fixups") incorrectly replaced the fixup entry for XSTATE_OP with a > >> user-#PF-only fixup. However, XRSTOR can also raise #GP when the supplied > >> address points to userspace memory. Change it back. > > > > The #GP is raised if the xstate content is invalid. But I guess the > > details don't matter. > > > >> Reported-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> > >> Fixes: 75045f77f7a7 ("x86/extable: Introduce _ASM_EXTABLE_UA for uaccess fixups") > >> Signed-off-by: Jann Horn <jannh@google.com> > > Acked-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> > > > > It does matter -- please correct the patch description, or we might have some > serious confusion at some arbitrary point in the future with the result that > the bug gets re-introduced; it would not be the first time. Better still note it in the code. David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)
On 2018-11-28 15:27:28 [+0000], David Laight wrote: > Better still note it in the code. I'm in favour of adding something to tools/testing/selftests/x86/. > David Sebastian
diff --git a/arch/x86/include/asm/fpu/internal.h b/arch/x86/include/asm/fpu/internal.h index 5f7290e6e954..69dcdf195b61 100644 --- a/arch/x86/include/asm/fpu/internal.h +++ b/arch/x86/include/asm/fpu/internal.h @@ -226,7 +226,7 @@ static inline void copy_fxregs_to_kernel(struct fpu *fpu) "3: movl $-2,%[err]\n\t" \ "jmp 2b\n\t" \ ".popsection\n\t" \ - _ASM_EXTABLE_UA(1b, 3b) \ + _ASM_EXTABLE(1b, 3b) \ : [err] "=r" (err) \ : "D" (st), "m" (*st), "a" (lmask), "d" (hmask) \ : "memory")
commit 75045f77f7a7 ("x86/extable: Introduce _ASM_EXTABLE_UA for uaccess fixups") incorrectly replaced the fixup entry for XSTATE_OP with a user-#PF-only fixup. However, XRSTOR can also raise #GP when the supplied address points to userspace memory. Change it back. Reported-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Fixes: 75045f77f7a7 ("x86/extable: Introduce _ASM_EXTABLE_UA for uaccess fixups") Signed-off-by: Jann Horn <jannh@google.com> --- arch/x86/include/asm/fpu/internal.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)