This commit fixes a regression encountered while running the
gdb.base/corefile.exp test in GDB's test suite.
In my testing, the typo prevented the sw_reserved field of struct
fxregs_state from being output to the kernel XSAVES area. Thus the
correct mask corresponding to XCR0 was not present in the core file
for GDB to interrogate, resulting in the following behavior:
[kev@f32-1 gdb]$ ./gdb -q testsuite/outputs/gdb.base/corefile/corefile testsuite/outputs/gdb.base/corefile/corefile.core
Reading symbols from testsuite/outputs/gdb.base/corefile/corefile...
[New LWP 232880]
warning: Unexpected size of section `.reg-xstate/232880' in core file.
With the typo fixed, the test works again as expected.
Signed-off-by: Kevin Buettner <[email protected]>
---
arch/x86/kernel/fpu/xstate.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c
index 6a54e83d5589..9cf40a7ff7ae 100644
--- a/arch/x86/kernel/fpu/xstate.c
+++ b/arch/x86/kernel/fpu/xstate.c
@@ -1022,7 +1022,7 @@ int copy_xstate_to_kernel(void *kbuf, struct xregs_state *xsave, unsigned int of
copy_part(offsetof(struct fxregs_state, st_space), 128,
&xsave->i387.st_space, &kbuf, &offset_start, &count);
if (header.xfeatures & XFEATURE_MASK_SSE)
- copy_part(xstate_offsets[XFEATURE_MASK_SSE], 256,
+ copy_part(xstate_offsets[XFEATURE_SSE], 256,
&xsave->i387.xmm_space, &kbuf, &offset_start, &count);
/*
* Fill xsave->i387.sw_reserved value for ptrace frame:
--
2.26.2
Just adding Linus, as Al is oft distracted.
Dave.
>
> This commit fixes a regression encountered while running the
> gdb.base/corefile.exp test in GDB's test suite.
>
> In my testing, the typo prevented the sw_reserved field of struct
> fxregs_state from being output to the kernel XSAVES area. Thus the
> correct mask corresponding to XCR0 was not present in the core file
> for GDB to interrogate, resulting in the following behavior:
>
> [kev@f32-1 gdb]$ ./gdb -q testsuite/outputs/gdb.base/corefile/corefile testsuite/outputs/gdb.base/corefile/corefile.core
> Reading symbols from testsuite/outputs/gdb.base/corefile/corefile...
> [New LWP 232880]
>
> warning: Unexpected size of section `.reg-xstate/232880' in core file.
>
> With the typo fixed, the test works again as expected.
>
> Signed-off-by: Kevin Buettner <[email protected]>
> ---
> arch/x86/kernel/fpu/xstate.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c
> index 6a54e83d5589..9cf40a7ff7ae 100644
> --- a/arch/x86/kernel/fpu/xstate.c
> +++ b/arch/x86/kernel/fpu/xstate.c
> @@ -1022,7 +1022,7 @@ int copy_xstate_to_kernel(void *kbuf, struct xregs_state *xsave, unsigned int of
> copy_part(offsetof(struct fxregs_state, st_space), 128,
> &xsave->i387.st_space, &kbuf, &offset_start, &count);
> if (header.xfeatures & XFEATURE_MASK_SSE)
> - copy_part(xstate_offsets[XFEATURE_MASK_SSE], 256,
> + copy_part(xstate_offsets[XFEATURE_SSE], 256,
> &xsave->i387.xmm_space, &kbuf, &offset_start, &count);
> /*
> * Fill xsave->i387.sw_reserved value for ptrace frame:
> --
> 2.26.2
>
>
On Mon, Jul 20, 2020 at 09:40:14AM +1000, Dave Airlie wrote:
> Just adding Linus, as Al is oft distracted.
Already in vfs.git#fixes, actually:
commit 8d95867c8610c515ffab2913b2cb19b2c7f7f6c1
Author: Kevin Buettner <[email protected]>
Date: Sat Jul 18 00:20:03 2020 -0700
copy_xstate_to_kernel: Fix typo which caused GDB regression
This commit fixes a regression encountered while running the
gdb.base/corefile.exp test in GDB's test suite.
In my testing, the typo prevented the sw_reserved field of struct
fxregs_state from being output to the kernel XSAVES area. Thus the
correct mask corresponding to XCR0 was not present in the core file
for GDB to interrogate, resulting in the following behavior:
[kev@f32-1 gdb]$ ./gdb -q testsuite/outputs/gdb.base/corefile/corefile testsuite/outputs/gdb.base/corefile/corefile.core
Reading symbols from testsuite/outputs/gdb.base/corefile/corefile...
