iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
0abdeff598
linux/arch/arm64/kernel
History
Dave Martin 0abdeff598 arm64: fpsimd: Fix state leakage when migrating after sigreturn 
When refactoring the sigreturn code to handle SVE, I changed the
sigreturn implementation to store the new FPSIMD state from the
user sigframe into task_struct before reloading the state into the
CPU regs.  This makes it easier to convert the data for SVE when
needed.

However, it turns out that the fpsimd_state structure passed into
fpsimd_update_current_state is not fully initialised, so assigning
the structure as a whole corrupts current->thread.fpsimd_state.cpu
with uninitialised data.

This means that if the garbage data written to .cpu happens to be a
valid cpu number, and the task is subsequently migrated to the cpu
identified by the that number, and then tries to enter userspace,
the CPU FPSIMD regs will be assumed to be correct for the task and
not reloaded as they should be.  This can result in returning to
userspace with the FPSIMD registers containing data that is stale or
that belongs to another task or to the kernel.

Knowingly handing around a kernel structure that is incompletely
initialised with user data is a potential source of mistakes,
especially across source file boundaries.  To help avoid a repeat
of this issue, this patch adapts the relevant internal API to hand
around the user-accessible subset only: struct user_fpsimd_state.

To avoid future surprises, this patch also converts all uses of
struct fpsimd_state that really only access the user subset, to use
struct user_fpsimd_state.  A few missing consts are added to
function prototypes for good measure.

Thanks to Will for spotting the cause of the bug here.

Reported-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
2018-01-16 14:39:50 +00:00
..
probes License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
vdso arm64 updates for 4.15 2017-11-15 10:56:56 -08:00
.gitignore
acpi_numa.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
acpi_parking_protocol.c arm64: fix endianness annotation in acpi_parking_protocol.c 2017-06-29 11:33:15 +01:00
acpi.c arm64: acpi: Remove __init from acpi_psci_use_hvc() for use by SDEI 2018-01-14 18:49:49 +00:00
alternative.c arm64: alternatives: use tpidr_el2 on VHE hosts 2018-01-13 10:44:33 +00:00
arm64ksyms.c arm64: switch to RAW_COPY_USER 2017-03-28 18:23:24 -04:00
armv8_deprecated.c arm64 updates for 4.15 2017-11-15 10:56:56 -08:00
asm-offsets.c arm64: kernel: Add arch-specific SDEI entry code and CPU masking 2018-01-13 10:45:17 +00:00
bpi.S arm64: Implement branch predictor hardening for Falkor 2018-01-08 18:47:07 +00:00
cacheinfo.c arm64: cacheinfo: Remove CCSIDR-based cache information probing 2017-03-20 16:16:54 +00:00
cpu_errata.c arm64: cpu_errata: Add Kryo to Falkor 1003 errata 2018-01-14 18:49:52 +00:00
cpu_ops.c arm64: cpu_ops: Add missing 'const' qualifiers 2017-12-01 13:05:08 +00:00
cpu-reset.h arm64: Use __pa_symbol for kernel symbols 2017-01-12 15:05:39 +00:00
cpu-reset.S arm64: Add back cpu reset routines 2016-06-27 16:31:25 +01:00
cpufeature.c arm64: Inform user if software PAN is in use 2018-01-16 11:00:45 +00:00
cpuidle.c ARM64 / cpuidle: Use new cpuidle macro for entering retention state 2018-01-02 13:50:34 +00:00
cpuinfo.c arm64: v8.4: Support for new floating point multiplication instructions 2018-01-05 11:29:48 +00:00
crash_dump.c arm64: kdump: provide /proc/vmcore file 2017-04-05 18:31:38 +01:00
debug-monitors.c arm64: introduce an order for exceptions 2017-11-02 15:55:41 +00:00
efi-entry.S arm64: efi-entry.S: avoid open-coded adr_l 2017-01-17 17:41:14 +00:00
efi-header.S arm64: efi: split Image code and data into separate PE/COFF sections 2017-04-04 17:50:59 +01:00
efi.c efi/arm: Enable DMI/SMBIOS 2017-06-05 17:50:44 +02:00
entry32.S arm64: entry32: remove pointless register assignment 2015-07-10 16:47:13 +01:00
entry-fpsimd.S arm64/sve: Low-level SVE architectural state manipulation functions 2017-11-03 15:24:14 +00:00
entry-ftrace.S arm64: Fix static use of function graph 2017-11-03 12:05:23 +00:00
entry.S arm64: entry: Move the trampoline to be before PAN 2018-01-14 18:49:51 +00:00
fpsimd.c arm64: fpsimd: Fix state leakage when migrating after sigreturn 2018-01-16 14:39:50 +00:00
ftrace.c arm64: ftrace: emit ftrace-mod.o contents through code 2017-12-01 13:04:59 +00:00
head.S arm64: Extend early page table code to allow for larger kernels 2018-01-14 18:49:52 +00:00
hibernate-asm.S arm64: handle 52-bit addresses in TTBR 2017-12-22 17:35:21 +00:00
hibernate.c arm64: don't open code page table entry creation 2017-12-22 17:36:34 +00:00
hw_breakpoint.c arm64: hw_breakpoint: fix watchpoint matching for tagged pointers 2017-05-09 17:26:40 +01:00
hyp-stub.S arm64: hyp-stub: Zero x0 on successful stub handling 2017-04-09 07:49:35 -07:00
image.h arm64 updates for 4.7: 2016-05-16 17:17:24 -07:00
insn.c arm64 updates for 4.13: 2017-07-05 17:09:27 -07:00
io.c arm64: Avoid aligning normal memory pointers in __memcpy_{to,from}io 2017-10-24 16:23:07 +01:00
irq.c arm64: Add vmap_stack header file 2018-01-13 10:45:03 +00:00
jump_label.c jump_label: Rename JUMP_LABEL_{EN,DIS}ABLE to JUMP_LABEL_{JMP,NOP} 2015-08-03 11:34:12 +02:00
kaslr.c arm64: kaslr: Adjust the offset to avoid Image across alignment boundary 2017-08-22 18:15:42 +01:00
kgdb.c sched/headers: Prepare for new header dependencies before moving code to <linux/sched/task_stack.h> 2017-03-02 08:42:36 +01:00
kuser32.S
machine_kexec.c arm64: explicitly mask all exceptions 2017-11-02 15:55:40 +00:00
Makefile arm64: kernel: Add arch-specific SDEI entry code and CPU masking 2018-01-13 10:45:17 +00:00
module-plts.c arm64: ftrace: emit ftrace-mod.o contents through code 2017-12-01 13:04:59 +00:00
module.c arm64: fix endianness annotation for reloc_insn_movw() & reloc_insn_imm() 2017-06-29 11:09:39 +01:00
module.lds arm64: ftrace: emit ftrace-mod.o contents through code 2017-12-01 13:04:59 +00:00
paravirt.c arm64: introduce CONFIG_PARAVIRT, PARAVIRT_TIME_ACCOUNTING and pv_time_ops 2015-12-21 14:40:54 +00:00
pci.c PCI: Add a generic weak pcibios_align_resource() 2017-08-02 14:53:16 -05:00
perf_callchain.c arm64: unwind: remove sp from struct stackframe 2017-08-09 14:10:29 +01:00
perf_event.c arm64: perf: remove unsupported events for Cortex-A73 2017-12-01 13:05:08 +00:00
perf_regs.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
process.c arm64: tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks 2017-12-11 13:41:03 +00:00
psci.c arm64: Use __pa_symbol for kernel symbols 2017-01-12 15:05:39 +00:00
ptrace.c arm64/sve: ptrace and ELF coredump support 2017-11-03 15:24:18 +00:00
reloc_test_core.c arm64: relocation testing module 2017-04-04 17:03:32 +01:00
reloc_test_syms.S arm64: relocation testing module 2017-04-04 17:03:32 +01:00
relocate_kernel.S arm64: Introduce raw_{d,i}cache_line_size 2016-09-09 15:03:29 +01:00
return_address.c arm64: unwind: remove sp from struct stackframe 2017-08-09 14:10:29 +01:00
sdei.c arm64: sdei: Add trampoline code for remapping the kernel 2018-01-14 18:49:50 +00:00
setup.c arm64: Move the async/fiq helpers to explicitly set process context flags 2017-11-02 15:55:41 +00:00
signal32.c arm64: fpsimd: Fix state leakage when migrating after sigreturn 2018-01-16 14:39:50 +00:00
signal.c arm64: fpsimd: Fix state leakage when migrating after sigreturn 2018-01-16 14:39:50 +00:00
sleep.S License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
smccc-call.S firmware: qcom: scm: Fix interrupted SCM calls 2017-02-03 18:46:33 +00:00
smp_spin_table.c arm64: Use __pa_symbol for kernel symbols 2017-01-12 15:05:39 +00:00
smp.c arm64: kernel: Add arch-specific SDEI entry code and CPU masking 2018-01-13 10:45:17 +00:00
stacktrace.c arm64: stacktrace: avoid listing stacktrace functions in stacktrace 2017-09-13 18:53:16 -07:00
suspend.c arm64: uaccess: Add PAN helper 2018-01-13 10:45:10 +00:00
sys32.c arm64: fix implementation of mmap2 compat syscall 2015-03-19 10:43:51 +00:00
sys_compat.c sched/headers: Prepare for the reduction of <linux/sched.h>'s signal API dependency 2017-03-02 08:42:37 +01:00
sys.c arm64: compat: Check for AArch32 state 2016-04-20 12:22:42 +01:00
time.c arm64: unwind: remove sp from struct stackframe 2017-08-09 14:10:29 +01:00
topology.c arm64: Use of_cpu_node_to_id helper for CPU topology parsing 2018-01-02 16:43:12 +00:00
trace-events-emulation.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
traps.c arm64 updates for 4.15 2017-11-15 10:56:56 -08:00
vdso.c arm64/vdso: Support mremap() for vDSO 2017-08-09 12:16:28 +01:00
vmlinux.lds.S arm64: Extend early page table code to allow for larger kernels 2018-01-14 18:49:52 +00:00