[PATCH] copy_xstate_to_kernel: Fix typo which caused GDB regression

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] copy_xstate_to_kernel: Fix typo which caused GDB regression
@ 2020-07-18  7:20 Kevin Buettner
  2020-07-19 23:40 ` Dave Airlie
  2020-07-21  8:59 ` Florian Weimer
  0 siblings, 2 replies; 5+ messages in thread
From: Kevin Buettner @ 2020-07-18  7:20 UTC (permalink / raw)
  To: Al Viro, linux-kernel

This commit fixes a regression encountered while running the
gdb.base/corefile.exp test in GDB's test suite.

In my testing, the typo prevented the sw_reserved field of struct
fxregs_state from being output to the kernel XSAVES area.  Thus the
correct mask corresponding to XCR0 was not present in the core file
for GDB to interrogate, resulting in the following behavior:

[kev@f32-1 gdb]$ ./gdb -q testsuite/outputs/gdb.base/corefile/corefile testsuite/outputs/gdb.base/corefile/corefile.core
Reading symbols from testsuite/outputs/gdb.base/corefile/corefile...
[New LWP 232880]

warning: Unexpected size of section `.reg-xstate/232880' in core file.

With the typo fixed, the test works again as expected.

Signed-off-by: Kevin Buettner <kevinb@redhat.com>
---
 arch/x86/kernel/fpu/xstate.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c
index 6a54e83d5589..9cf40a7ff7ae 100644
--- a/arch/x86/kernel/fpu/xstate.c
+++ b/arch/x86/kernel/fpu/xstate.c
@@ -1022,7 +1022,7 @@ int copy_xstate_to_kernel(void *kbuf, struct xregs_state *xsave, unsigned int of
 		copy_part(offsetof(struct fxregs_state, st_space), 128,
 			  &xsave->i387.st_space, &kbuf, &offset_start, &count);
 	if (header.xfeatures & XFEATURE_MASK_SSE)
-		copy_part(xstate_offsets[XFEATURE_MASK_SSE], 256,
+		copy_part(xstate_offsets[XFEATURE_SSE], 256,
 			  &xsave->i387.xmm_space, &kbuf, &offset_start, &count);
 	/*
 	 * Fill xsave->i387.sw_reserved value for ptrace frame:
-- 
2.26.2

^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH] copy_xstate_to_kernel: Fix typo which caused GDB regression
  2020-07-18  7:20 [PATCH] copy_xstate_to_kernel: Fix typo which caused GDB regression Kevin Buettner
@ 2020-07-19 23:40 ` Dave Airlie
  2020-07-20  1:10   ` Al Viro
  2020-07-21  8:59 ` Florian Weimer
  1 sibling, 1 reply; 5+ messages in thread
From: Dave Airlie @ 2020-07-19 23:40 UTC (permalink / raw)
  To: Kevin Buettner, Linus Torvalds; +Cc: Al Viro, LKML

Just adding Linus, as Al is oft distracted.

Dave.
>
> This commit fixes a regression encountered while running the
> gdb.base/corefile.exp test in GDB's test suite.
>
> In my testing, the typo prevented the sw_reserved field of struct
> fxregs_state from being output to the kernel XSAVES area.  Thus the
> correct mask corresponding to XCR0 was not present in the core file
> for GDB to interrogate, resulting in the following behavior:
>
> [kev@f32-1 gdb]$ ./gdb -q testsuite/outputs/gdb.base/corefile/corefile testsuite/outputs/gdb.base/corefile/corefile.core
> Reading symbols from testsuite/outputs/gdb.base/corefile/corefile...
> [New LWP 232880]
>
> warning: Unexpected size of section `.reg-xstate/232880' in core file.
>
> With the typo fixed, the test works again as expected.
>
> Signed-off-by: Kevin Buettner <kevinb@redhat.com>
> ---
>  arch/x86/kernel/fpu/xstate.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c
> index 6a54e83d5589..9cf40a7ff7ae 100644
> --- a/arch/x86/kernel/fpu/xstate.c
> +++ b/arch/x86/kernel/fpu/xstate.c
> @@ -1022,7 +1022,7 @@ int copy_xstate_to_kernel(void *kbuf, struct xregs_state *xsave, unsigned int of
>                 copy_part(offsetof(struct fxregs_state, st_space), 128,
>                           &xsave->i387.st_space, &kbuf, &offset_start, &count);
>         if (header.xfeatures & XFEATURE_MASK_SSE)
> -               copy_part(xstate_offsets[XFEATURE_MASK_SSE], 256,
> +               copy_part(xstate_offsets[XFEATURE_SSE], 256,
>                           &xsave->i387.xmm_space, &kbuf, &offset_start, &count);
>         /*
>          * Fill xsave->i387.sw_reserved value for ptrace frame:
> --
> 2.26.2
>
>