[New LWP 232880]
warning: Unexpected size of section `.reg-xstate/232880' in core file.
With the typo fixed, the test works again as expected.
Fixes: 9e46365459331 ("copy_xstate_to_kernel(): don't leave parts of destination uninitialized")
Signed-off-by: Kevin Buettner <[email protected]>
Signed-off-by: Al Viro <[email protected]>
* Kevin Buettner:
> This commit fixes a regression encountered while running the
> gdb.base/corefile.exp test in GDB's test suite.
>
> In my testing, the typo prevented the sw_reserved field of struct
> fxregs_state from being output to the kernel XSAVES area. Thus the
> correct mask corresponding to XCR0 was not present in the core file
> for GDB to interrogate, resulting in the following behavior:
>
> [kev@f32-1 gdb]$ ./gdb -q testsuite/outputs/gdb.base/corefile/corefile testsuite/outputs/gdb.base/corefile/corefile.core
> Reading symbols from testsuite/outputs/gdb.base/corefile/corefile...
> [New LWP 232880]
>
> warning: Unexpected size of section `.reg-xstate/232880' in core file.
>
> With the typo fixed, the test works again as expected.
>
> Signed-off-by: Kevin Buettner <[email protected]>
> ---
> arch/x86/kernel/fpu/xstate.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c
> index 6a54e83d5589..9cf40a7ff7ae 100644
> --- a/arch/x86/kernel/fpu/xstate.c
> +++ b/arch/x86/kernel/fpu/xstate.c
> @@ -1022,7 +1022,7 @@ int copy_xstate_to_kernel(void *kbuf, struct xregs_state *xsave, unsigned int of
> copy_part(offsetof(struct fxregs_state, st_space), 128,
> &xsave->i387.st_space, &kbuf, &offset_start, &count);
> if (header.xfeatures & XFEATURE_MASK_SSE)
> - copy_part(xstate_offsets[XFEATURE_MASK_SSE], 256,
> + copy_part(xstate_offsets[XFEATURE_SSE], 256,
> &xsave->i387.xmm_space, &kbuf, &offset_start, &count);
> /*
> * Fill xsave->i387.sw_reserved value for ptrace frame:
Does this read out-of-bounds, potentially disclosing kernel memory?
Not if the system supports AVX, I assume.
On Tue, 21 Jul 2020 10:59:07 +0200
Florian Weimer <[email protected]> wrote:
> * Kevin Buettner:
>
> > This commit fixes a regression encountered while running the
> > gdb.base/corefile.exp test in GDB's test suite.
> >
> > In my testing, the typo prevented the sw_reserved field of struct
> > fxregs_state from being output to the kernel XSAVES area. Thus the
> > correct mask corresponding to XCR0 was not present in the core file
> > for GDB to interrogate, resulting in the following behavior:
> >
> > [kev@f32-1 gdb]$ ./gdb -q testsuite/outputs/gdb.base/corefile/corefile testsuite/outputs/gdb.base/corefile/corefile.core
> > Reading symbols from testsuite/outputs/gdb.base/corefile/corefile...
> > [New LWP 232880]
> >
> > warning: Unexpected size of section `.reg-xstate/232880' in core file.
> >
> > With the typo fixed, the test works again as expected.
> >
> > Signed-off-by: Kevin Buettner <[email protected]>
> > ---
> > arch/x86/kernel/fpu/xstate.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c
> > index 6a54e83d5589..9cf40a7ff7ae 100644
> > --- a/arch/x86/kernel/fpu/xstate.c
> > +++ b/arch/x86/kernel/fpu/xstate.c
> > @@ -1022,7 +1022,7 @@ int copy_xstate_to_kernel(void *kbuf, struct xregs_state *xsave, unsigned int of
> > copy_part(offsetof(struct fxregs_state, st_space), 128,
> > &xsave->i387.st_space, &kbuf, &offset_start, &count);
> > if (header.xfeatures & XFEATURE_MASK_SSE)
> > - copy_part(xstate_offsets[XFEATURE_MASK_SSE], 256,
> > + copy_part(xstate_offsets[XFEATURE_SSE], 256,
> > &xsave->i387.xmm_space, &kbuf, &offset_start, &count);
> > /*
> > * Fill xsave->i387.sw_reserved value for ptrace frame:
>
> Does this read out-of-bounds, potentially disclosing kernel memory?
> Not if the system supports AVX, I assume.
An overlarge offset (first parameter) passed to copy_part() will cause
fill_gap() to be called which will copy data out of &init_fpstate.xsave.
Care is taken in both fill_gap and copy_part to not copy more data
than the remaining count.
So, I think the answer is "no".
Kevin