Commit 6ddd115f authored by Quentin Casasnovas's avatar Quentin Casasnovas Committed by Sasha Levin

x86/fpu/xsaves: Fix improper uses of __ex_table

commit 06c8173e upstream.

Commit:

  f31a9f7c ("x86/xsaves: Use xsaves/xrstors to save and restore xsave area")

introduced alternative instructions for XSAVES/XRSTORS and commit:

  adb9d526 ("x86/xsaves: Add xsaves and xrstors support for booting time")

added support for the XSAVES/XRSTORS instructions at boot time.

Unfortunately both failed to properly protect them against faulting:

The 'xstate_fault' macro will use the closest label named '1'
backward and that ends up in the .altinstr_replacement section
rather than in .text. This means that the kernel will never find
in the __ex_table the .text address where this instruction might
fault, leading to serious problems if userspace manages to
trigger the fault.
Signed-off-by: default avatarQuentin Casasnovas <quentin.casasnovas@oracle.com>
Signed-off-by: default avatarJamie Iles <jamie.iles@oracle.com>
[ Improved the changelog, fixed some whitespace noise. ]
Acked-by: default avatarBorislav Petkov <bp@alien8.de>
Acked-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
Cc: Allan Xavier <mr.a.xavier@gmail.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Fixes: adb9d526 ("x86/xsaves: Add xsaves and xrstors support for booting time")
Fixes: f31a9f7c ("x86/xsaves: Use xsaves/xrstors to save and restore xsave area")
Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
parent ce5dd33c
...@@ -81,18 +81,15 @@ static inline int xsave_state_booting(struct xsave_struct *fx, u64 mask) ...@@ -81,18 +81,15 @@ static inline int xsave_state_booting(struct xsave_struct *fx, u64 mask)
if (boot_cpu_has(X86_FEATURE_XSAVES)) if (boot_cpu_has(X86_FEATURE_XSAVES))
asm volatile("1:"XSAVES"\n\t" asm volatile("1:"XSAVES"\n\t"
"2:\n\t" "2:\n\t"
: : "D" (fx), "m" (*fx), "a" (lmask), "d" (hmask) xstate_fault
: "D" (fx), "m" (*fx), "a" (lmask), "d" (hmask)
: "memory"); : "memory");
else else
asm volatile("1:"XSAVE"\n\t" asm volatile("1:"XSAVE"\n\t"
"2:\n\t" "2:\n\t"
: : "D" (fx), "m" (*fx), "a" (lmask), "d" (hmask) xstate_fault
: "memory"); : "D" (fx), "m" (*fx), "a" (lmask), "d" (hmask)
asm volatile(xstate_fault
: "0" (0)
: "memory"); : "memory");
return err; return err;
} }
...@@ -111,18 +108,15 @@ static inline int xrstor_state_booting(struct xsave_struct *fx, u64 mask) ...@@ -111,18 +108,15 @@ static inline int xrstor_state_booting(struct xsave_struct *fx, u64 mask)
if (boot_cpu_has(X86_FEATURE_XSAVES)) if (boot_cpu_has(X86_FEATURE_XSAVES))
asm volatile("1:"XRSTORS"\n\t" asm volatile("1:"XRSTORS"\n\t"
"2:\n\t" "2:\n\t"
: : "D" (fx), "m" (*fx), "a" (lmask), "d" (hmask) xstate_fault
: "D" (fx), "m" (*fx), "a" (lmask), "d" (hmask)
: "memory"); : "memory");
else else
asm volatile("1:"XRSTOR"\n\t" asm volatile("1:"XRSTOR"\n\t"
"2:\n\t" "2:\n\t"
: : "D" (fx), "m" (*fx), "a" (lmask), "d" (hmask) xstate_fault
: "memory"); : "D" (fx), "m" (*fx), "a" (lmask), "d" (hmask)
asm volatile(xstate_fault
: "0" (0)
: "memory"); : "memory");
return err; return err;
} }
...@@ -148,9 +142,9 @@ static inline int xsave_state(struct xsave_struct *fx, u64 mask) ...@@ -148,9 +142,9 @@ static inline int xsave_state(struct xsave_struct *fx, u64 mask)
*/ */
alternative_input_2( alternative_input_2(
"1:"XSAVE, "1:"XSAVE,
"1:"XSAVEOPT, XSAVEOPT,
X86_FEATURE_XSAVEOPT, X86_FEATURE_XSAVEOPT,
"1:"XSAVES, XSAVES,
X86_FEATURE_XSAVES, X86_FEATURE_XSAVES,
[fx] "D" (fx), "a" (lmask), "d" (hmask) : [fx] "D" (fx), "a" (lmask), "d" (hmask) :
"memory"); "memory");
...@@ -177,7 +171,7 @@ static inline int xrstor_state(struct xsave_struct *fx, u64 mask) ...@@ -177,7 +171,7 @@ static inline int xrstor_state(struct xsave_struct *fx, u64 mask)
*/ */
alternative_input( alternative_input(
"1: " XRSTOR, "1: " XRSTOR,
"1: " XRSTORS, XRSTORS,
X86_FEATURE_XSAVES, X86_FEATURE_XSAVES,
"D" (fx), "m" (*fx), "a" (lmask), "d" (hmask) "D" (fx), "m" (*fx), "a" (lmask), "d" (hmask)
: "memory"); : "memory");
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment