Received: by 10.223.164.202 with SMTP id h10csp2030759wrb;
        Mon, 27 Nov 2017 10:48:46 -0800 (PST)
X-Google-Smtp-Source: AGs4zMbavdS1e5Y9Gxo8vmCmxuXH676qoYB6x7edQhR5PlAlAdtbyatq6n8ZlxwtReIU0MHG+L8+
X-Received: by 10.99.134.73 with SMTP id x70mr38567357pgd.130.1511808526319;
        Mon, 27 Nov 2017 10:48:46 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1511808526; cv=none;
        d=google.com; s=arc-20160816;
        b=ekhqIvzr/qgqEfWZ8q/FRGf1UuH8fzWTd0OXR3GPvnvjKe6AxmgkXrUE2OhhU0pdT/
         91LQml0sWyIPZ4UtBrvYCXzCpjZU6HYfShkf7EBcJKs8xnFlrZcEDARxaWTdWqXY8c9i
         SjdMkXjGTByeJUdaoPL2mOYl9jSqQ3I/mYQ/8XusD3y3HqmtTe6ABiXnRb7cRDrcN8UU
         Rgv+Q57UvMz+VyVRphihAFvKui5vz86DJmYULbpE7AZgDGhSoFDuo+O0B9BO6DhD/nmO
         xAf1pZeNK1PnvLRw5RfzmgiyaW4ifZnklv7/RAMgQY8lCF7O0eafv8Nz8B1A10x2h2aG
         gQYg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:arc-authentication-results;
        bh=Z/Emqhx0uUoHE+sbhXcZtqJNznTKydoV7pZMUlkS0wg=;
        b=VdkpMzwyAI1x+NO0Gkz3srFw0DKvPjnv3Wucp6btjxhed2BLikudUMeDa13QhEY5b3
         2suh1VcVkARB0kH7zHJgiIxmndMVZsn38lfaDJNrunuhgir80QGZ9q5g6sf6YBb3YMk3
         lqmcb8SmD62GfOu1Zq7EWBYWVl5hryqjvbkROqJiGHoglIULFN2X4AidOjik64nemwdQ
         7d3/fKlxsitFQkyxfGKGsVs6QIOMC717sMg/L3OMx/O2aUZYtvhsMHNN9nys7W5M8YK9
         ik3nmqbJ0wZijhNQ/BTfooSv04t0fvoKFiU+1LvIRZ98okEro4XkD18roUgnBrPdwd1s
         rexA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id z8si23380663pgc.6.2017.11.27.10.48.34;
        Mon, 27 Nov 2017 10:48:46 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753152AbdK0Sqg (ORCPT <rfc822;xuyizhaos@gmail.com> + 78 others);
        Mon, 27 Nov 2017 13:46:36 -0500
Received: from 9pmail.ess.barracuda.com ([64.235.150.225]:47935 "EHLO
        9pmail.ess.barracuda.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1752834AbdK0Sqf (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 27 Nov 2017 13:46:35 -0500
Received: from MIPSMAIL01.mipstec.com (mailrelay.mips.com [12.201.5.28]) by mx29.ess.sfj.cudaops.com (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NO); Mon, 27 Nov 2017 18:46:27 +0000
Received: from localhost (10.20.1.18) by mips01.mipstec.com (10.20.43.31) with
 Microsoft SMTP Server id 14.3.361.1; Mon, 27 Nov 2017 10:46:02 -0800
Date:   Mon, 27 Nov 2017 10:46:42 -0800
From:   Paul Burton <paul.burton@mips.com>
To:     "Maciej W. Rozycki" <macro@mips.com>
CC:     Ralf Baechle <ralf@linux-mips.org>,
        James Hogan <james.hogan@mips.com>,
        <linux-mips@linux-mips.org>, <linux-kernel@vger.kernel.org>,
        <stable@vger.kernel.org>
Subject: Re: [PATCH] MIPS: Validate PR_SET_FP_MODE prctl(2) requests against
 the ABI of the task
Message-ID: <20171127184642.ny2lad4y6zz6am2b@pburton-laptop>
References: <alpine.DEB.2.00.1711251259130.3865@tp.orcam.me.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <alpine.DEB.2.00.1711251259130.3865@tp.orcam.me.uk>
User-Agent: NeoMutt/20171013
X-BESS-ID: 1511808386-637139-12572-749065-8
X-BESS-VER: 2017.14-r1710272128
X-BESS-Apparent-Source-IP: 12.201.5.28
X-BESS-Outbound-Spam-Score: 0.01
X-BESS-Outbound-Spam-Report: Code version 3.2, rules version 3.2.2.187346
        Rule breakdown below
         pts rule name              description
        ---- ---------------------- --------------------------------
        0.01 BSF_SC0_SA_TO_FROM_DOMAIN_MATCH META: Sender 
        Domain Matches Recipient Domain 
        0.00 BSF_BESS_OUTBOUND      META: BESS Outbound 
X-BESS-Outbound-Spam-Status: SCORE=0.01 using account:ESS59374 scores of KILL_LEVEL=7.0 tests=BSF_SC0_SA_TO_FROM_DOMAIN_MATCH, BSF_BESS_OUTBOUND
X-BESS-BRTS-Status: 1
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi Maciej,

