commit 75045f77f7a7 ("x86/extable: Introduce _ASM_EXTABLE_UA for uaccess
fixups") incorrectly replaced the fixup entry for XSTATE_OP with a
user-#PF-only fixup. However, XRSTOR can also raise #GP when the supplied
address points to userspace memory. Change it back.
Reported-by: Sebastian Andrzej Siewior <[email protected]>
Fixes: 75045f77f7a7 ("x86/extable: Introduce _ASM_EXTABLE_UA for uaccess fixups")
Signed-off-by: Jann Horn <[email protected]>
---
arch/x86/include/asm/fpu/internal.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/include/asm/fpu/internal.h b/arch/x86/include/asm/fpu/internal.h
index 5f7290e6e954..69dcdf195b61 100644
--- a/arch/x86/include/asm/fpu/internal.h
+++ b/arch/x86/include/asm/fpu/internal.h
@@ -226,7 +226,7 @@ static inline void copy_fxregs_to_kernel(struct fpu *fpu)
"3: movl $-2,%[err]\n\t" \
"jmp 2b\n\t" \
".popsection\n\t" \
- _ASM_EXTABLE_UA(1b, 3b) \
+ _ASM_EXTABLE(1b, 3b) \
: [err] "=r" (err) \
: "D" (st), "m" (*st), "a" (lmask), "d" (hmask) \
: "memory")
--
2.20.0.rc0.387.gc7a69e6b6c-goog
On 2018-11-26 18:27:06 [+0100], Jann Horn wrote:
> commit 75045f77f7a7 ("x86/extable: Introduce _ASM_EXTABLE_UA for uaccess
> fixups") incorrectly replaced the fixup entry for XSTATE_OP with a
> user-#PF-only fixup. However, XRSTOR can also raise #GP when the supplied
> address points to userspace memory. Change it back.
The #GP is raised if the xstate content is invalid. But I guess the
details don't matter.
> Reported-by: Sebastian Andrzej Siewior <[email protected]>
> Fixes: 75045f77f7a7 ("x86/extable: Introduce _ASM_EXTABLE_UA for uaccess fixups")
> Signed-off-by: Jann Horn <[email protected]>
Acked-by: Sebastian Andrzej Siewior <[email protected]>
> ---
> arch/x86/include/asm/fpu/internal.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/x86/include/asm/fpu/internal.h b/arch/x86/include/asm/fpu/internal.h
> index 5f7290e6e954..69dcdf195b61 100644
> --- a/arch/x86/include/asm/fpu/internal.h
> +++ b/arch/x86/include/asm/fpu/internal.h
> @@ -226,7 +226,7 @@ static inline void copy_fxregs_to_kernel(struct fpu *fpu)
> "3: movl $-2,%[err]\n\t" \
> "jmp 2b\n\t" \
> ".popsection\n\t" \
> - _ASM_EXTABLE_UA(1b, 3b) \
> + _ASM_EXTABLE(1b, 3b) \
So you revert to what we had before. That works, tested.
> : [err] "=r" (err) \
> : "D" (st), "m" (*st), "a" (lmask), "d" (hmask) \
> : "memory")
> --
> 2.20.0.rc0.387.gc7a69e6b6c-goog
Sebastian
On 11/26/18 9:49 AM, Sebastian Andrzej Siewior wrote:
> On 2018-11-26 18:27:06 [+0100], Jann Horn wrote:
>> commit 75045f77f7a7 ("x86/extable: Introduce _ASM_EXTABLE_UA for uaccess
>> fixups") incorrectly replaced the fixup entry for XSTATE_OP with a
>> user-#PF-only fixup. However, XRSTOR can also raise #GP when the supplied
>> address points to userspace memory. Change it back.
>
> The #GP is raised if the xstate content is invalid. But I guess the
> details don't matter.
>
>> Reported-by: Sebastian Andrzej Siewior <[email protected]>
>> Fixes: 75045f77f7a7 ("x86/extable: Introduce _ASM_EXTABLE_UA for uaccess fixups")
>> Signed-off-by: Jann Horn <[email protected]>
> Acked-by: Sebastian Andrzej Siewior <[email protected]>
>
It does matter -- please correct the patch description, or we might have some
serious confusion at some arbitrary point in the future with the result that
the bug gets re-introduced; it would not be the first time.
-hpa
From: H. Peter Anvin
> Sent: 26 November 2018 19:50
> On 11/26/18 9:49 AM, Sebastian Andrzej Siewior wrote:
> > On 2018-11-26 18:27:06 [+0100], Jann Horn wrote:
> >> commit 75045f77f7a7 ("x86/extable: Introduce _ASM_EXTABLE_UA for uaccess
> >> fixups") incorrectly replaced the fixup entry for XSTATE_OP with a
> >> user-#PF-only fixup. However, XRSTOR can also raise #GP when the supplied
> >> address points to userspace memory. Change it back.
> >
> > The #GP is raised if the xstate content is invalid. But I guess the
> > details don't matter.
> >
> >> Reported-by: Sebastian Andrzej Siewior <[email protected]>
> >> Fixes: 75045f77f7a7 ("x86/extable: Introduce _ASM_EXTABLE_UA for uaccess fixups")
> >> Signed-off-by: Jann Horn <[email protected]>
> > Acked-by: Sebastian Andrzej Siewior <[email protected]>
> >
>
> It does matter -- please correct the patch description, or we might have some
> serious confusion at some arbitrary point in the future with the result that
> the bug gets re-introduced; it would not be the first time.
Better still note it in the code.
David
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
On 2018-11-28 15:27:28 [+0000], David Laight wrote:
> Better still note it in the code.
I'm in favour of adding something to tools/testing/selftests/x86/.
> David
Sebastian