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] copy_xstate_to_kernel: Fix typo which caused GDB regression
  2020-07-19 23:40 ` Dave Airlie
@ 2020-07-20  1:10   ` Al Viro
  0 siblings, 0 replies; 5+ messages in thread
From: Al Viro @ 2020-07-20  1:10 UTC (permalink / raw)
  To: Dave Airlie; +Cc: Kevin Buettner, Linus Torvalds, LKML

On Mon, Jul 20, 2020 at 09:40:14AM +1000, Dave Airlie wrote:
> Just adding Linus, as Al is oft distracted.

Already in vfs.git#fixes, actually:
commit 8d95867c8610c515ffab2913b2cb19b2c7f7f6c1
Author: Kevin Buettner <kevinb@redhat.com>
Date:   Sat Jul 18 00:20:03 2020 -0700

    copy_xstate_to_kernel: Fix typo which caused GDB regression
    
    This commit fixes a regression encountered while running the
    gdb.base/corefile.exp test in GDB's test suite.
    
    In my testing, the typo prevented the sw_reserved field of struct
    fxregs_state from being output to the kernel XSAVES area.  Thus the
    correct mask corresponding to XCR0 was not present in the core file
    for GDB to interrogate, resulting in the following behavior:
    
    [kev@f32-1 gdb]$ ./gdb -q testsuite/outputs/gdb.base/corefile/corefile testsuite/outputs/gdb.base/corefile/corefile.core
    Reading symbols from testsuite/outputs/gdb.base/corefile/corefile...
    [New LWP 232880]
    
    warning: Unexpected size of section `.reg-xstate/232880' in core file.
    
    With the typo fixed, the test works again as expected.
    
    Fixes: 9e46365459331 ("copy_xstate_to_kernel(): don't leave parts of destination uninitialized")
    Signed-off-by: Kevin Buettner <kevinb@redhat.com>
    Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] copy_xstate_to_kernel: Fix typo which caused GDB regression
  2020-07-18  7:20 [PATCH] copy_xstate_to_kernel: Fix typo which caused GDB regression Kevin Buettner
  2020-07-19 23:40 ` Dave Airlie
@ 2020-07-21  8:59 ` Florian Weimer
  2020-07-21  9:26   ` Kevin Buettner
  1 sibling, 1 reply; 5+ messages in thread
From: Florian Weimer @ 2020-07-21  8:59 UTC (permalink / raw)
  To: Kevin Buettner; +Cc: Al Viro, linux-kernel

* Kevin Buettner:

> This commit fixes a regression encountered while running the
> gdb.base/corefile.exp test in GDB's test suite.
>
> In my testing, the typo prevented the sw_reserved field of struct
> fxregs_state from being output to the kernel XSAVES area.  Thus the
> correct mask corresponding to XCR0 was not present in the core file
> for GDB to interrogate, resulting in the following behavior:
>
> [kev@f32-1 gdb]$ ./gdb -q testsuite/outputs/gdb.base/corefile/corefile testsuite/outputs/gdb.base/corefile/corefile.core
> Reading symbols from testsuite/outputs/gdb.base/corefile/corefile...
> [New LWP 232880]
>
> warning: Unexpected size of section `.reg-xstate/232880' in core file.
>
> With the typo fixed, the test works again as expected.
>
> Signed-off-by: Kevin Buettner <kevinb@redhat.com>
> ---
>  arch/x86/kernel/fpu/xstate.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c
> index 6a54e83d5589..9cf40a7ff7ae 100644
> --- a/arch/x86/kernel/fpu/xstate.c
> +++ b/arch/x86/kernel/fpu/xstate.c
> @@ -1022,7 +1022,7 @@ int copy_xstate_to_kernel(void *kbuf, struct xregs_state *xsave, unsigned int of
>  		copy_part(offsetof(struct fxregs_state, st_space), 128,
>  			  &xsave->i387.st_space, &kbuf, &offset_start, &count);
>  	if (header.xfeatures & XFEATURE_MASK_SSE)
> -		copy_part(xstate_offsets[XFEATURE_MASK_SSE], 256,
> +		copy_part(xstate_offsets[XFEATURE_SSE], 256,
>  			  &xsave->i387.xmm_space, &kbuf, &offset_start, &count);
>  	/*
>  	 * Fill xsave->i387.sw_reserved value for ptrace frame:

Does this read out-of-bounds, potentially disclosing kernel memory?
Not if the system supports AVX, I assume.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] copy_xstate_to_kernel: Fix typo which caused GDB regression
  2020-07-21  8:59 ` Florian Weimer
@ 2020-07-21  9:26   ` Kevin Buettner
  0 siblings, 0 replies; 5+ messages in thread
From: Kevin Buettner @ 2020-07-21  9:26 UTC (permalink / raw)
  To: Florian Weimer; +Cc: Al Viro, linux-kernel

On Tue, 21 Jul 2020 10:59:07 +0200
Florian Weimer <fw@deneb.enyo.de> wrote:

> * Kevin Buettner:
> 
> > This commit fixes a regression encountered while running the
> > gdb.base/corefile.exp test in GDB's test suite.
> >
> > In my testing, the typo prevented the sw_reserved field of struct
> > fxregs_state from being output to the kernel XSAVES area.  Thus the
> > correct mask corresponding to XCR0 was not present in the core file
> > for GDB to interrogate, resulting in the following behavior:
> >
> > [kev@f32-1 gdb]$ ./gdb -q testsuite/outputs/gdb.base/corefile/corefile testsuite/outputs/gdb.base/corefile/corefile.core
> > Reading symbols from testsuite/outputs/gdb.base/corefile/corefile...
> > [New LWP 232880]
> >
> > warning: Unexpected size of section `.reg-xstate/232880' in core file.
> >
> > With the typo fixed, the test works again as expected.
> >
> > Signed-off-by: Kevin Buettner <kevinb@redhat.com>
> > ---
> >  arch/x86/kernel/fpu/xstate.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c
> > index 6a54e83d5589..9cf40a7ff7ae 100644
> > --- a/arch/x86/kernel/fpu/xstate.c
> > +++ b/arch/x86/kernel/fpu/xstate.c
> > @@ -1022,7 +1022,7 @@ int copy_xstate_to_kernel(void *kbuf, struct xregs_state *xsave, unsigned int of
> >  		copy_part(offsetof(struct fxregs_state, st_space), 128,
> >  			  &xsave->i387.st_space, &kbuf, &offset_start, &count);
> >  	if (header.xfeatures & XFEATURE_MASK_SSE)
> > -		copy_part(xstate_offsets[XFEATURE_MASK_SSE], 256,
> > +		copy_part(xstate_offsets[XFEATURE_SSE], 256,
> >  			  &xsave->i387.xmm_space, &kbuf, &offset_start, &count);
> >  	/*
> >  	 * Fill xsave->i387.sw_reserved value for ptrace frame:  
> 
> Does this read out-of-bounds, potentially disclosing kernel memory?
> Not if the system supports AVX, I assume.

An overlarge offset (first parameter) passed to copy_part() will cause
fill_gap() to be called which will copy data out of &init_fpstate.xsave.
Care is taken in both fill_gap and copy_part to not copy more data
than the remaining count.

So, I think the answer is "no".

Kevin


^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2020-07-21  9:27 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-18  7:20 [PATCH] copy_xstate_to_kernel: Fix typo which caused GDB regression Kevin Buettner
2020-07-19 23:40 ` Dave Airlie
2020-07-20  1:10   ` Al Viro
2020-07-21  8:59 ` Florian Weimer
2020-07-21  9:26   ` Kevin Buettner

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.