On Mon, Nov 27, 2017 at 09:33:03AM +0000, Maciej W. Rozycki wrote:
> Fix an API loophole introduced with commit 9791554b45a2 ("MIPS,prctl: 
> add PR_[GS]ET_FP_MODE prctl options for MIPS"), where the caller of 
> prctl(2) is incorrectly allowed to make a change to CP0.Status.FR or 
> CP0.Config5.FRE register bits even if CONFIG_MIPS_O32_FP64_SUPPORT has 
> not been enabled, despite that an executable requesting the mode 
> requested via ELF file annotation would not be allowed to run in the 
> first place, or for n64 and n64 ABI tasks which do not have non-default 
> modes defined at all.  Add suitable checks to `mips_set_process_fp_mode' 
> and bail out if an invalid mode change has been requested for the ABI in 
> effect, even if the FPU hardware or emulation would otherwise allow it.

This seems reasonable, though in my view more because the FPU emulator
optimises out code for cases we shouldn't hit via cop1_64bit(). Allowing
user code to trigger these cases can only lead to odd and incorrect
behaviour so preventing that makes sense.

> Always succeed however without taking any further action if the mode 
> requested is the same as one already in effect, regardless of whether 
> any mode change, should it be requested, would actually be allowed for 
> the task concerned.

This seems like a distinct change that I think would be worth splitting
out to a separate patch.

Both changes look good to me though, so feel free to add:

    Reviewed-by: Paul Burton <paul.burton@mips.com>

Thanks,
    Paul

> Cc: stable@vger.kernel.org # 4.0+
> Fixes: 9791554b45a2 ("MIPS,prctl: add PR_[GS]ET_FP_MODE prctl options for MIPS")
> Signed-off-by: Maciej W. Rozycki <macro@mips.com>
> ---
>  arch/mips/kernel/process.c |   12 ++++++++++++
>  1 file changed, 12 insertions(+)
> 
> linux-mips-prctl-fp-mode-o32-fp64.diff
> Index: linux-sfr-test/arch/mips/kernel/process.c
> ===================================================================
> --- linux-sfr-test.orig/arch/mips/kernel/process.c	2017-11-25 12:40:55.868109000 +0000
> +++ linux-sfr-test/arch/mips/kernel/process.c	2017-11-25 12:41:56.411578000 +0000
> @@ -705,6 +705,18 @@ int mips_set_process_fp_mode(struct task
>  	struct task_struct *t;
>  	int max_users;
>  
> +	/* If nothing to change, return right away, successfully.  */
> +	if (value == mips_get_process_fp_mode(task))
> +		return 0;
> +
> +	/* Only accept a mode change if 64-bit FP enabled for o32.  */
> +	if (!IS_ENABLED(CONFIG_MIPS_O32_FP64_SUPPORT))
> +		return -EOPNOTSUPP;
> +
> +	/* And only for o32 tasks.  */
> +	if (IS_ENABLED(CONFIG_64BIT) && !test_thread_flag(TIF_32BIT_REGS))
> +		return -EOPNOTSUPP;
> +
>  	/* Check the value is valid */
>  	if (value & ~known_bits)
>  		return -EOPNOTSUPP;

From 1585211647942183839@xxx Mon Nov 27 09:40:34 +0000 2017
X-GM-THRID: 1585211647942183839
X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread