* [patch V3 01/20] x86/extable: Tidy up redundant handler functions
2021-09-08 13:29 [patch V3 00/20] x86/fpu: Clean up exception fixups and error handling in sigframe related code Thomas Gleixner
@ 2021-09-08 13:29 ` Thomas Gleixner
2021-09-14 19:19 ` [tip: x86/fpu] " tip-bot2 for Thomas Gleixner
2021-09-08 13:29 ` [patch V3 02/20] x86/extable: Get rid of redundant macros Thomas Gleixner
` (19 subsequent siblings)
20 siblings, 1 reply; 47+ messages in thread
From: Thomas Gleixner @ 2021-09-08 13:29 UTC (permalink / raw)
To: LKML
Cc: x86, Al Viro, Linus Torvalds, Tony Luck, Alexei Starovoitov,
Peter Ziljstra, Song Liu, Daniel Borkmann
No need to have the same code all over the place.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
---
V2: New patch
---
arch/x86/mm/extable.c | 16 +++++-----------
1 file changed, 5 insertions(+), 11 deletions(-)
--- a/arch/x86/mm/extable.c
+++ b/arch/x86/mm/extable.c
@@ -39,9 +39,8 @@ EXPORT_SYMBOL(ex_handler_default);
unsigned long error_code,
unsigned long fault_addr)
{
- regs->ip = ex_fixup_addr(fixup);
regs->ax = trapnr;
- return true;
+ return ex_handler_default(fixup, regs, trapnr, error_code, fault_addr);
}
EXPORT_SYMBOL_GPL(ex_handler_fault);
@@ -76,8 +75,7 @@ EXPORT_SYMBOL_GPL(ex_handler_fprestore);
unsigned long fault_addr)
{
WARN_ONCE(trapnr == X86_TRAP_GP, "General protection fault in user access. Non-canonical address?");
- regs->ip = ex_fixup_addr(fixup);
- return true;
+ return ex_handler_default(fixup, regs, trapnr, error_code, fault_addr);
}
EXPORT_SYMBOL(ex_handler_uaccess);
@@ -87,9 +85,7 @@ EXPORT_SYMBOL(ex_handler_uaccess);
unsigned long fault_addr)
{
WARN_ONCE(trapnr == X86_TRAP_GP, "General protection fault in user access. Non-canonical address?");
- regs->ip = ex_fixup_addr(fixup);
- regs->ax = trapnr;
- return true;
+ return ex_handler_fault(fixup, regs, trapnr, error_code, fault_addr);
}
EXPORT_SYMBOL(ex_handler_copy);
@@ -103,10 +99,9 @@ EXPORT_SYMBOL(ex_handler_copy);
show_stack_regs(regs);
/* Pretend that the read succeeded and returned 0. */
- regs->ip = ex_fixup_addr(fixup);
regs->ax = 0;
regs->dx = 0;
- return true;
+ return ex_handler_default(fixup, regs, trapnr, error_code, fault_addr);
}
EXPORT_SYMBOL(ex_handler_rdmsr_unsafe);
@@ -121,8 +116,7 @@ EXPORT_SYMBOL(ex_handler_rdmsr_unsafe);
show_stack_regs(regs);
/* Pretend that the write succeeded. */
- regs->ip = ex_fixup_addr(fixup);
- return true;
+ return ex_handler_default(fixup, regs, trapnr, error_code, fault_addr);
}
EXPORT_SYMBOL(ex_handler_wrmsr_unsafe);
^ permalink raw reply [flat|nested] 47+ messages in thread
* [tip: x86/fpu] x86/extable: Tidy up redundant handler functions
2021-09-08 13:29 ` [patch V3 01/20] x86/extable: Tidy up redundant handler functions Thomas Gleixner
@ 2021-09-14 19:19 ` tip-bot2 for Thomas Gleixner
0 siblings, 0 replies; 47+ messages in thread
From: tip-bot2 for Thomas Gleixner @ 2021-09-14 19:19 UTC (permalink / raw)
To: linux-tip-commits; +Cc: Thomas Gleixner, Borislav Petkov, x86, linux-kernel
The following commit has been merged into the x86/fpu branch of tip:
Commit-ID: 326b567f82df0c4c8f50092b9af9a3014616fb3c
Gitweb: https://git.kernel.org/tip/326b567f82df0c4c8f50092b9af9a3014616fb3c
Author: Thomas Gleixner <tglx@linutronix.de>
AuthorDate: Wed, 08 Sep 2021 15:29:12 +02:00
Committer: Borislav Petkov <bp@suse.de>
CommitterDate: Mon, 13 Sep 2021 12:33:06 +02:00
x86/extable: Tidy up redundant handler functions
No need to have the same code all over the place.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lkml.kernel.org/r/20210908132524.963232825@linutronix.de
---
arch/x86/mm/extable.c | 16 +++++-----------
1 file changed, 5 insertions(+), 11 deletions(-)
diff --git a/arch/x86/mm/extable.c b/arch/x86/mm/extable.c
index e1664e9..d9a1046 100644
--- a/arch/x86/mm/extable.c
+++ b/arch/x86/mm/extable.c
@@ -39,9 +39,8 @@ __visible bool ex_handler_fault(const struct exception_table_entry *fixup,
unsigned long error_code,
unsigned long fault_addr)
{
- regs->ip = ex_fixup_addr(fixup);
regs->ax = trapnr;
- return true;
+ return ex_handler_default(fixup, regs, trapnr, error_code, fault_addr);
}
EXPORT_SYMBOL_GPL(ex_handler_fault);
@@ -76,8 +75,7 @@ __visible bool ex_handler_uaccess(const struct exception_table_entry *fixup,
unsigned long fault_addr)
{
WARN_ONCE(trapnr == X86_TRAP_GP, "General protection fault in user access. Non-canonical address?");
- regs->ip = ex_fixup_addr(fixup);
- return true;
+ return ex_handler_default(fixup, regs, trapnr, error_code, fault_addr);
}
EXPORT_SYMBOL(ex_handler_uaccess);
@@ -87,9 +85,7 @@ __visible bool ex_handler_copy(const struct exception_table_entry *fixup,
unsigned long fault_addr)
{
WARN_ONCE(trapnr == X86_TRAP_GP, "General protection fault in user access. Non-canonical address?");
- regs->ip = ex_fixup_addr(fixup);
- regs->ax = trapnr;
- return true;
+ return ex_handler_fault(fixup, regs, trapnr, error_code, fault_addr);
}
EXPORT_SYMBOL(ex_handler_copy);
@@ -103,10 +99,9 @@ __visible bool ex_handler_rdmsr_unsafe(const struct exception_table_entry *fixup
show_stack_regs(regs);
/* Pretend that the read succeeded and returned 0. */
- regs->ip = ex_fixup_addr(fixup);
regs->ax = 0;
regs->dx = 0;
- return true;
+ return ex_handler_default(fixup, regs, trapnr, error_code, fault_addr);
}
EXPORT_SYMBOL(ex_handler_rdmsr_unsafe);
@@ -121,8 +116,7 @@ __visible bool ex_handler_wrmsr_unsafe(const struct exception_table_entry *fixup
show_stack_regs(regs);
/* Pretend that the write succeeded. */
- regs->ip = ex_fixup_addr(fixup);
- return true;
+ return ex_handler_default(fixup, regs, trapnr, error_code, fault_addr);
}
EXPORT_SYMBOL(ex_handler_wrmsr_unsafe);
^ permalink raw reply related [flat|nested] 47+ messages in thread
* [patch V3 02/20] x86/extable: Get rid of redundant macros
2021-09-08 13:29 [patch V3 00/20] x86/fpu: Clean up exception fixups and error handling in sigframe related code Thomas Gleixner
2021-09-08 13:29 ` [patch V3 01/20] x86/extable: Tidy up redundant handler functions Thomas Gleixner
@ 2021-09-08 13:29 ` Thomas Gleixner
2021-09-14 19:19 ` [tip: x86/fpu] " tip-bot2 for Thomas Gleixner
2021-09-08 13:29 ` [patch V3 03/20] x86/mce: Deduplicate exception handling Thomas Gleixner
` (18 subsequent siblings)
20 siblings, 1 reply; 47+ messages in thread
From: Thomas Gleixner @ 2021-09-08 13:29 UTC (permalink / raw)
To: LKML
Cc: x86, Al Viro, Linus Torvalds, Tony Luck, Alexei Starovoitov,
Peter Ziljstra, Song Liu, Daniel Borkmann
No point in defining the identical macros twice depending on C or assembly
mode. They are still identical.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
---
V2: New patch
---
arch/x86/include/asm/asm.h | 37 +++++++++++++------------------------
1 file changed, 13 insertions(+), 24 deletions(-)
--- a/arch/x86/include/asm/asm.h
+++ b/arch/x86/include/asm/asm.h
@@ -132,18 +132,6 @@
.long (handler) - . ; \
.popsection
-# define _ASM_EXTABLE(from, to) \
- _ASM_EXTABLE_HANDLE(from, to, ex_handler_default)
-
-# define _ASM_EXTABLE_UA(from, to) \
- _ASM_EXTABLE_HANDLE(from, to, ex_handler_uaccess)
-
-# define _ASM_EXTABLE_CPY(from, to) \
- _ASM_EXTABLE_HANDLE(from, to, ex_handler_copy)
-
-# define _ASM_EXTABLE_FAULT(from, to) \
- _ASM_EXTABLE_HANDLE(from, to, ex_handler_fault)
-
# ifdef CONFIG_KPROBES
# define _ASM_NOKPROBE(entry) \
.pushsection "_kprobe_blacklist","aw" ; \
@@ -164,18 +152,6 @@
" .long (" _EXPAND_EXTABLE_HANDLE(handler) ") - .\n" \
" .popsection\n"
-# define _ASM_EXTABLE(from, to) \
- _ASM_EXTABLE_HANDLE(from, to, ex_handler_default)
-
-# define _ASM_EXTABLE_UA(from, to) \
- _ASM_EXTABLE_HANDLE(from, to, ex_handler_uaccess)
-
-# define _ASM_EXTABLE_CPY(from, to) \
- _ASM_EXTABLE_HANDLE(from, to, ex_handler_copy)
-
-# define _ASM_EXTABLE_FAULT(from, to) \
- _ASM_EXTABLE_HANDLE(from, to, ex_handler_fault)
-
/* For C file, we already have NOKPROBE_SYMBOL macro */
/*
@@ -188,6 +164,19 @@ register unsigned long current_stack_poi
#define ASM_CALL_CONSTRAINT "+r" (current_stack_pointer)
#endif /* __ASSEMBLY__ */
+#define _ASM_EXTABLE(from, to) \
+ _ASM_EXTABLE_HANDLE(from, to, ex_handler_default)
+
+#define _ASM_EXTABLE_UA(from, to) \
+ _ASM_EXTABLE_HANDLE(from, to, ex_handler_uaccess)
+
+#define _ASM_EXTABLE_CPY(from, to) \
+ _ASM_EXTABLE_HANDLE(from, to, ex_handler_copy)
+
+#define _ASM_EXTABLE_FAULT(from, to) \
+ _ASM_EXTABLE_HANDLE(from, to, ex_handler_fault)
+
+
#endif /* __KERNEL__ */
#endif /* _ASM_X86_ASM_H */
^ permalink raw reply [flat|nested] 47+ messages in thread
* [tip: x86/fpu] x86/extable: Get rid of redundant macros
2021-09-08 13:29 ` [patch V3 02/20] x86/extable: Get rid of redundant macros Thomas Gleixner
@ 2021-09-14 19:19 ` tip-bot2 for Thomas Gleixner
0 siblings, 0 replies; 47+ messages in thread
From: tip-bot2 for Thomas Gleixner @ 2021-09-14 19:19 UTC (permalink / raw)
To: linux-tip-commits; +Cc: Thomas Gleixner, Borislav Petkov, x86, linux-kernel
The following commit has been merged into the x86/fpu branch of tip:
Commit-ID: 32fd8b59f91fcd3bf9459aa72d90345735cc2588
Gitweb: https://git.kernel.org/tip/32fd8b59f91fcd3bf9459aa72d90345735cc2588
Author: Thomas Gleixner <tglx@linutronix.de>
AuthorDate: Wed, 08 Sep 2021 15:29:13 +02:00
Committer: Borislav Petkov <bp@suse.de>
CommitterDate: Mon, 13 Sep 2021 12:52:38 +02:00
x86/extable: Get rid of redundant macros
No point in defining the identical macros twice depending on C or assembly
mode. They are still identical.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lkml.kernel.org/r/20210908132525.023659534@linutronix.de
---
arch/x86/include/asm/asm.h | 36 ++++++++++++------------------------
1 file changed, 12 insertions(+), 24 deletions(-)
diff --git a/arch/x86/include/asm/asm.h b/arch/x86/include/asm/asm.h
index 3ad3da9..719955e 100644
--- a/arch/x86/include/asm/asm.h
+++ b/arch/x86/include/asm/asm.h
@@ -132,18 +132,6 @@
.long (handler) - . ; \
.popsection
-# define _ASM_EXTABLE(from, to) \
- _ASM_EXTABLE_HANDLE(from, to, ex_handler_default)
-
-# define _ASM_EXTABLE_UA(from, to) \
- _ASM_EXTABLE_HANDLE(from, to, ex_handler_uaccess)
-
-# define _ASM_EXTABLE_CPY(from, to) \
- _ASM_EXTABLE_HANDLE(from, to, ex_handler_copy)
-
-# define _ASM_EXTABLE_FAULT(from, to) \
- _ASM_EXTABLE_HANDLE(from, to, ex_handler_fault)
-
# ifdef CONFIG_KPROBES
# define _ASM_NOKPROBE(entry) \
.pushsection "_kprobe_blacklist","aw" ; \
@@ -164,18 +152,6 @@
" .long (" _EXPAND_EXTABLE_HANDLE(handler) ") - .\n" \
" .popsection\n"
-# define _ASM_EXTABLE(from, to) \
- _ASM_EXTABLE_HANDLE(from, to, ex_handler_default)
-
-# define _ASM_EXTABLE_UA(from, to) \
- _ASM_EXTABLE_HANDLE(from, to, ex_handler_uaccess)
-
-# define _ASM_EXTABLE_CPY(from, to) \
- _ASM_EXTABLE_HANDLE(from, to, ex_handler_copy)
-
-# define _ASM_EXTABLE_FAULT(from, to) \
- _ASM_EXTABLE_HANDLE(from, to, ex_handler_fault)
-
/* For C file, we already have NOKPROBE_SYMBOL macro */
/*
@@ -188,6 +164,18 @@ register unsigned long current_stack_pointer asm(_ASM_SP);
#define ASM_CALL_CONSTRAINT "+r" (current_stack_pointer)
#endif /* __ASSEMBLY__ */
+#define _ASM_EXTABLE(from, to) \
+ _ASM_EXTABLE_HANDLE(from, to, ex_handler_default)
+
+#define _ASM_EXTABLE_UA(from, to) \
+ _ASM_EXTABLE_HANDLE(from, to, ex_handler_uaccess)
+
+#define _ASM_EXTABLE_CPY(from, to) \
+ _ASM_EXTABLE_HANDLE(from, to, ex_handler_copy)
+
+#define _ASM_EXTABLE_FAULT(from, to) \
+ _ASM_EXTABLE_HANDLE(from, to, ex_handler_fault)
+
#endif /* __KERNEL__ */
#endif /* _ASM_X86_ASM_H */
^ permalink raw reply related [flat|nested] 47+ messages in thread
* [patch V3 03/20] x86/mce: Deduplicate exception handling
2021-09-08 13:29 [patch V3 00/20] x86/fpu: Clean up exception fixups and error handling in sigframe related code Thomas Gleixner
2021-09-08 13:29 ` [patch V3 01/20] x86/extable: Tidy up redundant handler functions Thomas Gleixner
2021-09-08 13:29 ` [patch V3 02/20] x86/extable: Get rid of redundant macros Thomas Gleixner
@ 2021-09-08 13:29 ` Thomas Gleixner
2021-09-14 19:19 ` [tip: x86/fpu] " tip-bot2 for Thomas Gleixner
2021-09-08 13:29 ` [patch V3 04/20] x86/mce: Get rid of stray semicolons Thomas Gleixner
` (17 subsequent siblings)
20 siblings, 1 reply; 47+ messages in thread
From: Thomas Gleixner @ 2021-09-08 13:29 UTC (permalink / raw)
To: LKML
Cc: x86, Al Viro, Linus Torvalds, Tony Luck, Alexei Starovoitov,
Peter Ziljstra, Song Liu, Daniel Borkmann
Preparatory patch for further simplification. No functional change.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
---
V2: New patch
---
arch/x86/kernel/cpu/mce/core.c | 34 +++++++++++++++++-----------------
1 file changed, 17 insertions(+), 17 deletions(-)
--- a/arch/x86/kernel/cpu/mce/core.c
+++ b/arch/x86/kernel/cpu/mce/core.c
@@ -373,13 +373,16 @@ static int msr_to_offset(u32 msr)
return -1;
}
-__visible bool ex_handler_rdmsr_fault(const struct exception_table_entry *fixup,
- struct pt_regs *regs, int trapnr,
- unsigned long error_code,
- unsigned long fault_addr)
+static void ex_handler_msr_mce(struct pt_regs *regs, bool wrmsr)
{
- pr_emerg("MSR access error: RDMSR from 0x%x at rIP: 0x%lx (%pS)\n",
- (unsigned int)regs->cx, regs->ip, (void *)regs->ip);
+ if (wrmsr) {
+ pr_emerg("MSR access error: WRMSR to 0x%x (tried to write 0x%08x%08x) at rIP: 0x%lx (%pS)\n",
+ (unsigned int)regs->cx, (unsigned int)regs->dx, (unsigned int)regs->ax,
+ regs->ip, (void *)regs->ip);
+ } else {
+ pr_emerg("MSR access error: RDMSR from 0x%x at rIP: 0x%lx (%pS)\n",
+ (unsigned int)regs->cx, regs->ip, (void *)regs->ip);
+ }
show_stack_regs(regs);
@@ -387,7 +390,14 @@ static int msr_to_offset(u32 msr)
while (true)
cpu_relax();
+}
+__visible bool ex_handler_rdmsr_fault(const struct exception_table_entry *fixup,
+ struct pt_regs *regs, int trapnr,
+ unsigned long error_code,
+ unsigned long fault_addr)
+{
+ ex_handler_msr_mce(regs, false);
return true;
}
@@ -432,17 +442,7 @@ static noinstr u64 mce_rdmsrl(u32 msr)
unsigned long error_code,
unsigned long fault_addr)
{
- pr_emerg("MSR access error: WRMSR to 0x%x (tried to write 0x%08x%08x) at rIP: 0x%lx (%pS)\n",
- (unsigned int)regs->cx, (unsigned int)regs->dx, (unsigned int)regs->ax,
- regs->ip, (void *)regs->ip);
-
- show_stack_regs(regs);
-
- panic("MCA architectural violation!\n");
-
- while (true)
- cpu_relax();
-
+ ex_handler_msr_mce(regs, true);
return true;
}
^ permalink raw reply [flat|nested] 47+ messages in thread
* [tip: x86/fpu] x86/mce: Deduplicate exception handling
2021-09-08 13:29 ` [patch V3 03/20] x86/mce: Deduplicate exception handling Thomas Gleixner
@ 2021-09-14 19:19 ` tip-bot2 for Thomas Gleixner
0 siblings, 0 replies; 47+ messages in thread
From: tip-bot2 for Thomas Gleixner @ 2021-09-14 19:19 UTC (permalink / raw)
To: linux-tip-commits; +Cc: Thomas Gleixner, Borislav Petkov, x86, linux-kernel
The following commit has been merged into the x86/fpu branch of tip:
Commit-ID: e42404afc4ca856c48f1e05752541faa3587c472
Gitweb: https://git.kernel.org/tip/e42404afc4ca856c48f1e05752541faa3587c472
Author: Thomas Gleixner <tglx@linutronix.de>
AuthorDate: Wed, 08 Sep 2021 15:29:15 +02:00
Committer: Borislav Petkov <bp@suse.de>
CommitterDate: Mon, 13 Sep 2021 17:00:23 +02:00
x86/mce: Deduplicate exception handling
Prepare code for further simplification. No functional change.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lkml.kernel.org/r/20210908132525.096452100@linutronix.de
---
arch/x86/kernel/cpu/mce/core.c | 34 ++++++++++++++++-----------------
1 file changed, 17 insertions(+), 17 deletions(-)
diff --git a/arch/x86/kernel/cpu/mce/core.c b/arch/x86/kernel/cpu/mce/core.c
index 8cb7816..428eed9 100644
--- a/arch/x86/kernel/cpu/mce/core.c
+++ b/arch/x86/kernel/cpu/mce/core.c
@@ -373,13 +373,16 @@ static int msr_to_offset(u32 msr)
return -1;
}
-__visible bool ex_handler_rdmsr_fault(const struct exception_table_entry *fixup,
- struct pt_regs *regs, int trapnr,
- unsigned long error_code,
- unsigned long fault_addr)
+static void ex_handler_msr_mce(struct pt_regs *regs, bool wrmsr)
{
- pr_emerg("MSR access error: RDMSR from 0x%x at rIP: 0x%lx (%pS)\n",
- (unsigned int)regs->cx, regs->ip, (void *)regs->ip);
+ if (wrmsr) {
+ pr_emerg("MSR access error: WRMSR to 0x%x (tried to write 0x%08x%08x) at rIP: 0x%lx (%pS)\n",
+ (unsigned int)regs->cx, (unsigned int)regs->dx, (unsigned int)regs->ax,
+ regs->ip, (void *)regs->ip);
+ } else {
+ pr_emerg("MSR access error: RDMSR from 0x%x at rIP: 0x%lx (%pS)\n",
+ (unsigned int)regs->cx, regs->ip, (void *)regs->ip);
+ }
show_stack_regs(regs);
@@ -387,7 +390,14 @@ __visible bool ex_handler_rdmsr_fault(const struct exception_table_entry *fixup,
while (true)
cpu_relax();
+}
+__visible bool ex_handler_rdmsr_fault(const struct exception_table_entry *fixup,
+ struct pt_regs *regs, int trapnr,
+ unsigned long error_code,
+ unsigned long fault_addr)
+{
+ ex_handler_msr_mce(regs, false);
return true;
}
@@ -432,17 +442,7 @@ __visible bool ex_handler_wrmsr_fault(const struct exception_table_entry *fixup,
unsigned long error_code,
unsigned long fault_addr)
{
- pr_emerg("MSR access error: WRMSR to 0x%x (tried to write 0x%08x%08x) at rIP: 0x%lx (%pS)\n",
- (unsigned int)regs->cx, (unsigned int)regs->dx, (unsigned int)regs->ax,
- regs->ip, (void *)regs->ip);
-
- show_stack_regs(regs);
-
- panic("MCA architectural violation!\n");
-
- while (true)
- cpu_relax();
-
+ ex_handler_msr_mce(regs, true);
return true;
}
^ permalink raw reply related [flat|nested] 47+ messages in thread
* [patch V3 04/20] x86/mce: Get rid of stray semicolons
2021-09-08 13:29 [patch V3 00/20] x86/fpu: Clean up exception fixups and error handling in sigframe related code Thomas Gleixner
` (2 preceding siblings ...)
2021-09-08 13:29 ` [patch V3 03/20] x86/mce: Deduplicate exception handling Thomas Gleixner
@ 2021-09-08 13:29 ` Thomas Gleixner
2021-09-14 19:19 ` [tip: x86/fpu] " tip-bot2 for Thomas Gleixner
2021-09-08 13:29 ` [patch V3 05/20] x86/extable: Rework the exception table mechanics Thomas Gleixner
` (16 subsequent siblings)
20 siblings, 1 reply; 47+ messages in thread
From: Thomas Gleixner @ 2021-09-08 13:29 UTC (permalink / raw)
To: LKML
Cc: x86, Al Viro, Linus Torvalds, Tony Luck, Alexei Starovoitov,
Peter Ziljstra, Song Liu, Daniel Borkmann
and the random number of tabs.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
---
V2: New patch
---
arch/x86/kernel/cpu/mce/internal.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/arch/x86/kernel/cpu/mce/internal.h
+++ b/arch/x86/kernel/cpu/mce/internal.h
@@ -61,7 +61,7 @@ static inline void cmci_disable_bank(int
static inline void intel_init_cmci(void) { }
static inline void intel_init_lmce(void) { }
static inline void intel_clear_lmce(void) { }
-static inline bool intel_filter_mce(struct mce *m) { return false; };
+static inline bool intel_filter_mce(struct mce *m) { return false; }
#endif
void mce_timer_kick(unsigned long interval);
@@ -183,7 +183,7 @@ extern bool filter_mce(struct mce *m);
#ifdef CONFIG_X86_MCE_AMD
extern bool amd_filter_mce(struct mce *m);
#else
-static inline bool amd_filter_mce(struct mce *m) { return false; };
+static inline bool amd_filter_mce(struct mce *m) { return false; }
#endif
__visible bool ex_handler_rdmsr_fault(const struct exception_table_entry *fixup,
^ permalink raw reply [flat|nested] 47+ messages in thread
* [tip: x86/fpu] x86/mce: Get rid of stray semicolons
2021-09-08 13:29 ` [patch V3 04/20] x86/mce: Get rid of stray semicolons Thomas Gleixner
@ 2021-09-14 19:19 ` tip-bot2 for Thomas Gleixner
0 siblings, 0 replies; 47+ messages in thread
From: tip-bot2 for Thomas Gleixner @ 2021-09-14 19:19 UTC (permalink / raw)
To: linux-tip-commits; +Cc: Thomas Gleixner, Borislav Petkov, x86, linux-kernel
The following commit has been merged into the x86/fpu branch of tip:
Commit-ID: 083b32d6f4fa26abaf585721abeee73c92ea5376
Gitweb: https://git.kernel.org/tip/083b32d6f4fa26abaf585721abeee73c92ea5376
Author: Thomas Gleixner <tglx@linutronix.de>
AuthorDate: Wed, 08 Sep 2021 15:29:16 +02:00
Committer: Borislav Petkov <bp@suse.de>
CommitterDate: Mon, 13 Sep 2021 17:42:51 +02:00
x86/mce: Get rid of stray semicolons
and the random number of tabs.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lkml.kernel.org/r/20210908132525.154428878@linutronix.de
---
arch/x86/kernel/cpu/mce/internal.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/x86/kernel/cpu/mce/internal.h b/arch/x86/kernel/cpu/mce/internal.h
index 88dcc79..9509922 100644
--- a/arch/x86/kernel/cpu/mce/internal.h
+++ b/arch/x86/kernel/cpu/mce/internal.h
@@ -61,7 +61,7 @@ static inline void cmci_disable_bank(int bank) { }
static inline void intel_init_cmci(void) { }
static inline void intel_init_lmce(void) { }
static inline void intel_clear_lmce(void) { }
-static inline bool intel_filter_mce(struct mce *m) { return false; };
+static inline bool intel_filter_mce(struct mce *m) { return false; }
#endif
void mce_timer_kick(unsigned long interval);
@@ -183,7 +183,7 @@ extern bool filter_mce(struct mce *m);
#ifdef CONFIG_X86_MCE_AMD
extern bool amd_filter_mce(struct mce *m);
#else
-static inline bool amd_filter_mce(struct mce *m) { return false; };
+static inline bool amd_filter_mce(struct mce *m) { return false; }
#endif
__visible bool ex_handler_rdmsr_fault(const struct exception_table_entry *fixup,
^ permalink raw reply related [flat|nested] 47+ messages in thread
* [patch V3 05/20] x86/extable: Rework the exception table mechanics
2021-09-08 13:29 [patch V3 00/20] x86/fpu: Clean up exception fixups and error handling in sigframe related code Thomas Gleixner
` (3 preceding siblings ...)
2021-09-08 13:29 ` [patch V3 04/20] x86/mce: Get rid of stray semicolons Thomas Gleixner
@ 2021-09-08 13:29 ` Thomas Gleixner
2021-09-14 19:19 ` [tip: x86/fpu] " tip-bot2 for Thomas Gleixner
2021-09-08 13:29 ` [patch V3 06/20] x86/extable: Provide EX_TYPE_DEFAULT_MCE_SAFE and EX_TYPE_FAULT_MCE_SAFE Thomas Gleixner
` (15 subsequent siblings)
20 siblings, 1 reply; 47+ messages in thread
From: Thomas Gleixner @ 2021-09-08 13:29 UTC (permalink / raw)
To: LKML
Cc: x86, Al Viro, Linus Torvalds, Tony Luck, Alexei Starovoitov,
Peter Ziljstra, Song Liu, Daniel Borkmann
The exception table entries contain the instruction address, the fixup
address and the handler address. All addresses are relative. Storing the
handler address has a few downsides:
1) Most handlers need to be exported
2) Handlers can be defined everywhere and there is no overview about the
handler types
3) MCE needs to check the handler type to decide whether an in kernel #MC
can be recovered. The functionality of the handler itself is not in any
way special, but for these checks there need to be separate functions
which in the worst case have to be exported.
Some of these 'recoverable' exception fixups are pretty obscure and
just reuse some other handler to spare code. That obfuscates e.g. the
#MC safe copy functions. Cleaning that up would require more handlers
and exports
Rework the exception fixup mechanics by storing a fixup type number instead
of the handler address and invoke the proper handler for each fixup
type. Also teach the extable sort to leave the type field alone.
This makes most handlers static except for special cases like the MCE
MSR fixup and the BPF fixup. This allows to add more types for cleaning up
the obscure places without adding more handler code and exports.
There is a marginal code size reduction for a production config and it
removes _eight_ exported symbols.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Cc: Tony Luck <tony.luck@intel.com>
Cc: Song Liu <songliubraving@fb.com>
Cc: Daniel Borkmann <daniel@iogearbox.net>
---
V2: New patch
---
arch/x86/include/asm/asm.h | 22 ++---
arch/x86/include/asm/extable.h | 44 ++++++----
arch/x86/include/asm/extable_fixup_types.h | 19 ++++
arch/x86/include/asm/fpu/internal.h | 4
arch/x86/include/asm/msr.h | 4
arch/x86/include/asm/segment.h | 2
arch/x86/kernel/cpu/mce/core.c | 24 -----
arch/x86/kernel/cpu/mce/internal.h | 10 --
arch/x86/kernel/cpu/mce/severity.c | 21 ++--
arch/x86/mm/extable.c | 123 ++++++++++++-----------------
arch/x86/net/bpf_jit_comp.c | 11 --
scripts/sorttable.c | 4
12 files changed, 133 insertions(+), 155 deletions(-)
--- a/arch/x86/include/asm/asm.h
+++ b/arch/x86/include/asm/asm.h
@@ -122,14 +122,17 @@
#ifdef __KERNEL__
+# include <asm/extable_fixup_types.h>
+
/* Exception table entry */
#ifdef __ASSEMBLY__
-# define _ASM_EXTABLE_HANDLE(from, to, handler) \
+
+# define _ASM_EXTABLE_TYPE(from, to, type) \
.pushsection "__ex_table","a" ; \
.balign 4 ; \
.long (from) - . ; \
.long (to) - . ; \
- .long (handler) - . ; \
+ .long type ; \
.popsection
# ifdef CONFIG_KPROBES
@@ -143,13 +146,13 @@
# endif
#else /* ! __ASSEMBLY__ */
-# define _EXPAND_EXTABLE_HANDLE(x) #x
-# define _ASM_EXTABLE_HANDLE(from, to, handler) \
+
+# define _ASM_EXTABLE_TYPE(from, to, type) \
" .pushsection \"__ex_table\",\"a\"\n" \
" .balign 4\n" \
" .long (" #from ") - .\n" \
" .long (" #to ") - .\n" \
- " .long (" _EXPAND_EXTABLE_HANDLE(handler) ") - .\n" \
+ " .long " __stringify(type) " \n" \
" .popsection\n"
/* For C file, we already have NOKPROBE_SYMBOL macro */
@@ -165,17 +168,16 @@ register unsigned long current_stack_poi
#endif /* __ASSEMBLY__ */
#define _ASM_EXTABLE(from, to) \
- _ASM_EXTABLE_HANDLE(from, to, ex_handler_default)
+ _ASM_EXTABLE_TYPE(from, to, EX_TYPE_DEFAULT)
#define _ASM_EXTABLE_UA(from, to) \
- _ASM_EXTABLE_HANDLE(from, to, ex_handler_uaccess)
+ _ASM_EXTABLE_TYPE(from, to, EX_TYPE_UACCESS)
#define _ASM_EXTABLE_CPY(from, to) \
- _ASM_EXTABLE_HANDLE(from, to, ex_handler_copy)
+ _ASM_EXTABLE_TYPE(from, to, EX_TYPE_COPY)
#define _ASM_EXTABLE_FAULT(from, to) \
- _ASM_EXTABLE_HANDLE(from, to, ex_handler_fault)
-
+ _ASM_EXTABLE_TYPE(from, to, EX_TYPE_FAULT)
#endif /* __KERNEL__ */
--- a/arch/x86/include/asm/extable.h
+++ b/arch/x86/include/asm/extable.h
@@ -1,12 +1,18 @@
/* SPDX-License-Identifier: GPL-2.0 */
#ifndef _ASM_X86_EXTABLE_H
#define _ASM_X86_EXTABLE_H
+
+#include <asm/extable_fixup_types.h>
+
/*
- * The exception table consists of triples of addresses relative to the
- * exception table entry itself. The first address is of an instruction
- * that is allowed to fault, the second is the target at which the program
- * should continue. The third is a handler function to deal with the fault
- * caused by the instruction in the first field.
+ * The exception table consists of two addresses relative to the
+ * exception table entry itself and a type selector field.
+ *
+ * The first address is of an instruction that is allowed to fault, the
+ * second is the target at which the program should continue.
+ *
+ * The type entry is used by fixup_exception() to select the handler to
+ * deal with the fault caused by the instruction in the first field.
*
* All the routines below use bits of fixup code that are out of line
* with the main instruction path. This means when everything is well,
@@ -15,7 +21,7 @@
*/
struct exception_table_entry {
- int insn, fixup, handler;
+ int insn, fixup, type;
};
struct pt_regs;
@@ -25,21 +31,27 @@ struct pt_regs;
do { \
(a)->fixup = (b)->fixup + (delta); \
(b)->fixup = (tmp).fixup - (delta); \
- (a)->handler = (b)->handler + (delta); \
- (b)->handler = (tmp).handler - (delta); \
+ (a)->type = (b)->type; \
+ (b)->type = (tmp).type; \
} while (0)
-enum handler_type {
- EX_HANDLER_NONE,
- EX_HANDLER_FAULT,
- EX_HANDLER_UACCESS,
- EX_HANDLER_OTHER
-};
-
extern int fixup_exception(struct pt_regs *regs, int trapnr,
unsigned long error_code, unsigned long fault_addr);
extern int fixup_bug(struct pt_regs *regs, int trapnr);
-extern enum handler_type ex_get_fault_handler_type(unsigned long ip);
+extern int ex_get_fixup_type(unsigned long ip);
extern void early_fixup_exception(struct pt_regs *regs, int trapnr);
+#ifdef CONFIG_X86_MCE
+extern void ex_handler_msr_mce(struct pt_regs *regs, bool wrmsr);
+#else
+static inline void ex_handler_msr_mce(struct pt_regs *regs, bool wrmsr) { }
+#endif
+
+#if defined(CONFIG_BPF_JIT) && defined(CONFIG_X86_64)
+bool ex_handler_bpf(const struct exception_table_entry *x, struct pt_regs *regs);
+#else
+static inline bool ex_handler_bpf(const struct exception_table_entry *x,
+ struct pt_regs *regs) { return false; }
+#endif
+
#endif
--- /dev/null
+++ b/arch/x86/include/asm/extable_fixup_types.h
@@ -0,0 +1,19 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef _ASM_X86_EXTABLE_FIXUP_TYPES_H
+#define _ASM_X86_EXTABLE_FIXUP_TYPES_H
+
+#define EX_TYPE_NONE 0
+#define EX_TYPE_DEFAULT 1
+#define EX_TYPE_FAULT 2
+#define EX_TYPE_UACCESS 3
+#define EX_TYPE_COPY 4
+#define EX_TYPE_CLEAR_FS 5
+#define EX_TYPE_FPU_RESTORE 6
+#define EX_TYPE_WRMSR 7
+#define EX_TYPE_RDMSR 8
+#define EX_TYPE_BPF 9
+
+#define EX_TYPE_WRMSR_IN_MCE 10
+#define EX_TYPE_RDMSR_IN_MCE 11
+
+#endif
--- a/arch/x86/include/asm/fpu/internal.h
+++ b/arch/x86/include/asm/fpu/internal.h
@@ -126,7 +126,7 @@ extern void save_fpregs_to_fpstate(struc
#define kernel_insn(insn, output, input...) \
asm volatile("1:" #insn "\n\t" \
"2:\n" \
- _ASM_EXTABLE_HANDLE(1b, 2b, ex_handler_fprestore) \
+ _ASM_EXTABLE_TYPE(1b, 2b, EX_TYPE_FPU_RESTORE) \
: output : input)
static inline int fnsave_to_user_sigframe(struct fregs_state __user *fx)
@@ -253,7 +253,7 @@ static inline void fxsave(struct fxregs_
XRSTORS, X86_FEATURE_XSAVES) \
"\n" \
"3:\n" \
- _ASM_EXTABLE_HANDLE(661b, 3b, ex_handler_fprestore)\
+ _ASM_EXTABLE_TYPE(661b, 3b, EX_TYPE_FPU_RESTORE) \
: \
: "D" (st), "m" (*st), "a" (lmask), "d" (hmask) \
: "memory")
--- a/arch/x86/include/asm/msr.h
+++ b/arch/x86/include/asm/msr.h
@@ -92,7 +92,7 @@ static __always_inline unsigned long lon
asm volatile("1: rdmsr\n"
"2:\n"
- _ASM_EXTABLE_HANDLE(1b, 2b, ex_handler_rdmsr_unsafe)
+ _ASM_EXTABLE_TYPE(1b, 2b, EX_TYPE_RDMSR)
: EAX_EDX_RET(val, low, high) : "c" (msr));
return EAX_EDX_VAL(val, low, high);
@@ -102,7 +102,7 @@ static __always_inline void __wrmsr(unsi
{
asm volatile("1: wrmsr\n"
"2:\n"
- _ASM_EXTABLE_HANDLE(1b, 2b, ex_handler_wrmsr_unsafe)
+ _ASM_EXTABLE_TYPE(1b, 2b, EX_TYPE_WRMSR)
: : "c" (msr), "a"(low), "d" (high) : "memory");
}
--- a/arch/x86/include/asm/segment.h
+++ b/arch/x86/include/asm/segment.h
@@ -339,7 +339,7 @@ static inline void __loadsegment_fs(unsi
"1: movw %0, %%fs \n"
"2: \n"
- _ASM_EXTABLE_HANDLE(1b, 2b, ex_handler_clear_fs)
+ _ASM_EXTABLE_TYPE(1b, 2b, EX_TYPE_CLEAR_FS)
: : "rm" (value) : "memory");
}
--- a/arch/x86/kernel/cpu/mce/core.c
+++ b/arch/x86/kernel/cpu/mce/core.c
@@ -373,7 +373,7 @@ static int msr_to_offset(u32 msr)
return -1;
}
-static void ex_handler_msr_mce(struct pt_regs *regs, bool wrmsr)
+void ex_handler_msr_mce(struct pt_regs *regs, bool wrmsr)
{
if (wrmsr) {
pr_emerg("MSR access error: WRMSR to 0x%x (tried to write 0x%08x%08x) at rIP: 0x%lx (%pS)\n",
@@ -392,15 +392,6 @@ static void ex_handler_msr_mce(struct pt
cpu_relax();
}
-__visible bool ex_handler_rdmsr_fault(const struct exception_table_entry *fixup,
- struct pt_regs *regs, int trapnr,
- unsigned long error_code,
- unsigned long fault_addr)
-{
- ex_handler_msr_mce(regs, false);
- return true;
-}
-
/* MSR access wrappers used for error injection */
static noinstr u64 mce_rdmsrl(u32 msr)
{
@@ -430,22 +421,13 @@ static noinstr u64 mce_rdmsrl(u32 msr)
*/
asm volatile("1: rdmsr\n"
"2:\n"
- _ASM_EXTABLE_HANDLE(1b, 2b, ex_handler_rdmsr_fault)
+ _ASM_EXTABLE_TYPE(1b, 2b, EX_TYPE_RDMSR_IN_MCE)
: EAX_EDX_RET(val, low, high) : "c" (msr));
return EAX_EDX_VAL(val, low, high);
}
-__visible bool ex_handler_wrmsr_fault(const struct exception_table_entry *fixup,
- struct pt_regs *regs, int trapnr,
- unsigned long error_code,
- unsigned long fault_addr)
-{
- ex_handler_msr_mce(regs, true);
- return true;
-}
-
static noinstr void mce_wrmsrl(u32 msr, u64 v)
{
u32 low, high;
@@ -470,7 +452,7 @@ static noinstr void mce_wrmsrl(u32 msr,
/* See comment in mce_rdmsrl() */
asm volatile("1: wrmsr\n"
"2:\n"
- _ASM_EXTABLE_HANDLE(1b, 2b, ex_handler_wrmsr_fault)
+ _ASM_EXTABLE_TYPE(1b, 2b, EX_TYPE_WRMSR_IN_MCE)
: : "c" (msr), "a"(low), "d" (high) : "memory");
}
--- a/arch/x86/kernel/cpu/mce/internal.h
+++ b/arch/x86/kernel/cpu/mce/internal.h
@@ -186,14 +186,4 @@ extern bool amd_filter_mce(struct mce *m
static inline bool amd_filter_mce(struct mce *m) { return false; }
#endif
-__visible bool ex_handler_rdmsr_fault(const struct exception_table_entry *fixup,
- struct pt_regs *regs, int trapnr,
- unsigned long error_code,
- unsigned long fault_addr);
-
-__visible bool ex_handler_wrmsr_fault(const struct exception_table_entry *fixup,
- struct pt_regs *regs, int trapnr,
- unsigned long error_code,
- unsigned long fault_addr);
-
#endif /* __X86_MCE_INTERNAL_H__ */
--- a/arch/x86/kernel/cpu/mce/severity.c
+++ b/arch/x86/kernel/cpu/mce/severity.c
@@ -265,25 +265,24 @@ static bool is_copy_from_user(struct pt_
*/
static int error_context(struct mce *m, struct pt_regs *regs)
{
- enum handler_type t;
-
if ((m->cs & 3) == 3)
return IN_USER;
if (!mc_recoverable(m->mcgstatus))
return IN_KERNEL;
- t = ex_get_fault_handler_type(m->ip);
- if (t == EX_HANDLER_FAULT) {
- m->kflags |= MCE_IN_KERNEL_RECOV;
- return IN_KERNEL_RECOV;
- }
- if (t == EX_HANDLER_UACCESS && regs && is_copy_from_user(regs)) {
- m->kflags |= MCE_IN_KERNEL_RECOV;
+ switch (ex_get_fixup_type(m->ip)) {
+ case EX_TYPE_UACCESS:
+ case EX_TYPE_COPY:
+ if (!regs || !is_copy_from_user(regs))
+ return IN_KERNEL;
m->kflags |= MCE_IN_KERNEL_COPYIN;
+ fallthrough;
+ case EX_TYPE_FAULT:
+ m->kflags |= MCE_IN_KERNEL_RECOV;
return IN_KERNEL_RECOV;
+ default:
+ return IN_KERNEL;
}
-
- return IN_KERNEL;
}
static int mce_severity_amd_smca(struct mce *m, enum context err_ctx)
--- a/arch/x86/mm/extable.c
+++ b/arch/x86/mm/extable.c
@@ -9,40 +9,25 @@
#include <asm/traps.h>
#include <asm/kdebug.h>
-typedef bool (*ex_handler_t)(const struct exception_table_entry *,
- struct pt_regs *, int, unsigned long,
- unsigned long);
-
static inline unsigned long
ex_fixup_addr(const struct exception_table_entry *x)
{
return (unsigned long)&x->fixup + x->fixup;
}
-static inline ex_handler_t
-ex_fixup_handler(const struct exception_table_entry *x)
-{
- return (ex_handler_t)((unsigned long)&x->handler + x->handler);
-}
-__visible bool ex_handler_default(const struct exception_table_entry *fixup,
- struct pt_regs *regs, int trapnr,
- unsigned long error_code,
- unsigned long fault_addr)
+static bool ex_handler_default(const struct exception_table_entry *fixup,
+ struct pt_regs *regs)
{
regs->ip = ex_fixup_addr(fixup);
return true;
}
-EXPORT_SYMBOL(ex_handler_default);
-__visible bool ex_handler_fault(const struct exception_table_entry *fixup,
- struct pt_regs *regs, int trapnr,
- unsigned long error_code,
- unsigned long fault_addr)
+static bool ex_handler_fault(const struct exception_table_entry *fixup,
+ struct pt_regs *regs, int trapnr)
{
regs->ax = trapnr;
- return ex_handler_default(fixup, regs, trapnr, error_code, fault_addr);
+ return ex_handler_default(fixup, regs);
}
-EXPORT_SYMBOL_GPL(ex_handler_fault);
/*
* Handler for when we fail to restore a task's FPU state. We should never get
@@ -54,10 +39,8 @@ EXPORT_SYMBOL_GPL(ex_handler_fault);
* of vulnerability by restoring from the initial state (essentially, zeroing
* out all the FPU registers) if we can't restore from the task's FPU state.
*/
-__visible bool ex_handler_fprestore(const struct exception_table_entry *fixup,
- struct pt_regs *regs, int trapnr,
- unsigned long error_code,
- unsigned long fault_addr)
+static bool ex_handler_fprestore(const struct exception_table_entry *fixup,
+ struct pt_regs *regs)
{
regs->ip = ex_fixup_addr(fixup);
@@ -67,32 +50,23 @@ EXPORT_SYMBOL_GPL(ex_handler_fault);
__restore_fpregs_from_fpstate(&init_fpstate, xfeatures_mask_fpstate());
return true;
}
-EXPORT_SYMBOL_GPL(ex_handler_fprestore);
-__visible bool ex_handler_uaccess(const struct exception_table_entry *fixup,
- struct pt_regs *regs, int trapnr,
- unsigned long error_code,
- unsigned long fault_addr)
+static bool ex_handler_uaccess(const struct exception_table_entry *fixup,
+ struct pt_regs *regs, int trapnr)
{
WARN_ONCE(trapnr == X86_TRAP_GP, "General protection fault in user access. Non-canonical address?");
- return ex_handler_default(fixup, regs, trapnr, error_code, fault_addr);
+ return ex_handler_default(fixup, regs);
}
-EXPORT_SYMBOL(ex_handler_uaccess);
-__visible bool ex_handler_copy(const struct exception_table_entry *fixup,
- struct pt_regs *regs, int trapnr,
- unsigned long error_code,
- unsigned long fault_addr)
+static bool ex_handler_copy(const struct exception_table_entry *fixup,
+ struct pt_regs *regs, int trapnr)
{
WARN_ONCE(trapnr == X86_TRAP_GP, "General protection fault in user access. Non-canonical address?");
- return ex_handler_fault(fixup, regs, trapnr, error_code, fault_addr);
+ return ex_handler_fault(fixup, regs, trapnr);
}
-EXPORT_SYMBOL(ex_handler_copy);
-__visible bool ex_handler_rdmsr_unsafe(const struct exception_table_entry *fixup,
- struct pt_regs *regs, int trapnr,
- unsigned long error_code,
- unsigned long fault_addr)
+static bool ex_handler_rdmsr_unsafe(const struct exception_table_entry *fixup,
+ struct pt_regs *regs)
{
if (pr_warn_once("unchecked MSR access error: RDMSR from 0x%x at rIP: 0x%lx (%pS)\n",
(unsigned int)regs->cx, regs->ip, (void *)regs->ip))
@@ -101,14 +75,11 @@ EXPORT_SYMBOL(ex_handler_copy);
/* Pretend that the read succeeded and returned 0. */
regs->ax = 0;
regs->dx = 0;
- return ex_handler_default(fixup, regs, trapnr, error_code, fault_addr);
+ return ex_handler_default(fixup, regs);
}
-EXPORT_SYMBOL(ex_handler_rdmsr_unsafe);
-__visible bool ex_handler_wrmsr_unsafe(const struct exception_table_entry *fixup,
- struct pt_regs *regs, int trapnr,
- unsigned long error_code,
- unsigned long fault_addr)
+static bool ex_handler_wrmsr_unsafe(const struct exception_table_entry *fixup,
+ struct pt_regs *regs)
{
if (pr_warn_once("unchecked MSR access error: WRMSR to 0x%x (tried to write 0x%08x%08x) at rIP: 0x%lx (%pS)\n",
(unsigned int)regs->cx, (unsigned int)regs->dx,
@@ -116,44 +87,29 @@ EXPORT_SYMBOL(ex_handler_rdmsr_unsafe);
show_stack_regs(regs);
/* Pretend that the write succeeded. */
- return ex_handler_default(fixup, regs, trapnr, error_code, fault_addr);
+ return ex_handler_default(fixup, regs);
}
-EXPORT_SYMBOL(ex_handler_wrmsr_unsafe);
-__visible bool ex_handler_clear_fs(const struct exception_table_entry *fixup,
- struct pt_regs *regs, int trapnr,
- unsigned long error_code,
- unsigned long fault_addr)
+static bool ex_handler_clear_fs(const struct exception_table_entry *fixup,
+ struct pt_regs *regs)
{
if (static_cpu_has(X86_BUG_NULL_SEG))
asm volatile ("mov %0, %%fs" : : "rm" (__USER_DS));
asm volatile ("mov %0, %%fs" : : "rm" (0));
- return ex_handler_default(fixup, regs, trapnr, error_code, fault_addr);
+ return ex_handler_default(fixup, regs);
}
-EXPORT_SYMBOL(ex_handler_clear_fs);
-enum handler_type ex_get_fault_handler_type(unsigned long ip)
+int ex_get_fixup_type(unsigned long ip)
{
- const struct exception_table_entry *e;
- ex_handler_t handler;
+ const struct exception_table_entry *e = search_exception_tables(ip);
- e = search_exception_tables(ip);
- if (!e)
- return EX_HANDLER_NONE;
- handler = ex_fixup_handler(e);
- if (handler == ex_handler_fault)
- return EX_HANDLER_FAULT;
- else if (handler == ex_handler_uaccess || handler == ex_handler_copy)
- return EX_HANDLER_UACCESS;
- else
- return EX_HANDLER_OTHER;
+ return e ? e->type : EX_TYPE_NONE;
}
int fixup_exception(struct pt_regs *regs, int trapnr, unsigned long error_code,
unsigned long fault_addr)
{
const struct exception_table_entry *e;
- ex_handler_t handler;
#ifdef CONFIG_PNPBIOS
if (unlikely(SEGMENT_IS_PNP_CODE(regs->cs))) {
@@ -173,8 +129,33 @@ int fixup_exception(struct pt_regs *regs
if (!e)
return 0;
- handler = ex_fixup_handler(e);
- return handler(e, regs, trapnr, error_code, fault_addr);
+ switch (e->type) {
+ case EX_TYPE_DEFAULT:
+ return ex_handler_default(e, regs);
+ case EX_TYPE_FAULT:
+ return ex_handler_fault(e, regs, trapnr);
+ case EX_TYPE_UACCESS:
+ return ex_handler_uaccess(e, regs, trapnr);
+ case EX_TYPE_COPY:
+ return ex_handler_copy(e, regs, trapnr);
+ case EX_TYPE_CLEAR_FS:
+ return ex_handler_clear_fs(e, regs);
+ case EX_TYPE_FPU_RESTORE:
+ return ex_handler_fprestore(e, regs);
+ case EX_TYPE_RDMSR:
+ return ex_handler_rdmsr_unsafe(e, regs);
+ case EX_TYPE_WRMSR:
+ return ex_handler_wrmsr_unsafe(e, regs);
+ case EX_TYPE_BPF:
+ return ex_handler_bpf(e, regs);
+ case EX_TYPE_RDMSR_IN_MCE:
+ ex_handler_msr_mce(regs, false);
+ break;
+ case EX_TYPE_WRMSR_IN_MCE:
+ ex_handler_msr_mce(regs, true);
+ break;
+ }
+ BUG();
}
extern unsigned int early_recursion_flag;
--- a/arch/x86/net/bpf_jit_comp.c
+++ b/arch/x86/net/bpf_jit_comp.c
@@ -827,9 +827,7 @@ static int emit_atomic(u8 **pprog, u8 at
return 0;
}
-static bool ex_handler_bpf(const struct exception_table_entry *x,
- struct pt_regs *regs, int trapnr,
- unsigned long error_code, unsigned long fault_addr)
+bool ex_handler_bpf(const struct exception_table_entry *x, struct pt_regs *regs)
{
u32 reg = x->fixup >> 8;
@@ -1313,12 +1311,7 @@ st: if (is_imm8(insn->off))
}
ex->insn = delta;
- delta = (u8 *)ex_handler_bpf - (u8 *)&ex->handler;
- if (!is_simm32(delta)) {
- pr_err("extable->handler doesn't fit into 32-bit\n");
- return -EFAULT;
- }
- ex->handler = delta;
+ ex->type = EX_TYPE_BPF;
if (dst_reg > BPF_REG_9) {
pr_err("verifier error\n");
--- a/scripts/sorttable.c
+++ b/scripts/sorttable.c
@@ -236,7 +236,7 @@ static void x86_sort_relative_table(char
w(r(loc) + i, loc);
w(r(loc + 1) + i + 4, loc + 1);
- w(r(loc + 2) + i + 8, loc + 2);
+ /* Don't touch the fixup type */
i += sizeof(uint32_t) * 3;
}
@@ -249,7 +249,7 @@ static void x86_sort_relative_table(char
w(r(loc) - i, loc);
w(r(loc + 1) - (i + 4), loc + 1);
- w(r(loc + 2) - (i + 8), loc + 2);
+ /* Don't touch the fixup type */
i += sizeof(uint32_t) * 3;
}
^ permalink raw reply [flat|nested] 47+ messages in thread
* [tip: x86/fpu] x86/extable: Rework the exception table mechanics
2021-09-08 13:29 ` [patch V3 05/20] x86/extable: Rework the exception table mechanics Thomas Gleixner
@ 2021-09-14 19:19 ` tip-bot2 for Thomas Gleixner
0 siblings, 0 replies; 47+ messages in thread
From: tip-bot2 for Thomas Gleixner @ 2021-09-14 19:19 UTC (permalink / raw)
To: linux-tip-commits
Cc: Thomas Gleixner, Borislav Petkov, Alexei Starovoitov, x86, linux-kernel
The following commit has been merged into the x86/fpu branch of tip:
Commit-ID: 46d28947d9876fc0f8f93d3c69813ef6e9852595
Gitweb: https://git.kernel.org/tip/46d28947d9876fc0f8f93d3c69813ef6e9852595
Author: Thomas Gleixner <tglx@linutronix.de>
AuthorDate: Wed, 08 Sep 2021 15:29:18 +02:00
Committer: Borislav Petkov <bp@suse.de>
CommitterDate: Mon, 13 Sep 2021 17:51:47 +02:00
x86/extable: Rework the exception table mechanics
The exception table entries contain the instruction address, the fixup
address and the handler address. All addresses are relative. Storing the
handler address has a few downsides:
1) Most handlers need to be exported
2) Handlers can be defined everywhere and there is no overview about the
handler types
3) MCE needs to check the handler type to decide whether an in kernel #MC
can be recovered. The functionality of the handler itself is not in any
way special, but for these checks there need to be separate functions
which in the worst case have to be exported.
Some of these 'recoverable' exception fixups are pretty obscure and
just reuse some other handler to spare code. That obfuscates e.g. the
#MC safe copy functions. Cleaning that up would require more handlers
and exports
Rework the exception fixup mechanics by storing a fixup type number instead
of the handler address and invoke the proper handler for each fixup
type. Also teach the extable sort to leave the type field alone.
This makes most handlers static except for special cases like the MCE
MSR fixup and the BPF fixup. This allows to add more types for cleaning up
the obscure places without adding more handler code and exports.
There is a marginal code size reduction for a production config and it
removes _eight_ exported symbols.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Borislav Petkov <bp@suse.de>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lkml.kernel.org/r/20210908132525.211958725@linutronix.de
---
arch/x86/include/asm/asm.h | 22 ++--
arch/x86/include/asm/extable.h | 44 ++++---
arch/x86/include/asm/extable_fixup_types.h | 19 +++-
arch/x86/include/asm/fpu/internal.h | 4 +-
arch/x86/include/asm/msr.h | 4 +-
arch/x86/include/asm/segment.h | 2 +-
arch/x86/kernel/cpu/mce/core.c | 24 +----
arch/x86/kernel/cpu/mce/internal.h | 10 +--
arch/x86/kernel/cpu/mce/severity.c | 21 +--
arch/x86/mm/extable.c | 123 ++++++++------------
arch/x86/net/bpf_jit_comp.c | 11 +--
scripts/sorttable.c | 4 +-
12 files changed, 133 insertions(+), 155 deletions(-)
create mode 100644 arch/x86/include/asm/extable_fixup_types.h
diff --git a/arch/x86/include/asm/asm.h b/arch/x86/include/asm/asm.h
index 719955e..6aadb9a 100644
--- a/arch/x86/include/asm/asm.h
+++ b/arch/x86/include/asm/asm.h
@@ -122,14 +122,17 @@
#ifdef __KERNEL__
+# include <asm/extable_fixup_types.h>
+
/* Exception table entry */
#ifdef __ASSEMBLY__
-# define _ASM_EXTABLE_HANDLE(from, to, handler) \
+
+# define _ASM_EXTABLE_TYPE(from, to, type) \
.pushsection "__ex_table","a" ; \
.balign 4 ; \
.long (from) - . ; \
.long (to) - . ; \
- .long (handler) - . ; \
+ .long type ; \
.popsection
# ifdef CONFIG_KPROBES
@@ -143,13 +146,13 @@
# endif
#else /* ! __ASSEMBLY__ */
-# define _EXPAND_EXTABLE_HANDLE(x) #x
-# define _ASM_EXTABLE_HANDLE(from, to, handler) \
+
+# define _ASM_EXTABLE_TYPE(from, to, type) \
" .pushsection \"__ex_table\",\"a\"\n" \
" .balign 4\n" \
" .long (" #from ") - .\n" \
" .long (" #to ") - .\n" \
- " .long (" _EXPAND_EXTABLE_HANDLE(handler) ") - .\n" \
+ " .long " __stringify(type) " \n" \
" .popsection\n"
/* For C file, we already have NOKPROBE_SYMBOL macro */
@@ -165,17 +168,16 @@ register unsigned long current_stack_pointer asm(_ASM_SP);
#endif /* __ASSEMBLY__ */
#define _ASM_EXTABLE(from, to) \
- _ASM_EXTABLE_HANDLE(from, to, ex_handler_default)
+ _ASM_EXTABLE_TYPE(from, to, EX_TYPE_DEFAULT)
#define _ASM_EXTABLE_UA(from, to) \
- _ASM_EXTABLE_HANDLE(from, to, ex_handler_uaccess)
+ _ASM_EXTABLE_TYPE(from, to, EX_TYPE_UACCESS)
#define _ASM_EXTABLE_CPY(from, to) \
- _ASM_EXTABLE_HANDLE(from, to, ex_handler_copy)
+ _ASM_EXTABLE_TYPE(from, to, EX_TYPE_COPY)
#define _ASM_EXTABLE_FAULT(from, to) \
- _ASM_EXTABLE_HANDLE(from, to, ex_handler_fault)
+ _ASM_EXTABLE_TYPE(from, to, EX_TYPE_FAULT)
#endif /* __KERNEL__ */
-
#endif /* _ASM_X86_ASM_H */
diff --git a/arch/x86/include/asm/extable.h b/arch/x86/include/asm/extable.h
index 1f0cbc5..93f400e 100644
--- a/arch/x86/include/asm/extable.h
+++ b/arch/x86/include/asm/extable.h
@@ -1,12 +1,18 @@
/* SPDX-License-Identifier: GPL-2.0 */
#ifndef _ASM_X86_EXTABLE_H
#define _ASM_X86_EXTABLE_H
+
+#include <asm/extable_fixup_types.h>
+
/*
- * The exception table consists of triples of addresses relative to the
- * exception table entry itself. The first address is of an instruction
- * that is allowed to fault, the second is the target at which the program
- * should continue. The third is a handler function to deal with the fault
- * caused by the instruction in the first field.
+ * The exception table consists of two addresses relative to the
+ * exception table entry itself and a type selector field.
+ *
+ * The first address is of an instruction that is allowed to fault, the
+ * second is the target at which the program should continue.
+ *
+ * The type entry is used by fixup_exception() to select the handler to
+ * deal with the fault caused by the instruction in the first field.
*
* All the routines below use bits of fixup code that are out of line
* with the main instruction path. This means when everything is well,
@@ -15,7 +21,7 @@
*/
struct exception_table_entry {
- int insn, fixup, handler;
+ int insn, fixup, type;
};
struct pt_regs;
@@ -25,21 +31,27 @@ struct pt_regs;
do { \
(a)->fixup = (b)->fixup + (delta); \
(b)->fixup = (tmp).fixup - (delta); \
- (a)->handler = (b)->handler + (delta); \
- (b)->handler = (tmp).handler - (delta); \
+ (a)->type = (b)->type; \
+ (b)->type = (tmp).type; \
} while (0)
-enum handler_type {
- EX_HANDLER_NONE,
- EX_HANDLER_FAULT,
- EX_HANDLER_UACCESS,
- EX_HANDLER_OTHER
-};
-
extern int fixup_exception(struct pt_regs *regs, int trapnr,
unsigned long error_code, unsigned long fault_addr);
extern int fixup_bug(struct pt_regs *regs, int trapnr);
-extern enum handler_type ex_get_fault_handler_type(unsigned long ip);
+extern int ex_get_fixup_type(unsigned long ip);
extern void early_fixup_exception(struct pt_regs *regs, int trapnr);
+#ifdef CONFIG_X86_MCE
+extern void ex_handler_msr_mce(struct pt_regs *regs, bool wrmsr);
+#else
+static inline void ex_handler_msr_mce(struct pt_regs *regs, bool wrmsr) { }
+#endif
+
+#if defined(CONFIG_BPF_JIT) && defined(CONFIG_X86_64)
+bool ex_handler_bpf(const struct exception_table_entry *x, struct pt_regs *regs);
+#else
+static inline bool ex_handler_bpf(const struct exception_table_entry *x,
+ struct pt_regs *regs) { return false; }
+#endif
+
#endif
diff --git a/arch/x86/include/asm/extable_fixup_types.h b/arch/x86/include/asm/extable_fixup_types.h
new file mode 100644
index 0000000..0adc117
--- /dev/null
+++ b/arch/x86/include/asm/extable_fixup_types.h
@@ -0,0 +1,19 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef _ASM_X86_EXTABLE_FIXUP_TYPES_H
+#define _ASM_X86_EXTABLE_FIXUP_TYPES_H
+
+#define EX_TYPE_NONE 0
+#define EX_TYPE_DEFAULT 1
+#define EX_TYPE_FAULT 2
+#define EX_TYPE_UACCESS 3
+#define EX_TYPE_COPY 4
+#define EX_TYPE_CLEAR_FS 5
+#define EX_TYPE_FPU_RESTORE 6
+#define EX_TYPE_WRMSR 7
+#define EX_TYPE_RDMSR 8
+#define EX_TYPE_BPF 9
+
+#define EX_TYPE_WRMSR_IN_MCE 10
+#define EX_TYPE_RDMSR_IN_MCE 11
+
+#endif
diff --git a/arch/x86/include/asm/fpu/internal.h b/arch/x86/include/asm/fpu/internal.h
index 5a18694..ce6fc4f 100644
--- a/arch/x86/include/asm/fpu/internal.h
+++ b/arch/x86/include/asm/fpu/internal.h
@@ -126,7 +126,7 @@ extern void save_fpregs_to_fpstate(struct fpu *fpu);
#define kernel_insn(insn, output, input...) \
asm volatile("1:" #insn "\n\t" \
"2:\n" \
- _ASM_EXTABLE_HANDLE(1b, 2b, ex_handler_fprestore) \
+ _ASM_EXTABLE_TYPE(1b, 2b, EX_TYPE_FPU_RESTORE) \
: output : input)
static inline int fnsave_to_user_sigframe(struct fregs_state __user *fx)
@@ -253,7 +253,7 @@ static inline void fxsave(struct fxregs_state *fx)
XRSTORS, X86_FEATURE_XSAVES) \
"\n" \
"3:\n" \
- _ASM_EXTABLE_HANDLE(661b, 3b, ex_handler_fprestore)\
+ _ASM_EXTABLE_TYPE(661b, 3b, EX_TYPE_FPU_RESTORE) \
: \
: "D" (st), "m" (*st), "a" (lmask), "d" (hmask) \
: "memory")
diff --git a/arch/x86/include/asm/msr.h b/arch/x86/include/asm/msr.h
index a3f87f1..6b52182 100644
--- a/arch/x86/include/asm/msr.h
+++ b/arch/x86/include/asm/msr.h
@@ -92,7 +92,7 @@ static __always_inline unsigned long long __rdmsr(unsigned int msr)
asm volatile("1: rdmsr\n"
"2:\n"
- _ASM_EXTABLE_HANDLE(1b, 2b, ex_handler_rdmsr_unsafe)
+ _ASM_EXTABLE_TYPE(1b, 2b, EX_TYPE_RDMSR)
: EAX_EDX_RET(val, low, high) : "c" (msr));
return EAX_EDX_VAL(val, low, high);
@@ -102,7 +102,7 @@ static __always_inline void __wrmsr(unsigned int msr, u32 low, u32 high)
{
asm volatile("1: wrmsr\n"
"2:\n"
- _ASM_EXTABLE_HANDLE(1b, 2b, ex_handler_wrmsr_unsafe)
+ _ASM_EXTABLE_TYPE(1b, 2b, EX_TYPE_WRMSR)
: : "c" (msr), "a"(low), "d" (high) : "memory");
}
diff --git a/arch/x86/include/asm/segment.h b/arch/x86/include/asm/segment.h
index 7204402..8dd8e8e 100644
--- a/arch/x86/include/asm/segment.h
+++ b/arch/x86/include/asm/segment.h
@@ -339,7 +339,7 @@ static inline void __loadsegment_fs(unsigned short value)
"1: movw %0, %%fs \n"
"2: \n"
- _ASM_EXTABLE_HANDLE(1b, 2b, ex_handler_clear_fs)
+ _ASM_EXTABLE_TYPE(1b, 2b, EX_TYPE_CLEAR_FS)
: : "rm" (value) : "memory");
}
diff --git a/arch/x86/kernel/cpu/mce/core.c b/arch/x86/kernel/cpu/mce/core.c
index 428eed9..cd919fc 100644
--- a/arch/x86/kernel/cpu/mce/core.c
+++ b/arch/x86/kernel/cpu/mce/core.c
@@ -373,7 +373,7 @@ static int msr_to_offset(u32 msr)
return -1;
}
-static void ex_handler_msr_mce(struct pt_regs *regs, bool wrmsr)
+void ex_handler_msr_mce(struct pt_regs *regs, bool wrmsr)
{
if (wrmsr) {
pr_emerg("MSR access error: WRMSR to 0x%x (tried to write 0x%08x%08x) at rIP: 0x%lx (%pS)\n",
@@ -392,15 +392,6 @@ static void ex_handler_msr_mce(struct pt_regs *regs, bool wrmsr)
cpu_relax();
}
-__visible bool ex_handler_rdmsr_fault(const struct exception_table_entry *fixup,
- struct pt_regs *regs, int trapnr,
- unsigned long error_code,
- unsigned long fault_addr)
-{
- ex_handler_msr_mce(regs, false);
- return true;
-}
-
/* MSR access wrappers used for error injection */
static noinstr u64 mce_rdmsrl(u32 msr)
{
@@ -430,22 +421,13 @@ static noinstr u64 mce_rdmsrl(u32 msr)
*/
asm volatile("1: rdmsr\n"
"2:\n"
- _ASM_EXTABLE_HANDLE(1b, 2b, ex_handler_rdmsr_fault)
+ _ASM_EXTABLE_TYPE(1b, 2b, EX_TYPE_RDMSR_IN_MCE)
: EAX_EDX_RET(val, low, high) : "c" (msr));
return EAX_EDX_VAL(val, low, high);
}
-__visible bool ex_handler_wrmsr_fault(const struct exception_table_entry *fixup,
- struct pt_regs *regs, int trapnr,
- unsigned long error_code,
- unsigned long fault_addr)
-{
- ex_handler_msr_mce(regs, true);
- return true;
-}
-
static noinstr void mce_wrmsrl(u32 msr, u64 v)
{
u32 low, high;
@@ -470,7 +452,7 @@ static noinstr void mce_wrmsrl(u32 msr, u64 v)
/* See comment in mce_rdmsrl() */
asm volatile("1: wrmsr\n"
"2:\n"
- _ASM_EXTABLE_HANDLE(1b, 2b, ex_handler_wrmsr_fault)
+ _ASM_EXTABLE_TYPE(1b, 2b, EX_TYPE_WRMSR_IN_MCE)
: : "c" (msr), "a"(low), "d" (high) : "memory");
}
diff --git a/arch/x86/kernel/cpu/mce/internal.h b/arch/x86/kernel/cpu/mce/internal.h
index 9509922..3463f8c 100644
--- a/arch/x86/kernel/cpu/mce/internal.h
+++ b/arch/x86/kernel/cpu/mce/internal.h
@@ -186,14 +186,4 @@ extern bool amd_filter_mce(struct mce *m);
static inline bool amd_filter_mce(struct mce *m) { return false; }
#endif
-__visible bool ex_handler_rdmsr_fault(const struct exception_table_entry *fixup,
- struct pt_regs *regs, int trapnr,
- unsigned long error_code,
- unsigned long fault_addr);
-
-__visible bool ex_handler_wrmsr_fault(const struct exception_table_entry *fixup,
- struct pt_regs *regs, int trapnr,
- unsigned long error_code,
- unsigned long fault_addr);
-
#endif /* __X86_MCE_INTERNAL_H__ */
diff --git a/arch/x86/kernel/cpu/mce/severity.c b/arch/x86/kernel/cpu/mce/severity.c
index 17e6314..74fe763 100644
--- a/arch/x86/kernel/cpu/mce/severity.c
+++ b/arch/x86/kernel/cpu/mce/severity.c
@@ -265,25 +265,24 @@ static bool is_copy_from_user(struct pt_regs *regs)
*/
static int error_context(struct mce *m, struct pt_regs *regs)
{
- enum handler_type t;
-
if ((m->cs & 3) == 3)
return IN_USER;
if (!mc_recoverable(m->mcgstatus))
return IN_KERNEL;
- t = ex_get_fault_handler_type(m->ip);
- if (t == EX_HANDLER_FAULT) {
- m->kflags |= MCE_IN_KERNEL_RECOV;
- return IN_KERNEL_RECOV;
- }
- if (t == EX_HANDLER_UACCESS && regs && is_copy_from_user(regs)) {
- m->kflags |= MCE_IN_KERNEL_RECOV;
+ switch (ex_get_fixup_type(m->ip)) {
+ case EX_TYPE_UACCESS:
+ case EX_TYPE_COPY:
+ if (!regs || !is_copy_from_user(regs))
+ return IN_KERNEL;
m->kflags |= MCE_IN_KERNEL_COPYIN;
+ fallthrough;
+ case EX_TYPE_FAULT:
+ m->kflags |= MCE_IN_KERNEL_RECOV;
return IN_KERNEL_RECOV;
+ default:
+ return IN_KERNEL;
}
-
- return IN_KERNEL;
}
static int mce_severity_amd_smca(struct mce *m, enum context err_ctx)
diff --git a/arch/x86/mm/extable.c b/arch/x86/mm/extable.c
index d9a1046..5db46df 100644
--- a/arch/x86/mm/extable.c
+++ b/arch/x86/mm/extable.c
@@ -9,40 +9,25 @@
#include <asm/traps.h>
#include <asm/kdebug.h>
-typedef bool (*ex_handler_t)(const struct exception_table_entry *,
- struct pt_regs *, int, unsigned long,
- unsigned long);
-
static inline unsigned long
ex_fixup_addr(const struct exception_table_entry *x)
{
return (unsigned long)&x->fixup + x->fixup;
}
-static inline ex_handler_t
-ex_fixup_handler(const struct exception_table_entry *x)
-{
- return (ex_handler_t)((unsigned long)&x->handler + x->handler);
-}
-__visible bool ex_handler_default(const struct exception_table_entry *fixup,
- struct pt_regs *regs, int trapnr,
- unsigned long error_code,
- unsigned long fault_addr)
+static bool ex_handler_default(const struct exception_table_entry *fixup,
+ struct pt_regs *regs)
{
regs->ip = ex_fixup_addr(fixup);
return true;
}
-EXPORT_SYMBOL(ex_handler_default);
-__visible bool ex_handler_fault(const struct exception_table_entry *fixup,
- struct pt_regs *regs, int trapnr,
- unsigned long error_code,
- unsigned long fault_addr)
+static bool ex_handler_fault(const struct exception_table_entry *fixup,
+ struct pt_regs *regs, int trapnr)
{
regs->ax = trapnr;
- return ex_handler_default(fixup, regs, trapnr, error_code, fault_addr);
+ return ex_handler_default(fixup, regs);
}
-EXPORT_SYMBOL_GPL(ex_handler_fault);
/*
* Handler for when we fail to restore a task's FPU state. We should never get
@@ -54,10 +39,8 @@ EXPORT_SYMBOL_GPL(ex_handler_fault);
* of vulnerability by restoring from the initial state (essentially, zeroing
* out all the FPU registers) if we can't restore from the task's FPU state.
*/
-__visible bool ex_handler_fprestore(const struct exception_table_entry *fixup,
- struct pt_regs *regs, int trapnr,
- unsigned long error_code,
- unsigned long fault_addr)
+static bool ex_handler_fprestore(const struct exception_table_entry *fixup,
+ struct pt_regs *regs)
{
regs->ip = ex_fixup_addr(fixup);
@@ -67,32 +50,23 @@ __visible bool ex_handler_fprestore(const struct exception_table_entry *fixup,
__restore_fpregs_from_fpstate(&init_fpstate, xfeatures_mask_fpstate());
return true;
}
-EXPORT_SYMBOL_GPL(ex_handler_fprestore);
-__visible bool ex_handler_uaccess(const struct exception_table_entry *fixup,
- struct pt_regs *regs, int trapnr,
- unsigned long error_code,
- unsigned long fault_addr)
+static bool ex_handler_uaccess(const struct exception_table_entry *fixup,
+ struct pt_regs *regs, int trapnr)
{
WARN_ONCE(trapnr == X86_TRAP_GP, "General protection fault in user access. Non-canonical address?");
- return ex_handler_default(fixup, regs, trapnr, error_code, fault_addr);
+ return ex_handler_default(fixup, regs);
}
-EXPORT_SYMBOL(ex_handler_uaccess);
-__visible bool ex_handler_copy(const struct exception_table_entry *fixup,
- struct pt_regs *regs, int trapnr,
- unsigned long error_code,
- unsigned long fault_addr)
+static bool ex_handler_copy(const struct exception_table_entry *fixup,
+ struct pt_regs *regs, int trapnr)
{
WARN_ONCE(trapnr == X86_TRAP_GP, "General protection fault in user access. Non-canonical address?");
- return ex_handler_fault(fixup, regs, trapnr, error_code, fault_addr);
+ return ex_handler_fault(fixup, regs, trapnr);
}
-EXPORT_SYMBOL(ex_handler_copy);
-__visible bool ex_handler_rdmsr_unsafe(const struct exception_table_entry *fixup,
- struct pt_regs *regs, int trapnr,
- unsigned long error_code,
- unsigned long fault_addr)
+static bool ex_handler_rdmsr_unsafe(const struct exception_table_entry *fixup,
+ struct pt_regs *regs)
{
if (pr_warn_once("unchecked MSR access error: RDMSR from 0x%x at rIP: 0x%lx (%pS)\n",
(unsigned int)regs->cx, regs->ip, (void *)regs->ip))
@@ -101,14 +75,11 @@ __visible bool ex_handler_rdmsr_unsafe(const struct exception_table_entry *fixup
/* Pretend that the read succeeded and returned 0. */
regs->ax = 0;
regs->dx = 0;
- return ex_handler_default(fixup, regs, trapnr, error_code, fault_addr);
+ return ex_handler_default(fixup, regs);
}
-EXPORT_SYMBOL(ex_handler_rdmsr_unsafe);
-__visible bool ex_handler_wrmsr_unsafe(const struct exception_table_entry *fixup,
- struct pt_regs *regs, int trapnr,
- unsigned long error_code,
- unsigned long fault_addr)
+static bool ex_handler_wrmsr_unsafe(const struct exception_table_entry *fixup,
+ struct pt_regs *regs)
{
if (pr_warn_once("unchecked MSR access error: WRMSR to 0x%x (tried to write 0x%08x%08x) at rIP: 0x%lx (%pS)\n",
(unsigned int)regs->cx, (unsigned int)regs->dx,
@@ -116,44 +87,29 @@ __visible bool ex_handler_wrmsr_unsafe(const struct exception_table_entry *fixup
show_stack_regs(regs);
/* Pretend that the write succeeded. */
- return ex_handler_default(fixup, regs, trapnr, error_code, fault_addr);
+ return ex_handler_default(fixup, regs);
}
-EXPORT_SYMBOL(ex_handler_wrmsr_unsafe);
-__visible bool ex_handler_clear_fs(const struct exception_table_entry *fixup,
- struct pt_regs *regs, int trapnr,
- unsigned long error_code,
- unsigned long fault_addr)
+static bool ex_handler_clear_fs(const struct exception_table_entry *fixup,
+ struct pt_regs *regs)
{
if (static_cpu_has(X86_BUG_NULL_SEG))
asm volatile ("mov %0, %%fs" : : "rm" (__USER_DS));
asm volatile ("mov %0, %%fs" : : "rm" (0));
- return ex_handler_default(fixup, regs, trapnr, error_code, fault_addr);
+ return ex_handler_default(fixup, regs);
}
-EXPORT_SYMBOL(ex_handler_clear_fs);
-enum handler_type ex_get_fault_handler_type(unsigned long ip)
+int ex_get_fixup_type(unsigned long ip)
{
- const struct exception_table_entry *e;
- ex_handler_t handler;
+ const struct exception_table_entry *e = search_exception_tables(ip);
- e = search_exception_tables(ip);
- if (!e)
- return EX_HANDLER_NONE;
- handler = ex_fixup_handler(e);
- if (handler == ex_handler_fault)
- return EX_HANDLER_FAULT;
- else if (handler == ex_handler_uaccess || handler == ex_handler_copy)
- return EX_HANDLER_UACCESS;
- else
- return EX_HANDLER_OTHER;
+ return e ? e->type : EX_TYPE_NONE;
}
int fixup_exception(struct pt_regs *regs, int trapnr, unsigned long error_code,
unsigned long fault_addr)
{
const struct exception_table_entry *e;
- ex_handler_t handler;
#ifdef CONFIG_PNPBIOS
if (unlikely(SEGMENT_IS_PNP_CODE(regs->cs))) {
@@ -173,8 +129,33 @@ int fixup_exception(struct pt_regs *regs, int trapnr, unsigned long error_code,
if (!e)
return 0;
- handler = ex_fixup_handler(e);
- return handler(e, regs, trapnr, error_code, fault_addr);
+ switch (e->type) {
+ case EX_TYPE_DEFAULT:
+ return ex_handler_default(e, regs);
+ case EX_TYPE_FAULT:
+ return ex_handler_fault(e, regs, trapnr);
+ case EX_TYPE_UACCESS:
+ return ex_handler_uaccess(e, regs, trapnr);
+ case EX_TYPE_COPY:
+ return ex_handler_copy(e, regs, trapnr);
+ case EX_TYPE_CLEAR_FS:
+ return ex_handler_clear_fs(e, regs);
+ case EX_TYPE_FPU_RESTORE:
+ return ex_handler_fprestore(e, regs);
+ case EX_TYPE_RDMSR:
+ return ex_handler_rdmsr_unsafe(e, regs);
+ case EX_TYPE_WRMSR:
+ return ex_handler_wrmsr_unsafe(e, regs);
+ case EX_TYPE_BPF:
+ return ex_handler_bpf(e, regs);
+ case EX_TYPE_RDMSR_IN_MCE:
+ ex_handler_msr_mce(regs, false);
+ break;
+ case EX_TYPE_WRMSR_IN_MCE:
+ ex_handler_msr_mce(regs, true);
+ break;
+ }
+ BUG();
}
extern unsigned int early_recursion_flag;
diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c
index 0fe6aac..703dc6e 100644
--- a/arch/x86/net/bpf_jit_comp.c
+++ b/arch/x86/net/bpf_jit_comp.c
@@ -827,9 +827,7 @@ static int emit_atomic(u8 **pprog, u8 atomic_op,
return 0;
}
-static bool ex_handler_bpf(const struct exception_table_entry *x,
- struct pt_regs *regs, int trapnr,
- unsigned long error_code, unsigned long fault_addr)
+bool ex_handler_bpf(const struct exception_table_entry *x, struct pt_regs *regs)
{
u32 reg = x->fixup >> 8;
@@ -1313,12 +1311,7 @@ st: if (is_imm8(insn->off))
}
ex->insn = delta;
- delta = (u8 *)ex_handler_bpf - (u8 *)&ex->handler;
- if (!is_simm32(delta)) {
- pr_err("extable->handler doesn't fit into 32-bit\n");
- return -EFAULT;
- }
- ex->handler = delta;
+ ex->type = EX_TYPE_BPF;
if (dst_reg > BPF_REG_9) {
pr_err("verifier error\n");
diff --git a/scripts/sorttable.c b/scripts/sorttable.c
index f355869..a9b3324 100644
--- a/scripts/sorttable.c
+++ b/scripts/sorttable.c
@@ -236,7 +236,7 @@ static void x86_sort_relative_table(char *extab_image, int image_size)
w(r(loc) + i, loc);
w(r(loc + 1) + i + 4, loc + 1);
- w(r(loc + 2) + i + 8, loc + 2);
+ /* Don't touch the fixup type */
i += sizeof(uint32_t) * 3;
}
@@ -249,7 +249,7 @@ static void x86_sort_relative_table(char *extab_image, int image_size)
w(r(loc) - i, loc);
w(r(loc + 1) - (i + 4), loc + 1);
- w(r(loc + 2) - (i + 8), loc + 2);
+ /* Don't touch the fixup type */
i += sizeof(uint32_t) * 3;
}
^ permalink raw reply related [flat|nested] 47+ messages in thread
* [patch V3 06/20] x86/extable: Provide EX_TYPE_DEFAULT_MCE_SAFE and EX_TYPE_FAULT_MCE_SAFE
2021-09-08 13:29 [patch V3 00/20] x86/fpu: Clean up exception fixups and error handling in sigframe related code Thomas Gleixner
` (4 preceding siblings ...)
2021-09-08 13:29 ` [patch V3 05/20] x86/extable: Rework the exception table mechanics Thomas Gleixner
@ 2021-09-08 13:29 ` Thomas Gleixner
2021-09-14 19:19 ` [tip: x86/fpu] " tip-bot2 for Thomas Gleixner
2021-09-08 13:29 ` [patch V3 07/20] x86/copy_mc: Use EX_TYPE_DEFAULT_MCE_SAFE for exception fixups Thomas Gleixner
` (14 subsequent siblings)
20 siblings, 1 reply; 47+ messages in thread
From: Thomas Gleixner @ 2021-09-08 13:29 UTC (permalink / raw)
To: LKML
Cc: x86, Al Viro, Linus Torvalds, Tony Luck, Alexei Starovoitov,
Peter Ziljstra, Song Liu, Daniel Borkmann
Provide exception fixup types which can be used to identify fixups which
allow in kernel #MC recovery and make them invoke the existing handlers.
These will be used at places where #MC recovery is handled correctly by the
caller.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
---
V2: New patch
---
arch/x86/include/asm/extable_fixup_types.h | 3 +++
arch/x86/kernel/cpu/mce/severity.c | 2 ++
arch/x86/mm/extable.c | 2 ++
3 files changed, 7 insertions(+)
--- a/arch/x86/include/asm/extable_fixup_types.h
+++ b/arch/x86/include/asm/extable_fixup_types.h
@@ -16,4 +16,7 @@
#define EX_TYPE_WRMSR_IN_MCE 10
#define EX_TYPE_RDMSR_IN_MCE 11
+#define EX_TYPE_DEFAULT_MCE_SAFE 12
+#define EX_TYPE_FAULT_MCE_SAFE 13
+
#endif
--- a/arch/x86/kernel/cpu/mce/severity.c
+++ b/arch/x86/kernel/cpu/mce/severity.c
@@ -278,6 +278,8 @@ static int error_context(struct mce *m,
m->kflags |= MCE_IN_KERNEL_COPYIN;
fallthrough;
case EX_TYPE_FAULT:
+ case EX_TYPE_FAULT_MCE_SAFE:
+ case EX_TYPE_DEFAULT_MCE_SAFE:
m->kflags |= MCE_IN_KERNEL_RECOV;
return IN_KERNEL_RECOV;
default:
--- a/arch/x86/mm/extable.c
+++ b/arch/x86/mm/extable.c
@@ -131,8 +131,10 @@ int fixup_exception(struct pt_regs *regs
switch (e->type) {
case EX_TYPE_DEFAULT:
+ case EX_TYPE_DEFAULT_MCE_SAFE:
return ex_handler_default(e, regs);
case EX_TYPE_FAULT:
+ case EX_TYPE_FAULT_MCE_SAFE:
return ex_handler_fault(e, regs, trapnr);
case EX_TYPE_UACCESS:
return ex_handler_uaccess(e, regs, trapnr);
^ permalink raw reply [flat|nested] 47+ messages in thread
* [tip: x86/fpu] x86/extable: Provide EX_TYPE_DEFAULT_MCE_SAFE and EX_TYPE_FAULT_MCE_SAFE
2021-09-08 13:29 ` [patch V3 06/20] x86/extable: Provide EX_TYPE_DEFAULT_MCE_SAFE and EX_TYPE_FAULT_MCE_SAFE Thomas Gleixner
@ 2021-09-14 19:19 ` tip-bot2 for Thomas Gleixner
0 siblings, 0 replies; 47+ messages in thread
From: tip-bot2 for Thomas Gleixner @ 2021-09-14 19:19 UTC (permalink / raw)
To: linux-tip-commits; +Cc: Thomas Gleixner, Borislav Petkov, x86, linux-kernel
The following commit has been merged into the x86/fpu branch of tip:
Commit-ID: 2cadf5248b9316d3c8af876e795d61c55476f6e9
Gitweb: https://git.kernel.org/tip/2cadf5248b9316d3c8af876e795d61c55476f6e9
Author: Thomas Gleixner <tglx@linutronix.de>
AuthorDate: Wed, 08 Sep 2021 15:29:19 +02:00
Committer: Borislav Petkov <bp@suse.de>
CommitterDate: Mon, 13 Sep 2021 17:56:56 +02:00
x86/extable: Provide EX_TYPE_DEFAULT_MCE_SAFE and EX_TYPE_FAULT_MCE_SAFE
Provide exception fixup types which can be used to identify fixups which
allow in kernel #MC recovery and make them invoke the existing handlers.
These will be used at places where #MC recovery is handled correctly by the
caller.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lkml.kernel.org/r/20210908132525.269689153@linutronix.de
---
arch/x86/include/asm/extable_fixup_types.h | 3 +++
arch/x86/kernel/cpu/mce/severity.c | 2 ++
arch/x86/mm/extable.c | 2 ++
3 files changed, 7 insertions(+)
diff --git a/arch/x86/include/asm/extable_fixup_types.h b/arch/x86/include/asm/extable_fixup_types.h
index 0adc117..409524d 100644
--- a/arch/x86/include/asm/extable_fixup_types.h
+++ b/arch/x86/include/asm/extable_fixup_types.h
@@ -16,4 +16,7 @@
#define EX_TYPE_WRMSR_IN_MCE 10
#define EX_TYPE_RDMSR_IN_MCE 11
+#define EX_TYPE_DEFAULT_MCE_SAFE 12
+#define EX_TYPE_FAULT_MCE_SAFE 13
+
#endif
diff --git a/arch/x86/kernel/cpu/mce/severity.c b/arch/x86/kernel/cpu/mce/severity.c
index 74fe763..d9b77a7 100644
--- a/arch/x86/kernel/cpu/mce/severity.c
+++ b/arch/x86/kernel/cpu/mce/severity.c
@@ -278,6 +278,8 @@ static int error_context(struct mce *m, struct pt_regs *regs)
m->kflags |= MCE_IN_KERNEL_COPYIN;
fallthrough;
case EX_TYPE_FAULT:
+ case EX_TYPE_FAULT_MCE_SAFE:
+ case EX_TYPE_DEFAULT_MCE_SAFE:
m->kflags |= MCE_IN_KERNEL_RECOV;
return IN_KERNEL_RECOV;
default:
diff --git a/arch/x86/mm/extable.c b/arch/x86/mm/extable.c
index 5db46df..f37e290 100644
--- a/arch/x86/mm/extable.c
+++ b/arch/x86/mm/extable.c
@@ -131,8 +131,10 @@ int fixup_exception(struct pt_regs *regs, int trapnr, unsigned long error_code,
switch (e->type) {
case EX_TYPE_DEFAULT:
+ case EX_TYPE_DEFAULT_MCE_SAFE:
return ex_handler_default(e, regs);
case EX_TYPE_FAULT:
+ case EX_TYPE_FAULT_MCE_SAFE:
return ex_handler_fault(e, regs, trapnr);
case EX_TYPE_UACCESS:
return ex_handler_uaccess(e, regs, trapnr);
^ permalink raw reply related [flat|nested] 47+ messages in thread
* [patch V3 07/20] x86/copy_mc: Use EX_TYPE_DEFAULT_MCE_SAFE for exception fixups
2021-09-08 13:29 [patch V3 00/20] x86/fpu: Clean up exception fixups and error handling in sigframe related code Thomas Gleixner
` (5 preceding siblings ...)
2021-09-08 13:29 ` [patch V3 06/20] x86/extable: Provide EX_TYPE_DEFAULT_MCE_SAFE and EX_TYPE_FAULT_MCE_SAFE Thomas Gleixner
@ 2021-09-08 13:29 ` Thomas Gleixner
2021-09-14 19:19 ` [tip: x86/fpu] " tip-bot2 for Thomas Gleixner
2021-09-08 13:29 ` [patch V3 08/20] x86/fpu: Use EX_TYPE_FAULT_MCE_SAFE " Thomas Gleixner
` (13 subsequent siblings)
20 siblings, 1 reply; 47+ messages in thread
From: Thomas Gleixner @ 2021-09-08 13:29 UTC (permalink / raw)
To: LKML
Cc: x86, Al Viro, Linus Torvalds, Tony Luck, Alexei Starovoitov,
Peter Ziljstra, Song Liu, Daniel Borkmann
Nothing in that code uses the trap number which was stored by the exception
fixup which is instantiated via _ASM_EXTABLE_FAULT().
Use _ASM_EXTABLE(... EX_TYPE_DEFAULT_MCE_SAFE) instead which just handles
the IP fixup and the type indicates to the #MC handler that the call site
can handle the abort caused by #MC correctly.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
---
V2: New patch
---
arch/x86/lib/copy_mc_64.S | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/arch/x86/lib/copy_mc_64.S
+++ b/arch/x86/lib/copy_mc_64.S
@@ -107,9 +107,9 @@ SYM_FUNC_END(copy_mc_fragile)
.previous
- _ASM_EXTABLE_FAULT(.L_read_leading_bytes, .E_leading_bytes)
- _ASM_EXTABLE_FAULT(.L_read_words, .E_read_words)
- _ASM_EXTABLE_FAULT(.L_read_trailing_bytes, .E_trailing_bytes)
+ _ASM_EXTABLE_TYPE(.L_read_leading_bytes, .E_leading_bytes, EX_TYPE_DEFAULT_MCE_SAFE)
+ _ASM_EXTABLE_TYPE(.L_read_words, .E_read_words, EX_TYPE_DEFAULT_MCE_SAFE)
+ _ASM_EXTABLE_TYPE(.L_read_trailing_bytes, .E_trailing_bytes, EX_TYPE_DEFAULT_MCE_SAFE)
_ASM_EXTABLE(.L_write_leading_bytes, .E_leading_bytes)
_ASM_EXTABLE(.L_write_words, .E_write_words)
_ASM_EXTABLE(.L_write_trailing_bytes, .E_trailing_bytes)
@@ -149,5 +149,5 @@ SYM_FUNC_END(copy_mc_enhanced_fast_strin
.previous
- _ASM_EXTABLE_FAULT(.L_copy, .E_copy)
+ _ASM_EXTABLE_TYPE(.L_copy, .E_copy, EX_TYPE_DEFAULT_MCE_SAFE)
#endif /* !CONFIG_UML */
^ permalink raw reply [flat|nested] 47+ messages in thread
* [tip: x86/fpu] x86/copy_mc: Use EX_TYPE_DEFAULT_MCE_SAFE for exception fixups
2021-09-08 13:29 ` [patch V3 07/20] x86/copy_mc: Use EX_TYPE_DEFAULT_MCE_SAFE for exception fixups Thomas Gleixner
@ 2021-09-14 19:19 ` tip-bot2 for Thomas Gleixner
0 siblings, 0 replies; 47+ messages in thread
From: tip-bot2 for Thomas Gleixner @ 2021-09-14 19:19 UTC (permalink / raw)
To: linux-tip-commits; +Cc: Thomas Gleixner, Borislav Petkov, x86, linux-kernel
The following commit has been merged into the x86/fpu branch of tip:
Commit-ID: c1c97d175493ab32325df81133611ce8e4e05088
Gitweb: https://git.kernel.org/tip/c1c97d175493ab32325df81133611ce8e4e05088
Author: Thomas Gleixner <tglx@linutronix.de>
AuthorDate: Wed, 08 Sep 2021 15:29:21 +02:00
Committer: Borislav Petkov <bp@suse.de>
CommitterDate: Mon, 13 Sep 2021 18:11:09 +02:00
x86/copy_mc: Use EX_TYPE_DEFAULT_MCE_SAFE for exception fixups
Nothing in that code uses the trap number which was stored by the exception
fixup which is instantiated via _ASM_EXTABLE_FAULT().
Use _ASM_EXTABLE(... EX_TYPE_DEFAULT_MCE_SAFE) instead which just handles
the IP fixup and the type indicates to the #MC handler that the call site
can handle the abort caused by #MC correctly.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lkml.kernel.org/r/20210908132525.328706042@linutronix.de
---
arch/x86/lib/copy_mc_64.S | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/arch/x86/lib/copy_mc_64.S b/arch/x86/lib/copy_mc_64.S
index e5f77e2..7334055 100644
--- a/arch/x86/lib/copy_mc_64.S
+++ b/arch/x86/lib/copy_mc_64.S
@@ -107,9 +107,9 @@ SYM_FUNC_END(copy_mc_fragile)
.previous
- _ASM_EXTABLE_FAULT(.L_read_leading_bytes, .E_leading_bytes)
- _ASM_EXTABLE_FAULT(.L_read_words, .E_read_words)
- _ASM_EXTABLE_FAULT(.L_read_trailing_bytes, .E_trailing_bytes)
+ _ASM_EXTABLE_TYPE(.L_read_leading_bytes, .E_leading_bytes, EX_TYPE_DEFAULT_MCE_SAFE)
+ _ASM_EXTABLE_TYPE(.L_read_words, .E_read_words, EX_TYPE_DEFAULT_MCE_SAFE)
+ _ASM_EXTABLE_TYPE(.L_read_trailing_bytes, .E_trailing_bytes, EX_TYPE_DEFAULT_MCE_SAFE)
_ASM_EXTABLE(.L_write_leading_bytes, .E_leading_bytes)
_ASM_EXTABLE(.L_write_words, .E_write_words)
_ASM_EXTABLE(.L_write_trailing_bytes, .E_trailing_bytes)
@@ -149,5 +149,5 @@ SYM_FUNC_END(copy_mc_enhanced_fast_string)
.previous
- _ASM_EXTABLE_FAULT(.L_copy, .E_copy)
+ _ASM_EXTABLE_TYPE(.L_copy, .E_copy, EX_TYPE_DEFAULT_MCE_SAFE)
#endif /* !CONFIG_UML */
^ permalink raw reply related [flat|nested] 47+ messages in thread
* [patch V3 08/20] x86/fpu: Use EX_TYPE_FAULT_MCE_SAFE for exception fixups
2021-09-08 13:29 [patch V3 00/20] x86/fpu: Clean up exception fixups and error handling in sigframe related code Thomas Gleixner
` (6 preceding siblings ...)
2021-09-08 13:29 ` [patch V3 07/20] x86/copy_mc: Use EX_TYPE_DEFAULT_MCE_SAFE for exception fixups Thomas Gleixner
@ 2021-09-08 13:29 ` Thomas Gleixner
2021-09-14 19:19 ` [tip: x86/fpu] " tip-bot2 for Thomas Gleixner
2021-09-08 13:29 ` [patch V3 09/20] x86/extable: Remove EX_TYPE_FAULT from MCE safe fixups Thomas Gleixner
` (12 subsequent siblings)
20 siblings, 1 reply; 47+ messages in thread
From: Thomas Gleixner @ 2021-09-08 13:29 UTC (permalink / raw)
To: LKML
Cc: x86, Al Viro, Linus Torvalds, Tony Luck, Alexei Starovoitov,
Peter Ziljstra, Song Liu, Daniel Borkmann
The macros used for restoring FPU state from a user space buffer can handle
all exceptions including #MC. They need to return the trap number in the
error case as the code which invokes them needs to distinguish the cause of
the failure. It aborts the operation for anything except #PF.
Use the new EX_TYPE_FAULT_MCE_SAFE exception table fixup type to document
the nature of the fixup.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
---
V2: New patch
---
arch/x86/include/asm/fpu/internal.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/arch/x86/include/asm/fpu/internal.h
+++ b/arch/x86/include/asm/fpu/internal.h
@@ -102,7 +102,7 @@ extern void save_fpregs_to_fpstate(struc
"3: negl %%eax\n" \
" jmp 2b\n" \
".previous\n" \
- _ASM_EXTABLE_FAULT(1b, 3b) \
+ _ASM_EXTABLE_TYPE(1b, 3b, EX_TYPE_FAULT_MCE_SAFE) \
: [err] "=a" (err), output \
: "0"(0), input); \
err; \
@@ -209,7 +209,7 @@ static inline void fxsave(struct fxregs_
"3: negl %%eax\n\t" \
"jmp 2b\n\t" \
".popsection\n\t" \
- _ASM_EXTABLE_FAULT(1b, 3b) \
+ _ASM_EXTABLE_TYPE(1b, 3b, EX_TYPE_FAULT_MCE_SAFE) \
: [err] "=a" (err) \
: "D" (st), "m" (*st), "a" (lmask), "d" (hmask) \
: "memory")
^ permalink raw reply [flat|nested] 47+ messages in thread
* [tip: x86/fpu] x86/fpu: Use EX_TYPE_FAULT_MCE_SAFE for exception fixups
2021-09-08 13:29 ` [patch V3 08/20] x86/fpu: Use EX_TYPE_FAULT_MCE_SAFE " Thomas Gleixner
@ 2021-09-14 19:19 ` tip-bot2 for Thomas Gleixner
0 siblings, 0 replies; 47+ messages in thread
From: tip-bot2 for Thomas Gleixner @ 2021-09-14 19:19 UTC (permalink / raw)
To: linux-tip-commits; +Cc: Thomas Gleixner, Borislav Petkov, x86, linux-kernel
The following commit has been merged into the x86/fpu branch of tip:
Commit-ID: c6304556f3ae98c943bbb4042a30205c98e4f921
Gitweb: https://git.kernel.org/tip/c6304556f3ae98c943bbb4042a30205c98e4f921
Author: Thomas Gleixner <tglx@linutronix.de>
AuthorDate: Wed, 08 Sep 2021 15:29:23 +02:00
Committer: Borislav Petkov <bp@suse.de>
CommitterDate: Mon, 13 Sep 2021 18:15:30 +02:00
x86/fpu: Use EX_TYPE_FAULT_MCE_SAFE for exception fixups
The macros used for restoring FPU state from a user space buffer can handle
all exceptions including #MC. They need to return the trap number in the
error case as the code which invokes them needs to distinguish the cause of
the failure. It aborts the operation for anything except #PF.
Use the new EX_TYPE_FAULT_MCE_SAFE exception table fixup type to document
the nature of the fixup.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lkml.kernel.org/r/20210908132525.387464538@linutronix.de
---
arch/x86/include/asm/fpu/internal.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/x86/include/asm/fpu/internal.h b/arch/x86/include/asm/fpu/internal.h
index ce6fc4f..cb1ca60 100644
--- a/arch/x86/include/asm/fpu/internal.h
+++ b/arch/x86/include/asm/fpu/internal.h
@@ -102,7 +102,7 @@ extern void save_fpregs_to_fpstate(struct fpu *fpu);
"3: negl %%eax\n" \
" jmp 2b\n" \
".previous\n" \
- _ASM_EXTABLE_FAULT(1b, 3b) \
+ _ASM_EXTABLE_TYPE(1b, 3b, EX_TYPE_FAULT_MCE_SAFE) \
: [err] "=a" (err), output \
: "0"(0), input); \
err; \
@@ -209,7 +209,7 @@ static inline void fxsave(struct fxregs_state *fx)
"3: negl %%eax\n\t" \
"jmp 2b\n\t" \
".popsection\n\t" \
- _ASM_EXTABLE_FAULT(1b, 3b) \
+ _ASM_EXTABLE_TYPE(1b, 3b, EX_TYPE_FAULT_MCE_SAFE) \
: [err] "=a" (err) \
: "D" (st), "m" (*st), "a" (lmask), "d" (hmask) \
: "memory")
^ permalink raw reply related [flat|nested] 47+ messages in thread
* [patch V3 09/20] x86/extable: Remove EX_TYPE_FAULT from MCE safe fixups
2021-09-08 13:29 [patch V3 00/20] x86/fpu: Clean up exception fixups and error handling in sigframe related code Thomas Gleixner
` (7 preceding siblings ...)
2021-09-08 13:29 ` [patch V3 08/20] x86/fpu: Use EX_TYPE_FAULT_MCE_SAFE " Thomas Gleixner
@ 2021-09-08 13:29 ` Thomas Gleixner
2021-09-14 19:19 ` [tip: x86/fpu] " tip-bot2 for Thomas Gleixner
2021-09-08 13:29 ` [patch V3 10/20] x86/fpu/signal: Clarify exception handling in restore_fpregs_from_user() Thomas Gleixner
` (11 subsequent siblings)
20 siblings, 1 reply; 47+ messages in thread
From: Thomas Gleixner @ 2021-09-08 13:29 UTC (permalink / raw)
To: LKML
Cc: x86, Al Viro, Linus Torvalds, Tony Luck, Alexei Starovoitov,
Peter Ziljstra, Song Liu, Daniel Borkmann
Now that the MC safe copy and FPU have been converted to use the MCE safe
fixup types remove EX_TYPE_FAULT from the list of types which MCE considers
to be safe to be recovered in kernel.
This removes the SGX exception handling of ENCLS from the #MC safe
handling, but according to the SGX wizards the current SGX implementations
cannot survive #MC on ENCLS:
https://lore.kernel.org/r/YS+upEmTfpZub3s9@google.com
The code relies on the trap number being stored if ENCLS raised an
exception. That's still working, but it does not longer trick the MCE code
to assume that #MC is handled correctly for ENCLS.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
---
V2: New patch
---
arch/x86/kernel/cpu/mce/severity.c | 1 -
1 file changed, 1 deletion(-)
--- a/arch/x86/kernel/cpu/mce/severity.c
+++ b/arch/x86/kernel/cpu/mce/severity.c
@@ -277,7 +277,6 @@ static int error_context(struct mce *m,
return IN_KERNEL;
m->kflags |= MCE_IN_KERNEL_COPYIN;
fallthrough;
- case EX_TYPE_FAULT:
case EX_TYPE_FAULT_MCE_SAFE:
case EX_TYPE_DEFAULT_MCE_SAFE:
m->kflags |= MCE_IN_KERNEL_RECOV;
^ permalink raw reply [flat|nested] 47+ messages in thread
* [tip: x86/fpu] x86/extable: Remove EX_TYPE_FAULT from MCE safe fixups
2021-09-08 13:29 ` [patch V3 09/20] x86/extable: Remove EX_TYPE_FAULT from MCE safe fixups Thomas Gleixner
@ 2021-09-14 19:19 ` tip-bot2 for Thomas Gleixner
0 siblings, 0 replies; 47+ messages in thread
From: tip-bot2 for Thomas Gleixner @ 2021-09-14 19:19 UTC (permalink / raw)
To: linux-tip-commits; +Cc: Thomas Gleixner, Borislav Petkov, x86, linux-kernel
The following commit has been merged into the x86/fpu branch of tip:
Commit-ID: 0c2e62ba04cd0b7194b380bae4fc35c45bb2e46e
Gitweb: https://git.kernel.org/tip/0c2e62ba04cd0b7194b380bae4fc35c45bb2e46e
Author: Thomas Gleixner <tglx@linutronix.de>
AuthorDate: Wed, 08 Sep 2021 15:29:24 +02:00
Committer: Borislav Petkov <bp@suse.de>
CommitterDate: Mon, 13 Sep 2021 18:23:00 +02:00
x86/extable: Remove EX_TYPE_FAULT from MCE safe fixups
Now that the MC safe copy and FPU have been converted to use the MCE safe
fixup types remove EX_TYPE_FAULT from the list of types which MCE considers
to be safe to be recovered in kernel.
This removes the SGX exception handling of ENCLS from the #MC safe
handling, but according to the SGX wizards the current SGX implementations
cannot survive #MC on ENCLS:
https://lore.kernel.org/r/YS+upEmTfpZub3s9@google.com
The code relies on the trap number being stored if ENCLS raised an
exception. That's still working, but it does no longer trick the MCE code
into assuming that #MC is handled correctly for ENCLS.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lkml.kernel.org/r/20210908132525.445255957@linutronix.de
---
arch/x86/kernel/cpu/mce/severity.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/arch/x86/kernel/cpu/mce/severity.c b/arch/x86/kernel/cpu/mce/severity.c
index d9b77a7..f60bbaf 100644
--- a/arch/x86/kernel/cpu/mce/severity.c
+++ b/arch/x86/kernel/cpu/mce/severity.c
@@ -277,7 +277,6 @@ static int error_context(struct mce *m, struct pt_regs *regs)
return IN_KERNEL;
m->kflags |= MCE_IN_KERNEL_COPYIN;
fallthrough;
- case EX_TYPE_FAULT:
case EX_TYPE_FAULT_MCE_SAFE:
case EX_TYPE_DEFAULT_MCE_SAFE:
m->kflags |= MCE_IN_KERNEL_RECOV;
^ permalink raw reply related [flat|nested] 47+ messages in thread
* [patch V3 10/20] x86/fpu/signal: Clarify exception handling in restore_fpregs_from_user()
2021-09-08 13:29 [patch V3 00/20] x86/fpu: Clean up exception fixups and error handling in sigframe related code Thomas Gleixner
` (8 preceding siblings ...)
2021-09-08 13:29 ` [patch V3 09/20] x86/extable: Remove EX_TYPE_FAULT from MCE safe fixups Thomas Gleixner
@ 2021-09-08 13:29 ` Thomas Gleixner
2021-09-14 19:19 ` [tip: x86/fpu] " tip-bot2 for Thomas Gleixner
2021-09-08 13:29 ` [patch V3 11/20] x86/fpu: Dont use MCE safe fixups for writing FPU state to user space Thomas Gleixner
` (10 subsequent siblings)
20 siblings, 1 reply; 47+ messages in thread
From: Thomas Gleixner @ 2021-09-08 13:29 UTC (permalink / raw)
To: LKML
Cc: x86, Al Viro, Linus Torvalds, Tony Luck, Alexei Starovoitov,
Peter Ziljstra, Song Liu, Daniel Borkmann
FPU restore from a signal frame can trigger various exceptions. The
exceptions are caught with an exception table entry. The handler of this
entry stores the trap number in EAX. The FPU specific fixup negates that
trap number to convert it into an negative error code.
Any other exception than #PF is fatal and recovery is not possible. This
relies on the fact that the #PF exception number is the same as EFAULT, but
that's not really obvious.
Remove the negation from the exception fixup as it really has no value and
check for X86_TRAP_PF at the call site.
There is still confusion due to the return code conversion for the error
case which will be cleaned up separately.
Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
---
V2: Remove the negation (Al)
---
arch/x86/include/asm/fpu/internal.h | 21 ++++++++-------------
arch/x86/kernel/fpu/signal.c | 5 +++--
2 files changed, 11 insertions(+), 15 deletions(-)
--- a/arch/x86/include/asm/fpu/internal.h
+++ b/arch/x86/include/asm/fpu/internal.h
@@ -88,7 +88,10 @@ static inline void fpstate_init_soft(str
#endif
extern void save_fpregs_to_fpstate(struct fpu *fpu);
-/* Returns 0 or the negated trap number, which results in -EFAULT for #PF */
+/*
+ * Returns 0 on success or the trap number when the operation raises an
+ * exception.
+ */
#define user_insn(insn, output, input...) \
({ \
int err; \
@@ -98,11 +101,7 @@ extern void save_fpregs_to_fpstate(struc
asm volatile(ASM_STAC "\n" \
"1: " #insn "\n" \
"2: " ASM_CLAC "\n" \
- ".section .fixup,\"ax\"\n" \
- "3: negl %%eax\n" \
- " jmp 2b\n" \
- ".previous\n" \
- _ASM_EXTABLE_TYPE(1b, 3b, EX_TYPE_FAULT_MCE_SAFE) \
+ _ASM_EXTABLE_TYPE(1b, 2b, EX_TYPE_FAULT_MCE_SAFE) \
: [err] "=a" (err), output \
: "0"(0), input); \
err; \
@@ -198,18 +197,14 @@ static inline void fxsave(struct fxregs_
#define XRSTORS ".byte " REX_PREFIX "0x0f,0xc7,0x1f"
/*
- * After this @err contains 0 on success or the negated trap number when
- * the operation raises an exception. For faults this results in -EFAULT.
+ * After this @err contains 0 on success or the trap number when the
+ * operation raises an exception.
*/
#define XSTATE_OP(op, st, lmask, hmask, err) \
asm volatile("1:" op "\n\t" \
"xor %[err], %[err]\n" \
"2:\n\t" \
- ".pushsection .fixup,\"ax\"\n\t" \
- "3: negl %%eax\n\t" \
- "jmp 2b\n\t" \
- ".popsection\n\t" \
- _ASM_EXTABLE_TYPE(1b, 3b, EX_TYPE_FAULT_MCE_SAFE) \
+ _ASM_EXTABLE_TYPE(1b, 2b, EX_TYPE_FAULT_MCE_SAFE) \
: [err] "=a" (err) \
: "D" (st), "m" (*st), "a" (lmask), "d" (hmask) \
: "memory")
--- a/arch/x86/kernel/fpu/signal.c
+++ b/arch/x86/kernel/fpu/signal.c
@@ -13,6 +13,7 @@
#include <asm/fpu/xstate.h>
#include <asm/sigframe.h>
+#include <asm/trapnr.h>
#include <asm/trace/fpu.h>
static struct _fpx_sw_bytes fx_sw_reserved __ro_after_init;
@@ -275,7 +276,7 @@ static int restore_fpregs_from_user(void
fpregs_unlock();
/* Try to handle #PF, but anything else is fatal. */
- if (ret != -EFAULT)
+ if (ret != X86_TRAP_PF)
return -EINVAL;
ret = fault_in_pages_readable(buf, size);
@@ -405,7 +406,7 @@ static int __fpu_restore_sig(void __user
u64 mask = user_xfeatures | xfeatures_mask_supervisor();
fpu->state.xsave.header.xfeatures &= mask;
- ret = os_xrstor_safe(&fpu->state.xsave, xfeatures_mask_all);
+ ret = os_xrstor_safe(&fpu->state.xsave, xfeatures_mask_all) ? -EINVAL : 0;
} else {
ret = fxrstor_safe(&fpu->state.fxsave);
}
^ permalink raw reply [flat|nested] 47+ messages in thread
* [tip: x86/fpu] x86/fpu/signal: Clarify exception handling in restore_fpregs_from_user()
2021-09-08 13:29 ` [patch V3 10/20] x86/fpu/signal: Clarify exception handling in restore_fpregs_from_user() Thomas Gleixner
@ 2021-09-14 19:19 ` tip-bot2 for Thomas Gleixner
0 siblings, 0 replies; 47+ messages in thread
From: tip-bot2 for Thomas Gleixner @ 2021-09-14 19:19 UTC (permalink / raw)
To: linux-tip-commits
Cc: Al Viro, Thomas Gleixner, Borislav Petkov, x86, linux-kernel
The following commit has been merged into the x86/fpu branch of tip:
Commit-ID: 4339d0c63c2d5bea1fe6de4091ee2fe9eeea09a7
Gitweb: https://git.kernel.org/tip/4339d0c63c2d5bea1fe6de4091ee2fe9eeea09a7
Author: Thomas Gleixner <tglx@linutronix.de>
AuthorDate: Wed, 08 Sep 2021 15:29:26 +02:00
Committer: Borislav Petkov <bp@suse.de>
CommitterDate: Mon, 13 Sep 2021 18:26:05 +02:00
x86/fpu/signal: Clarify exception handling in restore_fpregs_from_user()
FPU restore from a signal frame can trigger various exceptions. The
exceptions are caught with an exception table entry. The handler of this
entry stores the trap number in EAX. The FPU specific fixup negates that
trap number to convert it into an negative error code.
Any other exception than #PF is fatal and recovery is not possible. This
relies on the fact that the #PF exception number is the same as EFAULT, but
that's not really obvious.
Remove the negation from the exception fixup as it really has no value and
check for X86_TRAP_PF at the call site.
There is still confusion due to the return code conversion for the error
case which will be cleaned up separately.
Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lkml.kernel.org/r/20210908132525.506192488@linutronix.de
---
arch/x86/include/asm/fpu/internal.h | 21 ++++++++-------------
arch/x86/kernel/fpu/signal.c | 5 +++--
2 files changed, 11 insertions(+), 15 deletions(-)
diff --git a/arch/x86/include/asm/fpu/internal.h b/arch/x86/include/asm/fpu/internal.h
index cb1ca60..4cfd40d 100644
--- a/arch/x86/include/asm/fpu/internal.h
+++ b/arch/x86/include/asm/fpu/internal.h
@@ -88,7 +88,10 @@ static inline void fpstate_init_soft(struct swregs_state *soft) {}
#endif
extern void save_fpregs_to_fpstate(struct fpu *fpu);
-/* Returns 0 or the negated trap number, which results in -EFAULT for #PF */
+/*
+ * Returns 0 on success or the trap number when the operation raises an
+ * exception.
+ */
#define user_insn(insn, output, input...) \
({ \
int err; \
@@ -98,11 +101,7 @@ extern void save_fpregs_to_fpstate(struct fpu *fpu);
asm volatile(ASM_STAC "\n" \
"1: " #insn "\n" \
"2: " ASM_CLAC "\n" \
- ".section .fixup,\"ax\"\n" \
- "3: negl %%eax\n" \
- " jmp 2b\n" \
- ".previous\n" \
- _ASM_EXTABLE_TYPE(1b, 3b, EX_TYPE_FAULT_MCE_SAFE) \
+ _ASM_EXTABLE_TYPE(1b, 2b, EX_TYPE_FAULT_MCE_SAFE) \
: [err] "=a" (err), output \
: "0"(0), input); \
err; \
@@ -198,18 +197,14 @@ static inline void fxsave(struct fxregs_state *fx)
#define XRSTORS ".byte " REX_PREFIX "0x0f,0xc7,0x1f"
/*
- * After this @err contains 0 on success or the negated trap number when
- * the operation raises an exception. For faults this results in -EFAULT.
+ * After this @err contains 0 on success or the trap number when the
+ * operation raises an exception.
*/
#define XSTATE_OP(op, st, lmask, hmask, err) \
asm volatile("1:" op "\n\t" \
"xor %[err], %[err]\n" \
"2:\n\t" \
- ".pushsection .fixup,\"ax\"\n\t" \
- "3: negl %%eax\n\t" \
- "jmp 2b\n\t" \
- ".popsection\n\t" \
- _ASM_EXTABLE_TYPE(1b, 3b, EX_TYPE_FAULT_MCE_SAFE) \
+ _ASM_EXTABLE_TYPE(1b, 2b, EX_TYPE_FAULT_MCE_SAFE) \
: [err] "=a" (err) \
: "D" (st), "m" (*st), "a" (lmask), "d" (hmask) \
: "memory")
diff --git a/arch/x86/kernel/fpu/signal.c b/arch/x86/kernel/fpu/signal.c
index 445c57c..9bfffdb 100644
--- a/arch/x86/kernel/fpu/signal.c
+++ b/arch/x86/kernel/fpu/signal.c
@@ -13,6 +13,7 @@
#include <asm/fpu/xstate.h>
#include <asm/sigframe.h>
+#include <asm/trapnr.h>
#include <asm/trace/fpu.h>
static struct _fpx_sw_bytes fx_sw_reserved __ro_after_init;
@@ -275,7 +276,7 @@ retry:
fpregs_unlock();
/* Try to handle #PF, but anything else is fatal. */
- if (ret != -EFAULT)
+ if (ret != X86_TRAP_PF)
return -EINVAL;
ret = fault_in_pages_readable(buf, size);
@@ -405,7 +406,7 @@ static int __fpu_restore_sig(void __user *buf, void __user *buf_fx,
u64 mask = user_xfeatures | xfeatures_mask_supervisor();
fpu->state.xsave.header.xfeatures &= mask;
- ret = os_xrstor_safe(&fpu->state.xsave, xfeatures_mask_all);
+ ret = os_xrstor_safe(&fpu->state.xsave, xfeatures_mask_all) ? -EINVAL : 0;
} else {
ret = fxrstor_safe(&fpu->state.fxsave);
}
^ permalink raw reply related [flat|nested] 47+ messages in thread
* [patch V3 11/20] x86/fpu: Dont use MCE safe fixups for writing FPU state to user space
2021-09-08 13:29 [patch V3 00/20] x86/fpu: Clean up exception fixups and error handling in sigframe related code Thomas Gleixner
` (9 preceding siblings ...)
2021-09-08 13:29 ` [patch V3 10/20] x86/fpu/signal: Clarify exception handling in restore_fpregs_from_user() Thomas Gleixner
@ 2021-09-08 13:29 ` Thomas Gleixner
2021-09-08 13:29 ` [patch V3 12/20] x86/fpu/signal: Move header zeroing out of xsave_to_user_sigframe() Thomas Gleixner
` (9 subsequent siblings)
20 siblings, 0 replies; 47+ messages in thread
From: Thomas Gleixner @ 2021-09-08 13:29 UTC (permalink / raw)
To: LKML
Cc: x86, Al Viro, Linus Torvalds, Tony Luck, Alexei Starovoitov,
Peter Ziljstra, Song Liu, Daniel Borkmann
Writes cannot raise #MC, so no point in pretending that the code can handle
in kernel #MC recovery.
Reported-by: Peter Ziljstra <peterz@infradead.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
---
V2: New patch
---
arch/x86/include/asm/fpu/internal.h | 48 ++++++++++++++++++++++++++++++------
1 file changed, 40 insertions(+), 8 deletions(-)
--- a/arch/x86/include/asm/fpu/internal.h
+++ b/arch/x86/include/asm/fpu/internal.h
@@ -92,7 +92,7 @@ extern void save_fpregs_to_fpstate(struc
* Returns 0 on success or the trap number when the operation raises an
* exception.
*/
-#define user_insn(insn, output, input...) \
+#define user_insn_mce_safe(insn, output, input...) \
({ \
int err; \
\
@@ -107,6 +107,25 @@ extern void save_fpregs_to_fpstate(struc
err; \
})
+#define user_insn(insn, output, input...) \
+({ \
+ int err; \
+ \
+ might_fault(); \
+ \
+ asm volatile(ASM_STAC "\n" \
+ "1: " #insn "\n" \
+ "2: " ASM_CLAC "\n" \
+ ".section .fixup,\"ax\"\n" \
+ "3: movl $-1,%[err]\n" \
+ " jmp 2b\n" \
+ ".previous\n" \
+ _ASM_EXTABLE(1b, 3b) \
+ : [err] "=a" (err), output \
+ : "0"(0), input); \
+ err; \
+})
+
#define kernel_insn_err(insn, output, input...) \
({ \
int err; \
@@ -161,9 +180,9 @@ static inline int fxrstor_safe(struct fx
static inline int fxrstor_from_user_sigframe(struct fxregs_state __user *fx)
{
if (IS_ENABLED(CONFIG_X86_32))
- return user_insn(fxrstor %[fx], "=m" (*fx), [fx] "m" (*fx));
+ return user_insn_mce_safe(fxrstor %[fx], "=m" (*fx), [fx] "m" (*fx));
else
- return user_insn(fxrstorq %[fx], "=m" (*fx), [fx] "m" (*fx));
+ return user_insn_mce_safe(fxrstorq %[fx], "=m" (*fx), [fx] "m" (*fx));
}
static inline void frstor(struct fregs_state *fx)
@@ -178,7 +197,7 @@ static inline int frstor_safe(struct fre
static inline int frstor_from_user_sigframe(struct fregs_state __user *fx)
{
- return user_insn(frstor %[fx], "=m" (*fx), [fx] "m" (*fx));
+ return user_insn_mce_safe(frstor %[fx], "=m" (*fx), [fx] "m" (*fx));
}
static inline void fxsave(struct fxregs_state *fx)
@@ -200,7 +219,7 @@ static inline void fxsave(struct fxregs_
* After this @err contains 0 on success or the trap number when the
* operation raises an exception.
*/
-#define XSTATE_OP(op, st, lmask, hmask, err) \
+#define XSTATE_OP_MCE_SAFE(op, st, lmask, hmask, err) \
asm volatile("1:" op "\n\t" \
"xor %[err], %[err]\n" \
"2:\n\t" \
@@ -209,6 +228,19 @@ static inline void fxsave(struct fxregs_
: "D" (st), "m" (*st), "a" (lmask), "d" (hmask) \
: "memory")
+#define XSTATE_OP(op, st, lmask, hmask, err) \
+ asm volatile("1:" op "\n\t" \
+ "xor %[err], %[err]\n" \
+ "2:\n\t" \
+ ".section .fixup,\"ax\"\n" \
+ "3: movl $-1,%[err]\n" \
+ " jmp 2b\n" \
+ ".previous\n" \
+ _ASM_EXTABLE(1b, 3b) \
+ : [err] "=a" (err) \
+ : "D" (st), "m" (*st), "a" (lmask), "d" (hmask) \
+ : "memory")
+
/*
* If XSAVES is enabled, it replaces XSAVEOPT because it supports a compact
* format and supervisor states in addition to modified optimization in
@@ -360,15 +392,15 @@ static inline int xrstor_from_user_sigfr
int err;
stac();
- XSTATE_OP(XRSTOR, xstate, lmask, hmask, err);
+ XSTATE_OP_MCE_SAFE(XRSTOR, xstate, lmask, hmask, err);
clac();
return err;
}
/*
- * Restore xstate from kernel space xsave area, return an error code instead of
- * an exception.
+ * Restore xstate from kernel space xsave area, return an error code when
+ * the operation raises an exception.
*/
static inline int os_xrstor_safe(struct xregs_state *xstate, u64 mask)
{
^ permalink raw reply [flat|nested] 47+ messages in thread
* [patch V3 12/20] x86/fpu/signal: Move header zeroing out of xsave_to_user_sigframe()
2021-09-08 13:29 [patch V3 00/20] x86/fpu: Clean up exception fixups and error handling in sigframe related code Thomas Gleixner
` (10 preceding siblings ...)
2021-09-08 13:29 ` [patch V3 11/20] x86/fpu: Dont use MCE safe fixups for writing FPU state to user space Thomas Gleixner
@ 2021-09-08 13:29 ` Thomas Gleixner
2021-09-14 19:19 ` [tip: x86/fpu] " tip-bot2 for Thomas Gleixner
2021-09-08 13:29 ` [patch V3 13/20] x86/fpu/signal: Move xstate clearing out of copy_fpregs_to_sigframe() Thomas Gleixner
` (8 subsequent siblings)
20 siblings, 1 reply; 47+ messages in thread
From: Thomas Gleixner @ 2021-09-08 13:29 UTC (permalink / raw)
To: LKML
Cc: x86, Al Viro, Linus Torvalds, Tony Luck, Alexei Starovoitov,
Peter Ziljstra, Song Liu, Daniel Borkmann
There is no reason to have the header zeroing in the pagefault disabled
region. Do it upfront once.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
---
arch/x86/include/asm/fpu/internal.h | 17 ++++++-----------
arch/x86/kernel/fpu/signal.c | 12 ++++++++++++
2 files changed, 18 insertions(+), 11 deletions(-)
--- a/arch/x86/include/asm/fpu/internal.h
+++ b/arch/x86/include/asm/fpu/internal.h
@@ -349,9 +349,12 @@ static inline void os_xrstor(struct xreg
* We don't use modified optimization because xrstor/xrstors might track
* a different application.
*
- * We don't use compacted format xsave area for
- * backward compatibility for old applications which don't understand
- * compacted format of xsave area.
+ * We don't use compacted format xsave area for backward compatibility for
+ * old applications which don't understand the compacted format of the
+ * xsave area.
+ *
+ * The caller has to zero buf::header before calling this because XSAVE*
+ * does not touch the reserved fields in the header.
*/
static inline int xsave_to_user_sigframe(struct xregs_state __user *buf)
{
@@ -365,14 +368,6 @@ static inline int xsave_to_user_sigframe
u32 hmask = mask >> 32;
int err;
- /*
- * Clear the xsave header first, so that reserved fields are
- * initialized to zero.
- */
- err = __clear_user(&buf->header, sizeof(buf->header));
- if (unlikely(err))
- return -EFAULT;
-
stac();
XSTATE_OP(XSAVE, buf, lmask, hmask, err);
clac();
--- a/arch/x86/kernel/fpu/signal.c
+++ b/arch/x86/kernel/fpu/signal.c
@@ -189,6 +189,18 @@ int copy_fpstate_to_sigframe(void __user
if (!access_ok(buf, size))
return -EACCES;
+
+ if (use_xsave()) {
+ struct xregs_state __user *xbuf = buf_fx;
+
+ /*
+ * Clear the xsave header first, so that reserved fields are
+ * initialized to zero.
+ */
+ ret = __clear_user(&xbuf->header, sizeof(xbuf->header));
+ if (unlikely(ret))
+ return ret;
+ }
retry:
/*
* Load the FPU registers if they are not valid for the current task.
^ permalink raw reply [flat|nested] 47+ messages in thread
* [tip: x86/fpu] x86/fpu/signal: Move header zeroing out of xsave_to_user_sigframe()
2021-09-08 13:29 ` [patch V3 12/20] x86/fpu/signal: Move header zeroing out of xsave_to_user_sigframe() Thomas Gleixner
@ 2021-09-14 19:19 ` tip-bot2 for Thomas Gleixner
0 siblings, 0 replies; 47+ messages in thread
From: tip-bot2 for Thomas Gleixner @ 2021-09-14 19:19 UTC (permalink / raw)
To: linux-tip-commits; +Cc: Thomas Gleixner, Borislav Petkov, x86, linux-kernel
The following commit has been merged into the x86/fpu branch of tip:
Commit-ID: 4164a482a5d92c29eaf53d01755103f6bbce38f2
Gitweb: https://git.kernel.org/tip/4164a482a5d92c29eaf53d01755103f6bbce38f2
Author: Thomas Gleixner <tglx@linutronix.de>
AuthorDate: Wed, 08 Sep 2021 15:29:29 +02:00
Committer: Borislav Petkov <bp@suse.de>
CommitterDate: Tue, 14 Sep 2021 21:10:03 +02:00
x86/fpu/signal: Move header zeroing out of xsave_to_user_sigframe()
There is no reason to have the header zeroing in the pagefault disabled
region. Do it upfront once.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lkml.kernel.org/r/20210908132525.621674721@linutronix.de
---
arch/x86/include/asm/fpu/internal.h | 17 ++++++-----------
arch/x86/kernel/fpu/signal.c | 12 ++++++++++++
2 files changed, 18 insertions(+), 11 deletions(-)
diff --git a/arch/x86/include/asm/fpu/internal.h b/arch/x86/include/asm/fpu/internal.h
index 4cfd40d..c856ca4 100644
--- a/arch/x86/include/asm/fpu/internal.h
+++ b/arch/x86/include/asm/fpu/internal.h
@@ -318,9 +318,12 @@ static inline void os_xrstor(struct xregs_state *xstate, u64 mask)
* We don't use modified optimization because xrstor/xrstors might track
* a different application.
*
- * We don't use compacted format xsave area for
- * backward compatibility for old applications which don't understand
- * compacted format of xsave area.
+ * We don't use compacted format xsave area for backward compatibility for
+ * old applications which don't understand the compacted format of the
+ * xsave area.
+ *
+ * The caller has to zero buf::header before calling this because XSAVE*
+ * does not touch the reserved fields in the header.
*/
static inline int xsave_to_user_sigframe(struct xregs_state __user *buf)
{
@@ -334,14 +337,6 @@ static inline int xsave_to_user_sigframe(struct xregs_state __user *buf)
u32 hmask = mask >> 32;
int err;
- /*
- * Clear the xsave header first, so that reserved fields are
- * initialized to zero.
- */
- err = __clear_user(&buf->header, sizeof(buf->header));
- if (unlikely(err))
- return -EFAULT;
-
stac();
XSTATE_OP(XSAVE, buf, lmask, hmask, err);
clac();
diff --git a/arch/x86/kernel/fpu/signal.c b/arch/x86/kernel/fpu/signal.c
index 9bfffdb..5ca3ce9 100644
--- a/arch/x86/kernel/fpu/signal.c
+++ b/arch/x86/kernel/fpu/signal.c
@@ -189,6 +189,18 @@ int copy_fpstate_to_sigframe(void __user *buf, void __user *buf_fx, int size)
if (!access_ok(buf, size))
return -EACCES;
+
+ if (use_xsave()) {
+ struct xregs_state __user *xbuf = buf_fx;
+
+ /*
+ * Clear the xsave header first, so that reserved fields are
+ * initialized to zero.
+ */
+ ret = __clear_user(&xbuf->header, sizeof(xbuf->header));
+ if (unlikely(ret))
+ return ret;
+ }
retry:
/*
* Load the FPU registers if they are not valid for the current task.
^ permalink raw reply related [flat|nested] 47+ messages in thread
* [patch V3 13/20] x86/fpu/signal: Move xstate clearing out of copy_fpregs_to_sigframe()
2021-09-08 13:29 [patch V3 00/20] x86/fpu: Clean up exception fixups and error handling in sigframe related code Thomas Gleixner
` (11 preceding siblings ...)
2021-09-08 13:29 ` [patch V3 12/20] x86/fpu/signal: Move header zeroing out of xsave_to_user_sigframe() Thomas Gleixner
@ 2021-09-08 13:29 ` Thomas Gleixner
2021-09-14 19:19 ` [tip: x86/fpu] " tip-bot2 for Thomas Gleixner
2021-09-08 13:29 ` [patch V3 14/20] x86/fpu/signal: Change return type of copy_fpstate_to_sigframe() to boolean Thomas Gleixner
` (7 subsequent siblings)
20 siblings, 1 reply; 47+ messages in thread
From: Thomas Gleixner @ 2021-09-08 13:29 UTC (permalink / raw)
To: LKML
Cc: x86, Al Viro, Linus Torvalds, Tony Luck, Alexei Starovoitov,
Peter Ziljstra, Song Liu, Daniel Borkmann
When the direct saving of the FPU registers to the user space sigframe
fails, copy_fpregs_to_sigframe() attempts to clear the user buffer.
The most likely reason for such a fail is a page fault. As
copy_fpregs_to_sigframe() is invoked with pagefaults disabled the chance
that __clear_user() succeeds is minuscule.
Move the clearing out into the caller which replaces the
fault_in_pages_writeable() in that error handling path.
The return value confusion will be cleaned up separately.
Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
---
V3: Remove the bogus X86_TRAP_PF check
---
arch/x86/kernel/fpu/signal.c | 18 ++++++------------
1 file changed, 6 insertions(+), 12 deletions(-)
--- a/arch/x86/kernel/fpu/signal.c
+++ b/arch/x86/kernel/fpu/signal.c
@@ -136,18 +136,12 @@ static inline int save_xstate_epilog(voi
static inline int copy_fpregs_to_sigframe(struct xregs_state __user *buf)
{
- int err;
-
if (use_xsave())
- err = xsave_to_user_sigframe(buf);
- else if (use_fxsr())
- err = fxsave_to_user_sigframe((struct fxregs_state __user *) buf);
+ return xsave_to_user_sigframe(buf);
+ if (use_fxsr())
+ return fxsave_to_user_sigframe((struct fxregs_state __user *) buf);
else
- err = fnsave_to_user_sigframe((struct fregs_state __user *) buf);
-
- if (unlikely(err) && __clear_user(buf, fpu_user_xstate_size))
- err = -EFAULT;
- return err;
+ return fnsave_to_user_sigframe((struct fregs_state __user *) buf);
}
/*
@@ -218,9 +212,9 @@ int copy_fpstate_to_sigframe(void __user
fpregs_unlock();
if (ret) {
- if (!fault_in_pages_writeable(buf_fx, fpu_user_xstate_size))
+ if (!__clear_user(buf_fx, fpu_user_xstate_size))
goto retry;
- return -EFAULT;
+ return -1;
}
/* Save the fsave header for the 32-bit frames. */
^ permalink raw reply [flat|nested] 47+ messages in thread
* [tip: x86/fpu] x86/fpu/signal: Move xstate clearing out of copy_fpregs_to_sigframe()
2021-09-08 13:29 ` [patch V3 13/20] x86/fpu/signal: Move xstate clearing out of copy_fpregs_to_sigframe() Thomas Gleixner
@ 2021-09-14 19:19 ` tip-bot2 for Thomas Gleixner
0 siblings, 0 replies; 47+ messages in thread
From: tip-bot2 for Thomas Gleixner @ 2021-09-14 19:19 UTC (permalink / raw)
To: linux-tip-commits
Cc: Al Viro, Thomas Gleixner, Borislav Petkov, x86, linux-kernel
The following commit has been merged into the x86/fpu branch of tip:
Commit-ID: fcfb7163329ce832aafef31f26345ef5e8642a17
Gitweb: https://git.kernel.org/tip/fcfb7163329ce832aafef31f26345ef5e8642a17
Author: Thomas Gleixner <tglx@linutronix.de>
AuthorDate: Wed, 08 Sep 2021 15:29:30 +02:00
Committer: Borislav Petkov <bp@suse.de>
CommitterDate: Tue, 14 Sep 2021 21:10:03 +02:00
x86/fpu/signal: Move xstate clearing out of copy_fpregs_to_sigframe()
When the direct saving of the FPU registers to the user space sigframe
fails, copy_fpregs_to_sigframe() attempts to clear the user buffer.
The most likely reason for such a fail is a page fault. As
copy_fpregs_to_sigframe() is invoked with pagefaults disabled the chance
that __clear_user() succeeds is minuscule.
Move the clearing out into the caller which replaces the
fault_in_pages_writeable() in that error handling path.
The return value confusion will be cleaned up separately.
Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lkml.kernel.org/r/20210908132525.679356300@linutronix.de
---
arch/x86/kernel/fpu/signal.c | 18 ++++++------------
1 file changed, 6 insertions(+), 12 deletions(-)
diff --git a/arch/x86/kernel/fpu/signal.c b/arch/x86/kernel/fpu/signal.c
index 5ca3ce9..c4abbd9 100644
--- a/arch/x86/kernel/fpu/signal.c
+++ b/arch/x86/kernel/fpu/signal.c
@@ -136,18 +136,12 @@ static inline int save_xstate_epilog(void __user *buf, int ia32_frame)
static inline int copy_fpregs_to_sigframe(struct xregs_state __user *buf)
{
- int err;
-
if (use_xsave())
- err = xsave_to_user_sigframe(buf);
- else if (use_fxsr())
- err = fxsave_to_user_sigframe((struct fxregs_state __user *) buf);
+ return xsave_to_user_sigframe(buf);
+ if (use_fxsr())
+ return fxsave_to_user_sigframe((struct fxregs_state __user *) buf);
else
- err = fnsave_to_user_sigframe((struct fregs_state __user *) buf);
-
- if (unlikely(err) && __clear_user(buf, fpu_user_xstate_size))
- err = -EFAULT;
- return err;
+ return fnsave_to_user_sigframe((struct fregs_state __user *) buf);
}
/*
@@ -218,9 +212,9 @@ retry:
fpregs_unlock();
if (ret) {
- if (!fault_in_pages_writeable(buf_fx, fpu_user_xstate_size))
+ if (!__clear_user(buf_fx, fpu_user_xstate_size))
goto retry;
- return -EFAULT;
+ return -1;
}
/* Save the fsave header for the 32-bit frames. */
^ permalink raw reply related [flat|nested] 47+ messages in thread
* [patch V3 14/20] x86/fpu/signal: Change return type of copy_fpstate_to_sigframe() to boolean
2021-09-08 13:29 [patch V3 00/20] x86/fpu: Clean up exception fixups and error handling in sigframe related code Thomas Gleixner
` (12 preceding siblings ...)
2021-09-08 13:29 ` [patch V3 13/20] x86/fpu/signal: Move xstate clearing out of copy_fpregs_to_sigframe() Thomas Gleixner
@ 2021-09-08 13:29 ` Thomas Gleixner
2021-09-14 19:19 ` [tip: x86/fpu] " tip-bot2 for Thomas Gleixner
2021-09-08 13:29 ` [patch V3 15/20] x86/fpu/signal: Change return type of copy_fpregs_to_sigframe() helpers " Thomas Gleixner
` (6 subsequent siblings)
20 siblings, 1 reply; 47+ messages in thread
From: Thomas Gleixner @ 2021-09-08 13:29 UTC (permalink / raw)
To: LKML
Cc: x86, Al Viro, Linus Torvalds, Tony Luck, Alexei Starovoitov,
Peter Ziljstra, Song Liu, Daniel Borkmann
None of the call sites cares about the actual return code. Change the
return type to boolean and return 'true' on success.
Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
---
arch/x86/ia32/ia32_signal.c | 4 ++--
arch/x86/include/asm/fpu/internal.h | 2 +-
arch/x86/kernel/fpu/signal.c | 20 ++++++++++----------
arch/x86/kernel/signal.c | 4 +---
4 files changed, 14 insertions(+), 16 deletions(-)
--- a/arch/x86/ia32/ia32_signal.c
+++ b/arch/x86/ia32/ia32_signal.c
@@ -220,8 +220,8 @@ static void __user *get_sigframe(struct
sp = fpu__alloc_mathframe(sp, 1, &fx_aligned, &math_size);
*fpstate = (struct _fpstate_32 __user *) sp;
- if (copy_fpstate_to_sigframe(*fpstate, (void __user *)fx_aligned,
- math_size) < 0)
+ if (!copy_fpstate_to_sigframe(*fpstate, (void __user *)fx_aligned,
+ math_size))
return (void __user *) -1L;
sp -= frame_size;
--- a/arch/x86/include/asm/fpu/internal.h
+++ b/arch/x86/include/asm/fpu/internal.h
@@ -418,7 +418,7 @@ static inline void restore_fpregs_from_f
__restore_fpregs_from_fpstate(fpstate, xfeatures_mask_fpstate());
}
-extern int copy_fpstate_to_sigframe(void __user *buf, void __user *fp, int size);
+extern bool copy_fpstate_to_sigframe(void __user *buf, void __user *fp, int size);
/*
* FPU context switch related helper methods:
--- a/arch/x86/kernel/fpu/signal.c
+++ b/arch/x86/kernel/fpu/signal.c
@@ -165,7 +165,7 @@ static inline int copy_fpregs_to_sigfram
* For [f]xsave state, update the SW reserved fields in the [f]xsave frame
* indicating the absence/presence of the extended state to the user.
*/
-int copy_fpstate_to_sigframe(void __user *buf, void __user *buf_fx, int size)
+bool copy_fpstate_to_sigframe(void __user *buf, void __user *buf_fx, int size)
{
struct task_struct *tsk = current;
int ia32_fxstate = (buf != buf_fx);
@@ -176,13 +176,14 @@ int copy_fpstate_to_sigframe(void __user
if (!static_cpu_has(X86_FEATURE_FPU)) {
struct user_i387_ia32_struct fp;
+
fpregs_soft_get(current, NULL, (struct membuf){.p = &fp,
.left = sizeof(fp)});
- return copy_to_user(buf, &fp, sizeof(fp)) ? -EFAULT : 0;
+ return !copy_to_user(buf, &fp, sizeof(fp));
}
if (!access_ok(buf, size))
- return -EACCES;
+ return false;
if (use_xsave()) {
struct xregs_state __user *xbuf = buf_fx;
@@ -191,9 +192,8 @@ int copy_fpstate_to_sigframe(void __user
* Clear the xsave header first, so that reserved fields are
* initialized to zero.
*/
- ret = __clear_user(&xbuf->header, sizeof(xbuf->header));
- if (unlikely(ret))
- return ret;
+ if (__clear_user(&xbuf->header, sizeof(xbuf->header)))
+ return false;
}
retry:
/*
@@ -214,17 +214,17 @@ int copy_fpstate_to_sigframe(void __user
if (ret) {
if (!__clear_user(buf_fx, fpu_user_xstate_size))
goto retry;
- return -1;
+ return false;
}
/* Save the fsave header for the 32-bit frames. */
if ((ia32_fxstate || !use_fxsr()) && save_fsave_header(tsk, buf))
- return -1;
+ return false;
if (use_fxsr() && save_xstate_epilog(buf_fx, ia32_fxstate))
- return -1;
+ return false;
- return 0;
+ return true;
}
static int __restore_fpregs_from_user(void __user *buf, u64 xrestore,
--- a/arch/x86/kernel/signal.c
+++ b/arch/x86/kernel/signal.c
@@ -244,7 +244,6 @@ get_sigframe(struct k_sigaction *ka, str
unsigned long math_size = 0;
unsigned long sp = regs->sp;
unsigned long buf_fx = 0;
- int ret;
/* redzone */
if (IS_ENABLED(CONFIG_X86_64))
@@ -292,8 +291,7 @@ get_sigframe(struct k_sigaction *ka, str
}
/* save i387 and extended state */
- ret = copy_fpstate_to_sigframe(*fpstate, (void __user *)buf_fx, math_size);
- if (ret < 0)
+ if (!copy_fpstate_to_sigframe(*fpstate, (void __user *)buf_fx, math_size))
return (void __user *)-1L;
return (void __user *)sp;
^ permalink raw reply [flat|nested] 47+ messages in thread
* [tip: x86/fpu] x86/fpu/signal: Change return type of copy_fpstate_to_sigframe() to boolean
2021-09-08 13:29 ` [patch V3 14/20] x86/fpu/signal: Change return type of copy_fpstate_to_sigframe() to boolean Thomas Gleixner
@ 2021-09-14 19:19 ` tip-bot2 for Thomas Gleixner
0 siblings, 0 replies; 47+ messages in thread
From: tip-bot2 for Thomas Gleixner @ 2021-09-14 19:19 UTC (permalink / raw)
To: linux-tip-commits
Cc: Al Viro, Thomas Gleixner, Borislav Petkov, x86, linux-kernel
The following commit has been merged into the x86/fpu branch of tip:
Commit-ID: 052adee668284b67105375c0a524f16a423f1424
Gitweb: https://git.kernel.org/tip/052adee668284b67105375c0a524f16a423f1424
Author: Thomas Gleixner <tglx@linutronix.de>
AuthorDate: Wed, 08 Sep 2021 15:29:32 +02:00
Committer: Borislav Petkov <bp@suse.de>
CommitterDate: Tue, 14 Sep 2021 21:10:03 +02:00
x86/fpu/signal: Change return type of copy_fpstate_to_sigframe() to boolean
None of the call sites cares about the actual return code. Change the
return type to boolean and return 'true' on success.
Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lkml.kernel.org/r/20210908132525.736773588@linutronix.de
---
arch/x86/ia32/ia32_signal.c | 4 ++--
arch/x86/include/asm/fpu/internal.h | 2 +-
arch/x86/kernel/fpu/signal.c | 20 ++++++++++----------
arch/x86/kernel/signal.c | 4 +---
4 files changed, 14 insertions(+), 16 deletions(-)
diff --git a/arch/x86/ia32/ia32_signal.c b/arch/x86/ia32/ia32_signal.c
index 5e3d9b7..023198e 100644
--- a/arch/x86/ia32/ia32_signal.c
+++ b/arch/x86/ia32/ia32_signal.c
@@ -220,8 +220,8 @@ static void __user *get_sigframe(struct ksignal *ksig, struct pt_regs *regs,
sp = fpu__alloc_mathframe(sp, 1, &fx_aligned, &math_size);
*fpstate = (struct _fpstate_32 __user *) sp;
- if (copy_fpstate_to_sigframe(*fpstate, (void __user *)fx_aligned,
- math_size) < 0)
+ if (!copy_fpstate_to_sigframe(*fpstate, (void __user *)fx_aligned,
+ math_size))
return (void __user *) -1L;
sp -= frame_size;
diff --git a/arch/x86/include/asm/fpu/internal.h b/arch/x86/include/asm/fpu/internal.h
index c856ca4..74aa53e 100644
--- a/arch/x86/include/asm/fpu/internal.h
+++ b/arch/x86/include/asm/fpu/internal.h
@@ -386,7 +386,7 @@ static inline void restore_fpregs_from_fpstate(union fpregs_state *fpstate)
__restore_fpregs_from_fpstate(fpstate, xfeatures_mask_fpstate());
}
-extern int copy_fpstate_to_sigframe(void __user *buf, void __user *fp, int size);
+extern bool copy_fpstate_to_sigframe(void __user *buf, void __user *fp, int size);
/*
* FPU context switch related helper methods:
diff --git a/arch/x86/kernel/fpu/signal.c b/arch/x86/kernel/fpu/signal.c
index c4abbd9..7ce396d 100644
--- a/arch/x86/kernel/fpu/signal.c
+++ b/arch/x86/kernel/fpu/signal.c
@@ -165,7 +165,7 @@ static inline int copy_fpregs_to_sigframe(struct xregs_state __user *buf)
* For [f]xsave state, update the SW reserved fields in the [f]xsave frame
* indicating the absence/presence of the extended state to the user.
*/
-int copy_fpstate_to_sigframe(void __user *buf, void __user *buf_fx, int size)
+bool copy_fpstate_to_sigframe(void __user *buf, void __user *buf_fx, int size)
{
struct task_struct *tsk = current;
int ia32_fxstate = (buf != buf_fx);
@@ -176,13 +176,14 @@ int copy_fpstate_to_sigframe(void __user *buf, void __user *buf_fx, int size)
if (!static_cpu_has(X86_FEATURE_FPU)) {
struct user_i387_ia32_struct fp;
+
fpregs_soft_get(current, NULL, (struct membuf){.p = &fp,
.left = sizeof(fp)});
- return copy_to_user(buf, &fp, sizeof(fp)) ? -EFAULT : 0;
+ return !copy_to_user(buf, &fp, sizeof(fp));
}
if (!access_ok(buf, size))
- return -EACCES;
+ return false;
if (use_xsave()) {
struct xregs_state __user *xbuf = buf_fx;
@@ -191,9 +192,8 @@ int copy_fpstate_to_sigframe(void __user *buf, void __user *buf_fx, int size)
* Clear the xsave header first, so that reserved fields are
* initialized to zero.
*/
- ret = __clear_user(&xbuf->header, sizeof(xbuf->header));
- if (unlikely(ret))
- return ret;
+ if (__clear_user(&xbuf->header, sizeof(xbuf->header)))
+ return false;
}
retry:
/*
@@ -214,17 +214,17 @@ retry:
if (ret) {
if (!__clear_user(buf_fx, fpu_user_xstate_size))
goto retry;
- return -1;
+ return false;
}
/* Save the fsave header for the 32-bit frames. */
if ((ia32_fxstate || !use_fxsr()) && save_fsave_header(tsk, buf))
- return -1;
+ return false;
if (use_fxsr() && save_xstate_epilog(buf_fx, ia32_fxstate))
- return -1;
+ return false;
- return 0;
+ return true;
}
static int __restore_fpregs_from_user(void __user *buf, u64 xrestore,
diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c
index f4d21e4..5f623a1 100644
--- a/arch/x86/kernel/signal.c
+++ b/arch/x86/kernel/signal.c
@@ -244,7 +244,6 @@ get_sigframe(struct k_sigaction *ka, struct pt_regs *regs, size_t frame_size,
unsigned long math_size = 0;
unsigned long sp = regs->sp;
unsigned long buf_fx = 0;
- int ret;
/* redzone */
if (IS_ENABLED(CONFIG_X86_64))
@@ -292,8 +291,7 @@ get_sigframe(struct k_sigaction *ka, struct pt_regs *regs, size_t frame_size,
}
/* save i387 and extended state */
- ret = copy_fpstate_to_sigframe(*fpstate, (void __user *)buf_fx, math_size);
- if (ret < 0)
+ if (!copy_fpstate_to_sigframe(*fpstate, (void __user *)buf_fx, math_size))
return (void __user *)-1L;
return (void __user *)sp;
^ permalink raw reply related [flat|nested] 47+ messages in thread
* [patch V3 15/20] x86/fpu/signal: Change return type of copy_fpregs_to_sigframe() helpers to boolean
2021-09-08 13:29 [patch V3 00/20] x86/fpu: Clean up exception fixups and error handling in sigframe related code Thomas Gleixner
` (13 preceding siblings ...)
2021-09-08 13:29 ` [patch V3 14/20] x86/fpu/signal: Change return type of copy_fpstate_to_sigframe() to boolean Thomas Gleixner
@ 2021-09-08 13:29 ` Thomas Gleixner
2021-09-14 19:19 ` [tip: x86/fpu] " tip-bot2 for Thomas Gleixner
2021-09-21 10:58 ` [patch V3 15/20] " Anders Roxell
2021-09-08 13:29 ` [patch V3 16/20] x86/signal: Change return type of restore_sigcontext() " Thomas Gleixner
` (5 subsequent siblings)
20 siblings, 2 replies; 47+ messages in thread
From: Thomas Gleixner @ 2021-09-08 13:29 UTC (permalink / raw)
To: LKML
Cc: x86, Al Viro, Linus Torvalds, Tony Luck, Alexei Starovoitov,
Peter Ziljstra, Song Liu, Daniel Borkmann
Now that copy_fpregs_to_sigframe() returns boolean the individual return
codes in the related helper functions do not make sense anymore. Change
them to return boolean success/fail.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
---
arch/x86/kernel/fpu/signal.c | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
--- a/arch/x86/kernel/fpu/signal.c
+++ b/arch/x86/kernel/fpu/signal.c
@@ -65,7 +65,7 @@ static inline int check_xstate_in_sigfra
/*
* Signal frame handlers.
*/
-static inline int save_fsave_header(struct task_struct *tsk, void __user *buf)
+static inline bool save_fsave_header(struct task_struct *tsk, void __user *buf)
{
if (use_fxsr()) {
struct xregs_state *xsave = &tsk->thread.fpu.state.xsave;
@@ -82,18 +82,19 @@ static inline int save_fsave_header(stru
if (__copy_to_user(buf, &env, sizeof(env)) ||
__put_user(xsave->i387.swd, &fp->status) ||
__put_user(X86_FXSR_MAGIC, &fp->magic))
- return -1;
+ return false;
} else {
struct fregs_state __user *fp = buf;
u32 swd;
+
if (__get_user(swd, &fp->swd) || __put_user(swd, &fp->status))
- return -1;
+ return false;
}
- return 0;
+ return true;
}
-static inline int save_xstate_epilog(void __user *buf, int ia32_frame)
+static inline bool save_xstate_epilog(void __user *buf, int ia32_frame)
{
struct xregs_state __user *x = buf;
struct _fpx_sw_bytes *sw_bytes;
@@ -131,7 +132,7 @@ static inline int save_xstate_epilog(voi
err |= __put_user(xfeatures, (__u32 __user *)&x->header.xfeatures);
- return err;
+ return !err;
}
static inline int copy_fpregs_to_sigframe(struct xregs_state __user *buf)
@@ -219,10 +220,10 @@ bool copy_fpstate_to_sigframe(void __use
}
/* Save the fsave header for the 32-bit frames. */
- if ((ia32_fxstate || !use_fxsr()) && save_fsave_header(tsk, buf))
+ if ((ia32_fxstate || !use_fxsr()) && !save_fsave_header(tsk, buf))
return false;
- if (use_fxsr() && save_xstate_epilog(buf_fx, ia32_fxstate))
+ if (use_fxsr() && !save_xstate_epilog(buf_fx, ia32_fxstate))
return false;
return true;
^ permalink raw reply [flat|nested] 47+ messages in thread
* [tip: x86/fpu] x86/fpu/signal: Change return type of copy_fpregs_to_sigframe() helpers to boolean
2021-09-08 13:29 ` [patch V3 15/20] x86/fpu/signal: Change return type of copy_fpregs_to_sigframe() helpers " Thomas Gleixner
@ 2021-09-14 19:19 ` tip-bot2 for Thomas Gleixner
2021-09-21 10:58 ` [patch V3 15/20] " Anders Roxell
1 sibling, 0 replies; 47+ messages in thread
From: tip-bot2 for Thomas Gleixner @ 2021-09-14 19:19 UTC (permalink / raw)
To: linux-tip-commits; +Cc: Thomas Gleixner, Borislav Petkov, x86, linux-kernel
The following commit has been merged into the x86/fpu branch of tip:
Commit-ID: 2af07f3a6e9fb81331421ca24b26a96180d792dd
Gitweb: https://git.kernel.org/tip/2af07f3a6e9fb81331421ca24b26a96180d792dd
Author: Thomas Gleixner <tglx@linutronix.de>
AuthorDate: Wed, 08 Sep 2021 15:29:34 +02:00
Committer: Borislav Petkov <bp@suse.de>
CommitterDate: Tue, 14 Sep 2021 21:10:03 +02:00
x86/fpu/signal: Change return type of copy_fpregs_to_sigframe() helpers to boolean
Now that copy_fpregs_to_sigframe() returns boolean the individual return
codes in the related helper functions do not make sense anymore. Change
them to return boolean success/fail.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lkml.kernel.org/r/20210908132525.794334915@linutronix.de
---
arch/x86/kernel/fpu/signal.c | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/arch/x86/kernel/fpu/signal.c b/arch/x86/kernel/fpu/signal.c
index 7ce396d..1d10fe9 100644
--- a/arch/x86/kernel/fpu/signal.c
+++ b/arch/x86/kernel/fpu/signal.c
@@ -65,7 +65,7 @@ setfx:
/*
* Signal frame handlers.
*/
-static inline int save_fsave_header(struct task_struct *tsk, void __user *buf)
+static inline bool save_fsave_header(struct task_struct *tsk, void __user *buf)
{
if (use_fxsr()) {
struct xregs_state *xsave = &tsk->thread.fpu.state.xsave;
@@ -82,18 +82,19 @@ static inline int save_fsave_header(struct task_struct *tsk, void __user *buf)
if (__copy_to_user(buf, &env, sizeof(env)) ||
__put_user(xsave->i387.swd, &fp->status) ||
__put_user(X86_FXSR_MAGIC, &fp->magic))
- return -1;
+ return false;
} else {
struct fregs_state __user *fp = buf;
u32 swd;
+
if (__get_user(swd, &fp->swd) || __put_user(swd, &fp->status))
- return -1;
+ return false;
}
- return 0;
+ return true;
}
-static inline int save_xstate_epilog(void __user *buf, int ia32_frame)
+static inline bool save_xstate_epilog(void __user *buf, int ia32_frame)
{
struct xregs_state __user *x = buf;
struct _fpx_sw_bytes *sw_bytes;
@@ -131,7 +132,7 @@ static inline int save_xstate_epilog(void __user *buf, int ia32_frame)
err |= __put_user(xfeatures, (__u32 __user *)&x->header.xfeatures);
- return err;
+ return !err;
}
static inline int copy_fpregs_to_sigframe(struct xregs_state __user *buf)
@@ -218,10 +219,10 @@ retry:
}
/* Save the fsave header for the 32-bit frames. */
- if ((ia32_fxstate || !use_fxsr()) && save_fsave_header(tsk, buf))
+ if ((ia32_fxstate || !use_fxsr()) && !save_fsave_header(tsk, buf))
return false;
- if (use_fxsr() && save_xstate_epilog(buf_fx, ia32_fxstate))
+ if (use_fxsr() && !save_xstate_epilog(buf_fx, ia32_fxstate))
return false;
return true;
^ permalink raw reply related [flat|nested] 47+ messages in thread
* Re: [patch V3 15/20] x86/fpu/signal: Change return type of copy_fpregs_to_sigframe() helpers to boolean
2021-09-08 13:29 ` [patch V3 15/20] x86/fpu/signal: Change return type of copy_fpregs_to_sigframe() helpers " Thomas Gleixner
2021-09-14 19:19 ` [tip: x86/fpu] " tip-bot2 for Thomas Gleixner
@ 2021-09-21 10:58 ` Anders Roxell
2021-09-21 17:35 ` Nick Desaulniers
2021-09-21 20:13 ` Thomas Gleixner
1 sibling, 2 replies; 47+ messages in thread
From: Anders Roxell @ 2021-09-21 10:58 UTC (permalink / raw)
To: Thomas Gleixner
Cc: LKML, maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT),
Al Viro, Linus Torvalds, Tony Luck, Alexei Starovoitov,
Peter Ziljstra, Song Liu, Daniel Borkmann
On Wed, 8 Sept 2021 at 15:30, Thomas Gleixner <tglx@linutronix.de> wrote:
>
> Now that copy_fpregs_to_sigframe() returns boolean the individual return
> codes in the related helper functions do not make sense anymore. Change
> them to return boolean success/fail.
>
> Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
When I build and boot (qemu_x86_64) a defconfig kernel on from todays
next tag next-20210921 I see the following segmentation fault
2021-09-21T10:11:45 <6>[ 1.622922] mount (89) used greatest stack
depth: 14384 bytes left
2021-09-21T10:11:45 <6>[ 1.664760] EXT4-fs (sda): re-mounted. Opts:
(null). Quota mode: none.
2021-09-21T10:11:45 <6>[ 1.691041] mkdir (92) used greatest stack
depth: 14312 bytes left
2021-09-21T10:11:45 <6>[ 1.713201] mount (93) used greatest stack
depth: 13720 bytes left
2021-09-21T10:11:46 Starting syslogd: /etc/init.d/rcS: line 12: 101
Segmentation fault $i start
I did a bisection and found this as the faulty patch [1]. When I
revert this patch I can't see the issue.
We noticed that function 'save_xstate_epilog()' changes the polarity
of its return code for one of the return statements, and for its only
caller. but not for the other return statement.
I tried this patch and I couldn't see the segmentation fault.
diff --git a/arch/x86/kernel/fpu/signal.c b/arch/x86/kernel/fpu/signal.c
index 445c57c9c539..61eeebc04427 100644
--- a/arch/x86/kernel/fpu/signal.c
+++ b/arch/x86/kernel/fpu/signal.c
@@ -104,7 +104,7 @@ static inline int save_xstate_epilog(void __user
*buf, int ia32_frame)
err = __copy_to_user(&x->i387.sw_reserved, sw_bytes, sizeof(*sw_bytes));
if (!use_xsave())
- return err;
+ return !err;
err |= __put_user(FP_XSTATE_MAGIC2,
(__u32 __user *)(buf + fpu_user_xstate_size));
Cheers,
Anders
[1] http://ix.io/3zxf
> ---
> arch/x86/kernel/fpu/signal.c | 17 +++++++++--------
> 1 file changed, 9 insertions(+), 8 deletions(-)
>
> --- a/arch/x86/kernel/fpu/signal.c
> +++ b/arch/x86/kernel/fpu/signal.c
> @@ -65,7 +65,7 @@ static inline int check_xstate_in_sigfra
> /*
> * Signal frame handlers.
> */
> -static inline int save_fsave_header(struct task_struct *tsk, void __user *buf)
> +static inline bool save_fsave_header(struct task_struct *tsk, void __user *buf)
> {
> if (use_fxsr()) {
> struct xregs_state *xsave = &tsk->thread.fpu.state.xsave;
> @@ -82,18 +82,19 @@ static inline int save_fsave_header(stru
> if (__copy_to_user(buf, &env, sizeof(env)) ||
> __put_user(xsave->i387.swd, &fp->status) ||
> __put_user(X86_FXSR_MAGIC, &fp->magic))
> - return -1;
> + return false;
> } else {
> struct fregs_state __user *fp = buf;
> u32 swd;
> +
> if (__get_user(swd, &fp->swd) || __put_user(swd, &fp->status))
> - return -1;
> + return false;
> }
>
> - return 0;
> + return true;
> }
>
> -static inline int save_xstate_epilog(void __user *buf, int ia32_frame)
> +static inline bool save_xstate_epilog(void __user *buf, int ia32_frame)
> {
> struct xregs_state __user *x = buf;
> struct _fpx_sw_bytes *sw_bytes;
> @@ -131,7 +132,7 @@ static inline int save_xstate_epilog(voi
>
> err |= __put_user(xfeatures, (__u32 __user *)&x->header.xfeatures);
>
> - return err;
> + return !err;
> }
>
> static inline int copy_fpregs_to_sigframe(struct xregs_state __user *buf)
> @@ -219,10 +220,10 @@ bool copy_fpstate_to_sigframe(void __use
> }
>
> /* Save the fsave header for the 32-bit frames. */
> - if ((ia32_fxstate || !use_fxsr()) && save_fsave_header(tsk, buf))
> + if ((ia32_fxstate || !use_fxsr()) && !save_fsave_header(tsk, buf))
> return false;
>
> - if (use_fxsr() && save_xstate_epilog(buf_fx, ia32_fxstate))
> + if (use_fxsr() && !save_xstate_epilog(buf_fx, ia32_fxstate))
> return false;
>
> return true;
>
^ permalink raw reply related [flat|nested] 47+ messages in thread
* Re: [patch V3 15/20] x86/fpu/signal: Change return type of copy_fpregs_to_sigframe() helpers to boolean
2021-09-21 10:58 ` [patch V3 15/20] " Anders Roxell
@ 2021-09-21 17:35 ` Nick Desaulniers
2021-09-22 18:23 ` Nick Desaulniers
2021-09-21 20:13 ` Thomas Gleixner
1 sibling, 1 reply; 47+ messages in thread
From: Nick Desaulniers @ 2021-09-21 17:35 UTC (permalink / raw)
To: Anders Roxell
Cc: Thomas Gleixner, LKML,
maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT),
Al Viro, Linus Torvalds, Tony Luck, Alexei Starovoitov,
Peter Ziljstra, Song Liu, Daniel Borkmann, Nathan Chancellor,
Andrew Cooper
On Tue, Sep 21, 2021 at 12:58:34PM +0200, Anders Roxell wrote:
> On Wed, 8 Sept 2021 at 15:30, Thomas Gleixner <tglx@linutronix.de> wrote:
> >
> > Now that copy_fpregs_to_sigframe() returns boolean the individual return
> > codes in the related helper functions do not make sense anymore. Change
> > them to return boolean success/fail.
> >
> > Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
>
> When I build and boot (qemu_x86_64) a defconfig kernel on from todays
> next tag next-20210921 I see the following segmentation fault
>
> 2021-09-21T10:11:45 <6>[ 1.622922] mount (89) used greatest stack
> depth: 14384 bytes left
> 2021-09-21T10:11:45 <6>[ 1.664760] EXT4-fs (sda): re-mounted. Opts:
> (null). Quota mode: none.
> 2021-09-21T10:11:45 <6>[ 1.691041] mkdir (92) used greatest stack
> depth: 14312 bytes left
> 2021-09-21T10:11:45 <6>[ 1.713201] mount (93) used greatest stack
> depth: 13720 bytes left
> 2021-09-21T10:11:46 Starting syslogd: /etc/init.d/rcS: line 12: 101
> Segmentation fault $i start
>
>
> I did a bisection and found this as the faulty patch [1]. When I
> revert this patch I can't see the issue.
>
> We noticed that function 'save_xstate_epilog()' changes the polarity
> of its return code for one of the return statements, and for its only
> caller. but not for the other return statement.
>
> I tried this patch and I couldn't see the segmentation fault.
>
> diff --git a/arch/x86/kernel/fpu/signal.c b/arch/x86/kernel/fpu/signal.c
> index 445c57c9c539..61eeebc04427 100644
> --- a/arch/x86/kernel/fpu/signal.c
> +++ b/arch/x86/kernel/fpu/signal.c
> @@ -104,7 +104,7 @@ static inline int save_xstate_epilog(void __user
> *buf, int ia32_frame)
> err = __copy_to_user(&x->i387.sw_reserved, sw_bytes, sizeof(*sw_bytes));
>
> if (!use_xsave())
> - return err;
> + return !err;
>
> err |= __put_user(FP_XSTATE_MAGIC2,
> (__u32 __user *)(buf + fpu_user_xstate_size));
Thank for the report. Our CI watching tip has also been super red over
the past day or so; all boot failures.
Andrew Cooper reported this diff to me on IRC; I tested out the above
and it fixes the boot failure for us.
Tested-by: Nick Desaulniers <ndesaulniers@google.com>
Link: https://github.com/ClangBuiltLinux/linux/issues/1461
Our CI used -cpu Nehalem for qemu since KVM isn't exposed to the bots on
github actions, FWIW.
https://github.com/ClangBuiltLinux/boot-utils/blob/2edbca214f9a4cabd3f138ea029015d6cf52d110/boot-qemu.sh#L278-L288
>
>
>
> Cheers,
> Anders
> [1] http://ix.io/3zxf
>
> > ---
> > arch/x86/kernel/fpu/signal.c | 17 +++++++++--------
> > 1 file changed, 9 insertions(+), 8 deletions(-)
> >
> > --- a/arch/x86/kernel/fpu/signal.c
> > +++ b/arch/x86/kernel/fpu/signal.c
> > @@ -65,7 +65,7 @@ static inline int check_xstate_in_sigfra
> > /*
> > * Signal frame handlers.
> > */
> > -static inline int save_fsave_header(struct task_struct *tsk, void __user *buf)
> > +static inline bool save_fsave_header(struct task_struct *tsk, void __user *buf)
> > {
> > if (use_fxsr()) {
> > struct xregs_state *xsave = &tsk->thread.fpu.state.xsave;
> > @@ -82,18 +82,19 @@ static inline int save_fsave_header(stru
> > if (__copy_to_user(buf, &env, sizeof(env)) ||
> > __put_user(xsave->i387.swd, &fp->status) ||
> > __put_user(X86_FXSR_MAGIC, &fp->magic))
> > - return -1;
> > + return false;
> > } else {
> > struct fregs_state __user *fp = buf;
> > u32 swd;
> > +
> > if (__get_user(swd, &fp->swd) || __put_user(swd, &fp->status))
> > - return -1;
> > + return false;
> > }
> >
> > - return 0;
> > + return true;
> > }
> >
> > -static inline int save_xstate_epilog(void __user *buf, int ia32_frame)
> > +static inline bool save_xstate_epilog(void __user *buf, int ia32_frame)
> > {
> > struct xregs_state __user *x = buf;
> > struct _fpx_sw_bytes *sw_bytes;
> > @@ -131,7 +132,7 @@ static inline int save_xstate_epilog(voi
> >
> > err |= __put_user(xfeatures, (__u32 __user *)&x->header.xfeatures);
> >
> > - return err;
> > + return !err;
> > }
> >
> > static inline int copy_fpregs_to_sigframe(struct xregs_state __user *buf)
> > @@ -219,10 +220,10 @@ bool copy_fpstate_to_sigframe(void __use
> > }
> >
> > /* Save the fsave header for the 32-bit frames. */
> > - if ((ia32_fxstate || !use_fxsr()) && save_fsave_header(tsk, buf))
> > + if ((ia32_fxstate || !use_fxsr()) && !save_fsave_header(tsk, buf))
> > return false;
> >
> > - if (use_fxsr() && save_xstate_epilog(buf_fx, ia32_fxstate))
> > + if (use_fxsr() && !save_xstate_epilog(buf_fx, ia32_fxstate))
> > return false;
> >
> > return true;
> >
^ permalink raw reply [flat|nested] 47+ messages in thread
* Re: [patch V3 15/20] x86/fpu/signal: Change return type of copy_fpregs_to_sigframe() helpers to boolean
2021-09-21 17:35 ` Nick Desaulniers
@ 2021-09-22 18:23 ` Nick Desaulniers
0 siblings, 0 replies; 47+ messages in thread
From: Nick Desaulniers @ 2021-09-22 18:23 UTC (permalink / raw)
To: Anders Roxell
Cc: Thomas Gleixner, LKML,
maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT),
Al Viro, Linus Torvalds, Tony Luck, Alexei Starovoitov,
Peter Ziljstra, Song Liu, Daniel Borkmann, Nathan Chancellor,
Andrew Cooper
+ Andrew (sorry, I messed up your address on the previous message)
On Tue, Sep 21, 2021 at 10:36 AM Nick Desaulniers
<ndesaulniers@google.com> wrote:
>
> On Tue, Sep 21, 2021 at 12:58:34PM +0200, Anders Roxell wrote:
> > On Wed, 8 Sept 2021 at 15:30, Thomas Gleixner <tglx@linutronix.de> wrote:
> > >
> > > Now that copy_fpregs_to_sigframe() returns boolean the individual return
> > > codes in the related helper functions do not make sense anymore. Change
> > > them to return boolean success/fail.
> > >
> > > Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
> >
> > When I build and boot (qemu_x86_64) a defconfig kernel on from todays
> > next tag next-20210921 I see the following segmentation fault
> >
> > 2021-09-21T10:11:45 <6>[ 1.622922] mount (89) used greatest stack
> > depth: 14384 bytes left
> > 2021-09-21T10:11:45 <6>[ 1.664760] EXT4-fs (sda): re-mounted. Opts:
> > (null). Quota mode: none.
> > 2021-09-21T10:11:45 <6>[ 1.691041] mkdir (92) used greatest stack
> > depth: 14312 bytes left
> > 2021-09-21T10:11:45 <6>[ 1.713201] mount (93) used greatest stack
> > depth: 13720 bytes left
> > 2021-09-21T10:11:46 Starting syslogd: /etc/init.d/rcS: line 12: 101
> > Segmentation fault $i start
> >
> >
> > I did a bisection and found this as the faulty patch [1]. When I
> > revert this patch I can't see the issue.
> >
> > We noticed that function 'save_xstate_epilog()' changes the polarity
> > of its return code for one of the return statements, and for its only
> > caller. but not for the other return statement.
> >
> > I tried this patch and I couldn't see the segmentation fault.
> >
> > diff --git a/arch/x86/kernel/fpu/signal.c b/arch/x86/kernel/fpu/signal.c
> > index 445c57c9c539..61eeebc04427 100644
> > --- a/arch/x86/kernel/fpu/signal.c
> > +++ b/arch/x86/kernel/fpu/signal.c
> > @@ -104,7 +104,7 @@ static inline int save_xstate_epilog(void __user
> > *buf, int ia32_frame)
> > err = __copy_to_user(&x->i387.sw_reserved, sw_bytes, sizeof(*sw_bytes));
> >
> > if (!use_xsave())
> > - return err;
> > + return !err;
> >
> > err |= __put_user(FP_XSTATE_MAGIC2,
> > (__u32 __user *)(buf + fpu_user_xstate_size));
>
> Thank for the report. Our CI watching tip has also been super red over
> the past day or so; all boot failures.
>
> Andrew Cooper reported this diff to me on IRC; I tested out the above
> and it fixes the boot failure for us.
>
> Tested-by: Nick Desaulniers <ndesaulniers@google.com>
> Link: https://github.com/ClangBuiltLinux/linux/issues/1461
>
> Our CI used -cpu Nehalem for qemu since KVM isn't exposed to the bots on
> github actions, FWIW.
> https://github.com/ClangBuiltLinux/boot-utils/blob/2edbca214f9a4cabd3f138ea029015d6cf52d110/boot-qemu.sh#L278-L288
>
> >
> >
> >
> > Cheers,
> > Anders
> > [1] http://ix.io/3zxf
> >
> > > ---
> > > arch/x86/kernel/fpu/signal.c | 17 +++++++++--------
> > > 1 file changed, 9 insertions(+), 8 deletions(-)
> > >
> > > --- a/arch/x86/kernel/fpu/signal.c
> > > +++ b/arch/x86/kernel/fpu/signal.c
> > > @@ -65,7 +65,7 @@ static inline int check_xstate_in_sigfra
> > > /*
> > > * Signal frame handlers.
> > > */
> > > -static inline int save_fsave_header(struct task_struct *tsk, void __user *buf)
> > > +static inline bool save_fsave_header(struct task_struct *tsk, void __user *buf)
> > > {
> > > if (use_fxsr()) {
> > > struct xregs_state *xsave = &tsk->thread.fpu.state.xsave;
> > > @@ -82,18 +82,19 @@ static inline int save_fsave_header(stru
> > > if (__copy_to_user(buf, &env, sizeof(env)) ||
> > > __put_user(xsave->i387.swd, &fp->status) ||
> > > __put_user(X86_FXSR_MAGIC, &fp->magic))
> > > - return -1;
> > > + return false;
> > > } else {
> > > struct fregs_state __user *fp = buf;
> > > u32 swd;
> > > +
> > > if (__get_user(swd, &fp->swd) || __put_user(swd, &fp->status))
> > > - return -1;
> > > + return false;
> > > }
> > >
> > > - return 0;
> > > + return true;
> > > }
> > >
> > > -static inline int save_xstate_epilog(void __user *buf, int ia32_frame)
> > > +static inline bool save_xstate_epilog(void __user *buf, int ia32_frame)
> > > {
> > > struct xregs_state __user *x = buf;
> > > struct _fpx_sw_bytes *sw_bytes;
> > > @@ -131,7 +132,7 @@ static inline int save_xstate_epilog(voi
> > >
> > > err |= __put_user(xfeatures, (__u32 __user *)&x->header.xfeatures);
> > >
> > > - return err;
> > > + return !err;
> > > }
> > >
> > > static inline int copy_fpregs_to_sigframe(struct xregs_state __user *buf)
> > > @@ -219,10 +220,10 @@ bool copy_fpstate_to_sigframe(void __use
> > > }
> > >
> > > /* Save the fsave header for the 32-bit frames. */
> > > - if ((ia32_fxstate || !use_fxsr()) && save_fsave_header(tsk, buf))
> > > + if ((ia32_fxstate || !use_fxsr()) && !save_fsave_header(tsk, buf))
> > > return false;
> > >
> > > - if (use_fxsr() && save_xstate_epilog(buf_fx, ia32_fxstate))
> > > + if (use_fxsr() && !save_xstate_epilog(buf_fx, ia32_fxstate))
> > > return false;
> > >
> > > return true;
> > >
--
Thanks,
~Nick Desaulniers
^ permalink raw reply [flat|nested] 47+ messages in thread
* Re: [patch V3 15/20] x86/fpu/signal: Change return type of copy_fpregs_to_sigframe() helpers to boolean
2021-09-21 10:58 ` [patch V3 15/20] " Anders Roxell
2021-09-21 17:35 ` Nick Desaulniers
@ 2021-09-21 20:13 ` Thomas Gleixner
2021-09-22 19:42 ` Anders Roxell
1 sibling, 1 reply; 47+ messages in thread
From: Thomas Gleixner @ 2021-09-21 20:13 UTC (permalink / raw)
To: Anders Roxell
Cc: LKML, maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT),
Al Viro, Linus Torvalds, Tony Luck, Alexei Starovoitov,
Peter Ziljstra, Song Liu, Daniel Borkmann
On Tue, Sep 21 2021 at 12:58, Anders Roxell wrote:
> On Wed, 8 Sept 2021 at 15:30, Thomas Gleixner <tglx@linutronix.de> wrote:
>>
>> Now that copy_fpregs_to_sigframe() returns boolean the individual return
>> codes in the related helper functions do not make sense anymore. Change
>> them to return boolean success/fail.
>>
>> Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
>
> When I build and boot (qemu_x86_64) a defconfig kernel on from todays
> next tag next-20210921 I see the following segmentation fault
>
> 2021-09-21T10:11:45 <6>[ 1.622922] mount (89) used greatest stack
> depth: 14384 bytes left
> 2021-09-21T10:11:45 <6>[ 1.664760] EXT4-fs (sda): re-mounted. Opts:
> (null). Quota mode: none.
> 2021-09-21T10:11:45 <6>[ 1.691041] mkdir (92) used greatest stack
> depth: 14312 bytes left
> 2021-09-21T10:11:45 <6>[ 1.713201] mount (93) used greatest stack
> depth: 13720 bytes left
> 2021-09-21T10:11:46 Starting syslogd: /etc/init.d/rcS: line 12: 101
> Segmentation fault $i start
>
>
> I did a bisection and found this as the faulty patch [1]. When I
> revert this patch I can't see the issue.
>
> We noticed that function 'save_xstate_epilog()' changes the polarity
> of its return code for one of the return statements, and for its only
> caller. but not for the other return statement.
>
> I tried this patch and I couldn't see the segmentation fault.
>
> diff --git a/arch/x86/kernel/fpu/signal.c b/arch/x86/kernel/fpu/signal.c
> index 445c57c9c539..61eeebc04427 100644
> --- a/arch/x86/kernel/fpu/signal.c
> +++ b/arch/x86/kernel/fpu/signal.c
> @@ -104,7 +104,7 @@ static inline int save_xstate_epilog(void __user
> *buf, int ia32_frame)
> err = __copy_to_user(&x->i387.sw_reserved, sw_bytes, sizeof(*sw_bytes));
>
> if (!use_xsave())
> - return err;
> + return !err;
Oops. Good catch. Care to send a proper patch for this?
Thanks,
tglx
^ permalink raw reply [flat|nested] 47+ messages in thread
* Re: [patch V3 15/20] x86/fpu/signal: Change return type of copy_fpregs_to_sigframe() helpers to boolean
2021-09-21 20:13 ` Thomas Gleixner
@ 2021-09-22 19:42 ` Anders Roxell
0 siblings, 0 replies; 47+ messages in thread
From: Anders Roxell @ 2021-09-22 19:42 UTC (permalink / raw)
To: Thomas Gleixner
Cc: LKML, maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT),
Al Viro, Linus Torvalds, Tony Luck, Alexei Starovoitov,
Peter Ziljstra, Song Liu, Daniel Borkmann
On Tue, 21 Sept 2021 at 22:13, Thomas Gleixner <tglx@linutronix.de> wrote:
>
> On Tue, Sep 21 2021 at 12:58, Anders Roxell wrote:
> > On Wed, 8 Sept 2021 at 15:30, Thomas Gleixner <tglx@linutronix.de> wrote:
> >>
> >> Now that copy_fpregs_to_sigframe() returns boolean the individual return
> >> codes in the related helper functions do not make sense anymore. Change
> >> them to return boolean success/fail.
> >>
> >> Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
> >
> > When I build and boot (qemu_x86_64) a defconfig kernel on from todays
> > next tag next-20210921 I see the following segmentation fault
> >
> > 2021-09-21T10:11:45 <6>[ 1.622922] mount (89) used greatest stack
> > depth: 14384 bytes left
> > 2021-09-21T10:11:45 <6>[ 1.664760] EXT4-fs (sda): re-mounted. Opts:
> > (null). Quota mode: none.
> > 2021-09-21T10:11:45 <6>[ 1.691041] mkdir (92) used greatest stack
> > depth: 14312 bytes left
> > 2021-09-21T10:11:45 <6>[ 1.713201] mount (93) used greatest stack
> > depth: 13720 bytes left
> > 2021-09-21T10:11:46 Starting syslogd: /etc/init.d/rcS: line 12: 101
> > Segmentation fault $i start
> >
> >
> > I did a bisection and found this as the faulty patch [1]. When I
> > revert this patch I can't see the issue.
> >
> > We noticed that function 'save_xstate_epilog()' changes the polarity
> > of its return code for one of the return statements, and for its only
> > caller. but not for the other return statement.
> >
> > I tried this patch and I couldn't see the segmentation fault.
> >
> > diff --git a/arch/x86/kernel/fpu/signal.c b/arch/x86/kernel/fpu/signal.c
> > index 445c57c9c539..61eeebc04427 100644
> > --- a/arch/x86/kernel/fpu/signal.c
> > +++ b/arch/x86/kernel/fpu/signal.c
> > @@ -104,7 +104,7 @@ static inline int save_xstate_epilog(void __user
> > *buf, int ia32_frame)
> > err = __copy_to_user(&x->i387.sw_reserved, sw_bytes, sizeof(*sw_bytes));
> >
> > if (!use_xsave())
> > - return err;
> > + return !err;
>
> Oops. Good catch. Care to send a proper patch for this?
Yes I can try to do that.
Cheers,
Anders
^ permalink raw reply [flat|nested] 47+ messages in thread
* [patch V3 16/20] x86/signal: Change return type of restore_sigcontext() to boolean
2021-09-08 13:29 [patch V3 00/20] x86/fpu: Clean up exception fixups and error handling in sigframe related code Thomas Gleixner
` (14 preceding siblings ...)
2021-09-08 13:29 ` [patch V3 15/20] x86/fpu/signal: Change return type of copy_fpregs_to_sigframe() helpers " Thomas Gleixner
@ 2021-09-08 13:29 ` Thomas Gleixner
2021-09-14 19:19 ` [tip: x86/fpu] " tip-bot2 for Thomas Gleixner
2021-09-08 13:29 ` [patch V3 17/20] x86/fpu/signal: Change return type of fpu__restore_sig() " Thomas Gleixner
` (4 subsequent siblings)
20 siblings, 1 reply; 47+ messages in thread
From: Thomas Gleixner @ 2021-09-08 13:29 UTC (permalink / raw)
To: LKML
Cc: x86, Al Viro, Linus Torvalds, Tony Luck, Alexei Starovoitov,
Peter Ziljstra, Song Liu, Daniel Borkmann
None of the call sites cares about the return code. All they are interested
in is success or fail.
Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
---
arch/x86/ia32/ia32_signal.c | 12 ++++++------
arch/x86/kernel/signal.c | 18 +++++++++---------
2 files changed, 15 insertions(+), 15 deletions(-)
--- a/arch/x86/ia32/ia32_signal.c
+++ b/arch/x86/ia32/ia32_signal.c
@@ -57,8 +57,8 @@ static inline void reload_segments(struc
/*
* Do a signal return; undo the signal stack.
*/
-static int ia32_restore_sigcontext(struct pt_regs *regs,
- struct sigcontext_32 __user *usc)
+static bool ia32_restore_sigcontext(struct pt_regs *regs,
+ struct sigcontext_32 __user *usc)
{
struct sigcontext_32 sc;
@@ -66,7 +66,7 @@ static int ia32_restore_sigcontext(struc
current->restart_block.fn = do_no_restart_syscall;
if (unlikely(copy_from_user(&sc, usc, sizeof(sc))))
- return -EFAULT;
+ return false;
/* Get only the ia32 registers. */
regs->bx = sc.bx;
@@ -94,7 +94,7 @@ static int ia32_restore_sigcontext(struc
* normal case.
*/
reload_segments(&sc);
- return fpu__restore_sig(compat_ptr(sc.fpstate), 1);
+ return !fpu__restore_sig(compat_ptr(sc.fpstate), 1);
}
COMPAT_SYSCALL_DEFINE0(sigreturn)
@@ -111,7 +111,7 @@ COMPAT_SYSCALL_DEFINE0(sigreturn)
set_current_blocked(&set);
- if (ia32_restore_sigcontext(regs, &frame->sc))
+ if (!ia32_restore_sigcontext(regs, &frame->sc))
goto badframe;
return regs->ax;
@@ -135,7 +135,7 @@ COMPAT_SYSCALL_DEFINE0(rt_sigreturn)
set_current_blocked(&set);
- if (ia32_restore_sigcontext(regs, &frame->uc.uc_mcontext))
+ if (!ia32_restore_sigcontext(regs, &frame->uc.uc_mcontext))
goto badframe;
if (compat_restore_altstack(&frame->uc.uc_stack))
--- a/arch/x86/kernel/signal.c
+++ b/arch/x86/kernel/signal.c
@@ -79,9 +79,9 @@ static void force_valid_ss(struct pt_reg
# define CONTEXT_COPY_SIZE sizeof(struct sigcontext)
#endif
-static int restore_sigcontext(struct pt_regs *regs,
- struct sigcontext __user *usc,
- unsigned long uc_flags)
+static bool restore_sigcontext(struct pt_regs *regs,
+ struct sigcontext __user *usc,
+ unsigned long uc_flags)
{
struct sigcontext sc;
@@ -89,7 +89,7 @@ static int restore_sigcontext(struct pt_
current->restart_block.fn = do_no_restart_syscall;
if (copy_from_user(&sc, usc, CONTEXT_COPY_SIZE))
- return -EFAULT;
+ return false;
#ifdef CONFIG_X86_32
set_user_gs(regs, sc.gs);
@@ -136,8 +136,8 @@ static int restore_sigcontext(struct pt_
force_valid_ss(regs);
#endif
- return fpu__restore_sig((void __user *)sc.fpstate,
- IS_ENABLED(CONFIG_X86_32));
+ return !fpu__restore_sig((void __user *)sc.fpstate,
+ IS_ENABLED(CONFIG_X86_32));
}
static __always_inline int
@@ -641,7 +641,7 @@ SYSCALL_DEFINE0(sigreturn)
* x86_32 has no uc_flags bits relevant to restore_sigcontext.
* Save a few cycles by skipping the __get_user.
*/
- if (restore_sigcontext(regs, &frame->sc, 0))
+ if (!restore_sigcontext(regs, &frame->sc, 0))
goto badframe;
return regs->ax;
@@ -669,7 +669,7 @@ SYSCALL_DEFINE0(rt_sigreturn)
set_current_blocked(&set);
- if (restore_sigcontext(regs, &frame->uc.uc_mcontext, uc_flags))
+ if (!restore_sigcontext(regs, &frame->uc.uc_mcontext, uc_flags))
goto badframe;
if (restore_altstack(&frame->uc.uc_stack))
@@ -927,7 +927,7 @@ COMPAT_SYSCALL_DEFINE0(x32_rt_sigreturn)
set_current_blocked(&set);
- if (restore_sigcontext(regs, &frame->uc.uc_mcontext, uc_flags))
+ if (!restore_sigcontext(regs, &frame->uc.uc_mcontext, uc_flags))
goto badframe;
if (compat_restore_altstack(&frame->uc.uc_stack))
^ permalink raw reply [flat|nested] 47+ messages in thread
* [tip: x86/fpu] x86/signal: Change return type of restore_sigcontext() to boolean
2021-09-08 13:29 ` [patch V3 16/20] x86/signal: Change return type of restore_sigcontext() " Thomas Gleixner
@ 2021-09-14 19:19 ` tip-bot2 for Thomas Gleixner
0 siblings, 0 replies; 47+ messages in thread
From: tip-bot2 for Thomas Gleixner @ 2021-09-14 19:19 UTC (permalink / raw)
To: linux-tip-commits
Cc: Al Viro, Thomas Gleixner, Borislav Petkov, x86, linux-kernel
The following commit has been merged into the x86/fpu branch of tip:
Commit-ID: ee4ecdfbd28954086a09740dc931c10c93e39370
Gitweb: https://git.kernel.org/tip/ee4ecdfbd28954086a09740dc931c10c93e39370
Author: Thomas Gleixner <tglx@linutronix.de>
AuthorDate: Wed, 08 Sep 2021 15:29:35 +02:00
Committer: Borislav Petkov <bp@suse.de>
CommitterDate: Tue, 14 Sep 2021 21:10:03 +02:00
x86/signal: Change return type of restore_sigcontext() to boolean
None of the call sites cares about the return code. All they are interested
in is success or fail.
Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lkml.kernel.org/r/20210908132525.851280949@linutronix.de
---
arch/x86/ia32/ia32_signal.c | 12 ++++++------
arch/x86/kernel/signal.c | 18 +++++++++---------
2 files changed, 15 insertions(+), 15 deletions(-)
diff --git a/arch/x86/ia32/ia32_signal.c b/arch/x86/ia32/ia32_signal.c
index 023198e..0d6789b 100644
--- a/arch/x86/ia32/ia32_signal.c
+++ b/arch/x86/ia32/ia32_signal.c
@@ -57,8 +57,8 @@ static inline void reload_segments(struct sigcontext_32 *sc)
/*
* Do a signal return; undo the signal stack.
*/
-static int ia32_restore_sigcontext(struct pt_regs *regs,
- struct sigcontext_32 __user *usc)
+static bool ia32_restore_sigcontext(struct pt_regs *regs,
+ struct sigcontext_32 __user *usc)
{
struct sigcontext_32 sc;
@@ -66,7 +66,7 @@ static int ia32_restore_sigcontext(struct pt_regs *regs,
current->restart_block.fn = do_no_restart_syscall;
if (unlikely(copy_from_user(&sc, usc, sizeof(sc))))
- return -EFAULT;
+ return false;
/* Get only the ia32 registers. */
regs->bx = sc.bx;
@@ -94,7 +94,7 @@ static int ia32_restore_sigcontext(struct pt_regs *regs,
* normal case.
*/
reload_segments(&sc);
- return fpu__restore_sig(compat_ptr(sc.fpstate), 1);
+ return !fpu__restore_sig(compat_ptr(sc.fpstate), 1);
}
COMPAT_SYSCALL_DEFINE0(sigreturn)
@@ -111,7 +111,7 @@ COMPAT_SYSCALL_DEFINE0(sigreturn)
set_current_blocked(&set);
- if (ia32_restore_sigcontext(regs, &frame->sc))
+ if (!ia32_restore_sigcontext(regs, &frame->sc))
goto badframe;
return regs->ax;
@@ -135,7 +135,7 @@ COMPAT_SYSCALL_DEFINE0(rt_sigreturn)
set_current_blocked(&set);
- if (ia32_restore_sigcontext(regs, &frame->uc.uc_mcontext))
+ if (!ia32_restore_sigcontext(regs, &frame->uc.uc_mcontext))
goto badframe;
if (compat_restore_altstack(&frame->uc.uc_stack))
diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c
index 5f623a1..140b7b2 100644
--- a/arch/x86/kernel/signal.c
+++ b/arch/x86/kernel/signal.c
@@ -79,9 +79,9 @@ static void force_valid_ss(struct pt_regs *regs)
# define CONTEXT_COPY_SIZE sizeof(struct sigcontext)
#endif
-static int restore_sigcontext(struct pt_regs *regs,
- struct sigcontext __user *usc,
- unsigned long uc_flags)
+static bool restore_sigcontext(struct pt_regs *regs,
+ struct sigcontext __user *usc,
+ unsigned long uc_flags)
{
struct sigcontext sc;
@@ -89,7 +89,7 @@ static int restore_sigcontext(struct pt_regs *regs,
current->restart_block.fn = do_no_restart_syscall;
if (copy_from_user(&sc, usc, CONTEXT_COPY_SIZE))
- return -EFAULT;
+ return false;
#ifdef CONFIG_X86_32
set_user_gs(regs, sc.gs);
@@ -136,8 +136,8 @@ static int restore_sigcontext(struct pt_regs *regs,
force_valid_ss(regs);
#endif
- return fpu__restore_sig((void __user *)sc.fpstate,
- IS_ENABLED(CONFIG_X86_32));
+ return !fpu__restore_sig((void __user *)sc.fpstate,
+ IS_ENABLED(CONFIG_X86_32));
}
static __always_inline int
@@ -641,7 +641,7 @@ SYSCALL_DEFINE0(sigreturn)
* x86_32 has no uc_flags bits relevant to restore_sigcontext.
* Save a few cycles by skipping the __get_user.
*/
- if (restore_sigcontext(regs, &frame->sc, 0))
+ if (!restore_sigcontext(regs, &frame->sc, 0))
goto badframe;
return regs->ax;
@@ -669,7 +669,7 @@ SYSCALL_DEFINE0(rt_sigreturn)
set_current_blocked(&set);
- if (restore_sigcontext(regs, &frame->uc.uc_mcontext, uc_flags))
+ if (!restore_sigcontext(regs, &frame->uc.uc_mcontext, uc_flags))
goto badframe;
if (restore_altstack(&frame->uc.uc_stack))
@@ -927,7 +927,7 @@ COMPAT_SYSCALL_DEFINE0(x32_rt_sigreturn)
set_current_blocked(&set);
- if (restore_sigcontext(regs, &frame->uc.uc_mcontext, uc_flags))
+ if (!restore_sigcontext(regs, &frame->uc.uc_mcontext, uc_flags))
goto badframe;
if (compat_restore_altstack(&frame->uc.uc_stack))
^ permalink raw reply related [flat|nested] 47+ messages in thread
* [patch V3 17/20] x86/fpu/signal: Change return type of fpu__restore_sig() to boolean
2021-09-08 13:29 [patch V3 00/20] x86/fpu: Clean up exception fixups and error handling in sigframe related code Thomas Gleixner
` (15 preceding siblings ...)
2021-09-08 13:29 ` [patch V3 16/20] x86/signal: Change return type of restore_sigcontext() " Thomas Gleixner
@ 2021-09-08 13:29 ` Thomas Gleixner
2021-09-14 19:19 ` [tip: x86/fpu] " tip-bot2 for Thomas Gleixner
2021-09-08 13:29 ` [patch V3 18/20] x86/fpu/signal: Change return type of __fpu_restore_sig() " Thomas Gleixner
` (3 subsequent siblings)
20 siblings, 1 reply; 47+ messages in thread
From: Thomas Gleixner @ 2021-09-08 13:29 UTC (permalink / raw)
To: LKML
Cc: x86, Al Viro, Linus Torvalds, Tony Luck, Alexei Starovoitov,
Peter Ziljstra, Song Liu, Daniel Borkmann
None of the call sites cares about the error code. All they need to know is
whether the function succeeded or not.
Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
---
arch/x86/ia32/ia32_signal.c | 2 +-
arch/x86/include/asm/fpu/internal.h | 2 +-
arch/x86/kernel/fpu/signal.c | 22 ++++++++++------------
arch/x86/kernel/signal.c | 4 ++--
4 files changed, 14 insertions(+), 16 deletions(-)
--- a/arch/x86/ia32/ia32_signal.c
+++ b/arch/x86/ia32/ia32_signal.c
@@ -94,7 +94,7 @@ static bool ia32_restore_sigcontext(stru
* normal case.
*/
reload_segments(&sc);
- return !fpu__restore_sig(compat_ptr(sc.fpstate), 1);
+ return fpu__restore_sig(compat_ptr(sc.fpstate), 1);
}
COMPAT_SYSCALL_DEFINE0(sigreturn)
--- a/arch/x86/include/asm/fpu/internal.h
+++ b/arch/x86/include/asm/fpu/internal.h
@@ -26,7 +26,7 @@
/*
* High level FPU state handling functions:
*/
-extern int fpu__restore_sig(void __user *buf, int ia32_frame);
+extern bool fpu__restore_sig(void __user *buf, int ia32_frame);
extern void fpu__drop(struct fpu *fpu);
extern void fpu__clear_user_states(struct fpu *fpu);
extern int fpu__exception_code(struct fpu *fpu, int trap_nr);
--- a/arch/x86/kernel/fpu/signal.c
+++ b/arch/x86/kernel/fpu/signal.c
@@ -434,17 +434,17 @@ static inline int xstate_sigframe_size(v
/*
* Restore FPU state from a sigframe:
*/
-int fpu__restore_sig(void __user *buf, int ia32_frame)
+bool fpu__restore_sig(void __user *buf, int ia32_frame)
{
unsigned int size = xstate_sigframe_size();
struct fpu *fpu = ¤t->thread.fpu;
void __user *buf_fx = buf;
bool ia32_fxstate = false;
- int ret;
+ bool success = false;
if (unlikely(!buf)) {
fpu__clear_user_states(fpu);
- return 0;
+ return true;
}
ia32_frame &= (IS_ENABLED(CONFIG_X86_32) ||
@@ -460,23 +460,21 @@ int fpu__restore_sig(void __user *buf, i
ia32_fxstate = true;
}
- if (!access_ok(buf, size)) {
- ret = -EACCES;
+ if (!access_ok(buf, size))
goto out;
- }
if (!IS_ENABLED(CONFIG_X86_64) && !cpu_feature_enabled(X86_FEATURE_FPU)) {
- ret = fpregs_soft_set(current, NULL, 0,
- sizeof(struct user_i387_ia32_struct),
- NULL, buf);
+ success = !fpregs_soft_set(current, NULL, 0,
+ sizeof(struct user_i387_ia32_struct),
+ NULL, buf);
} else {
- ret = __fpu_restore_sig(buf, buf_fx, ia32_fxstate);
+ success = !__fpu_restore_sig(buf, buf_fx, ia32_fxstate);
}
out:
- if (unlikely(ret))
+ if (unlikely(!success))
fpu__clear_user_states(fpu);
- return ret;
+ return success;
}
unsigned long
--- a/arch/x86/kernel/signal.c
+++ b/arch/x86/kernel/signal.c
@@ -136,8 +136,8 @@ static bool restore_sigcontext(struct pt
force_valid_ss(regs);
#endif
- return !fpu__restore_sig((void __user *)sc.fpstate,
- IS_ENABLED(CONFIG_X86_32));
+ return fpu__restore_sig((void __user *)sc.fpstate,
+ IS_ENABLED(CONFIG_X86_32));
}
static __always_inline int
^ permalink raw reply [flat|nested] 47+ messages in thread
* [tip: x86/fpu] x86/fpu/signal: Change return type of fpu__restore_sig() to boolean
2021-09-08 13:29 ` [patch V3 17/20] x86/fpu/signal: Change return type of fpu__restore_sig() " Thomas Gleixner
@ 2021-09-14 19:19 ` tip-bot2 for Thomas Gleixner
0 siblings, 0 replies; 47+ messages in thread
From: tip-bot2 for Thomas Gleixner @ 2021-09-14 19:19 UTC (permalink / raw)
To: linux-tip-commits
Cc: Al Viro, Thomas Gleixner, Borislav Petkov, x86, linux-kernel
The following commit has been merged into the x86/fpu branch of tip:
Commit-ID: f3305be5feecae62adfa5a6a1441a76493fe7412
Gitweb: https://git.kernel.org/tip/f3305be5feecae62adfa5a6a1441a76493fe7412
Author: Thomas Gleixner <tglx@linutronix.de>
AuthorDate: Wed, 08 Sep 2021 15:29:37 +02:00
Committer: Borislav Petkov <bp@suse.de>
CommitterDate: Tue, 14 Sep 2021 21:10:03 +02:00
x86/fpu/signal: Change return type of fpu__restore_sig() to boolean
None of the call sites cares about the error code. All they need to know is
whether the function succeeded or not.
Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lkml.kernel.org/r/20210908132525.909065931@linutronix.de
---
arch/x86/ia32/ia32_signal.c | 2 +-
arch/x86/include/asm/fpu/internal.h | 2 +-
arch/x86/kernel/fpu/signal.c | 22 ++++++++++------------
arch/x86/kernel/signal.c | 4 ++--
4 files changed, 14 insertions(+), 16 deletions(-)
diff --git a/arch/x86/ia32/ia32_signal.c b/arch/x86/ia32/ia32_signal.c
index 0d6789b..828ab0a 100644
--- a/arch/x86/ia32/ia32_signal.c
+++ b/arch/x86/ia32/ia32_signal.c
@@ -94,7 +94,7 @@ static bool ia32_restore_sigcontext(struct pt_regs *regs,
* normal case.
*/
reload_segments(&sc);
- return !fpu__restore_sig(compat_ptr(sc.fpstate), 1);
+ return fpu__restore_sig(compat_ptr(sc.fpstate), 1);
}
COMPAT_SYSCALL_DEFINE0(sigreturn)
diff --git a/arch/x86/include/asm/fpu/internal.h b/arch/x86/include/asm/fpu/internal.h
index 74aa53e..89960e4 100644
--- a/arch/x86/include/asm/fpu/internal.h
+++ b/arch/x86/include/asm/fpu/internal.h
@@ -26,7 +26,7 @@
/*
* High level FPU state handling functions:
*/
-extern int fpu__restore_sig(void __user *buf, int ia32_frame);
+extern bool fpu__restore_sig(void __user *buf, int ia32_frame);
extern void fpu__drop(struct fpu *fpu);
extern void fpu__clear_user_states(struct fpu *fpu);
extern int fpu__exception_code(struct fpu *fpu, int trap_nr);
diff --git a/arch/x86/kernel/fpu/signal.c b/arch/x86/kernel/fpu/signal.c
index 1d10fe9..d418d28 100644
--- a/arch/x86/kernel/fpu/signal.c
+++ b/arch/x86/kernel/fpu/signal.c
@@ -433,17 +433,17 @@ static inline int xstate_sigframe_size(void)
/*
* Restore FPU state from a sigframe:
*/
-int fpu__restore_sig(void __user *buf, int ia32_frame)
+bool fpu__restore_sig(void __user *buf, int ia32_frame)
{
unsigned int size = xstate_sigframe_size();
struct fpu *fpu = ¤t->thread.fpu;
void __user *buf_fx = buf;
bool ia32_fxstate = false;
- int ret;
+ bool success = false;
if (unlikely(!buf)) {
fpu__clear_user_states(fpu);
- return 0;
+ return true;
}
ia32_frame &= (IS_ENABLED(CONFIG_X86_32) ||
@@ -459,23 +459,21 @@ int fpu__restore_sig(void __user *buf, int ia32_frame)
ia32_fxstate = true;
}
- if (!access_ok(buf, size)) {
- ret = -EACCES;
+ if (!access_ok(buf, size))
goto out;
- }
if (!IS_ENABLED(CONFIG_X86_64) && !cpu_feature_enabled(X86_FEATURE_FPU)) {
- ret = fpregs_soft_set(current, NULL, 0,
- sizeof(struct user_i387_ia32_struct),
- NULL, buf);
+ success = !fpregs_soft_set(current, NULL, 0,
+ sizeof(struct user_i387_ia32_struct),
+ NULL, buf);
} else {
- ret = __fpu_restore_sig(buf, buf_fx, ia32_fxstate);
+ success = !__fpu_restore_sig(buf, buf_fx, ia32_fxstate);
}
out:
- if (unlikely(ret))
+ if (unlikely(!success))
fpu__clear_user_states(fpu);
- return ret;
+ return success;
}
unsigned long
diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c
index 140b7b2..02ee68e 100644
--- a/arch/x86/kernel/signal.c
+++ b/arch/x86/kernel/signal.c
@@ -136,8 +136,8 @@ static bool restore_sigcontext(struct pt_regs *regs,
force_valid_ss(regs);
#endif
- return !fpu__restore_sig((void __user *)sc.fpstate,
- IS_ENABLED(CONFIG_X86_32));
+ return fpu__restore_sig((void __user *)sc.fpstate,
+ IS_ENABLED(CONFIG_X86_32));
}
static __always_inline int
^ permalink raw reply related [flat|nested] 47+ messages in thread
* [patch V3 18/20] x86/fpu/signal: Change return type of __fpu_restore_sig() to boolean
2021-09-08 13:29 [patch V3 00/20] x86/fpu: Clean up exception fixups and error handling in sigframe related code Thomas Gleixner
` (16 preceding siblings ...)
2021-09-08 13:29 ` [patch V3 17/20] x86/fpu/signal: Change return type of fpu__restore_sig() " Thomas Gleixner
@ 2021-09-08 13:29 ` Thomas Gleixner
2021-09-14 19:19 ` [tip: x86/fpu] " tip-bot2 for Thomas Gleixner
2021-09-08 13:29 ` [patch V3 19/20] x86/fpu/signal: Change return code of check_xstate_in_sigframe() " Thomas Gleixner
` (2 subsequent siblings)
20 siblings, 1 reply; 47+ messages in thread
From: Thomas Gleixner @ 2021-09-08 13:29 UTC (permalink / raw)
To: LKML
Cc: x86, Al Viro, Linus Torvalds, Tony Luck, Alexei Starovoitov,
Peter Ziljstra, Song Liu, Daniel Borkmann
Now that fpu__restore_sig() returns a boolean get rid of the individual
error codes in __fpu_restore_sig() as well.
Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
---
arch/x86/kernel/fpu/signal.c | 41 ++++++++++++++++++++---------------------
1 file changed, 20 insertions(+), 21 deletions(-)
--- a/arch/x86/kernel/fpu/signal.c
+++ b/arch/x86/kernel/fpu/signal.c
@@ -310,8 +310,8 @@ static int restore_fpregs_from_user(void
return 0;
}
-static int __fpu_restore_sig(void __user *buf, void __user *buf_fx,
- bool ia32_fxstate)
+static bool __fpu_restore_sig(void __user *buf, void __user *buf_fx,
+ bool ia32_fxstate)
{
int state_size = fpu_kernel_xstate_size;
struct task_struct *tsk = current;
@@ -319,14 +319,14 @@ static int __fpu_restore_sig(void __user
struct user_i387_ia32_struct env;
u64 user_xfeatures = 0;
bool fx_only = false;
- int ret;
+ bool success;
+
if (use_xsave()) {
struct _fpx_sw_bytes fx_sw_user;
- ret = check_xstate_in_sigframe(buf_fx, &fx_sw_user);
- if (unlikely(ret))
- return ret;
+ if (check_xstate_in_sigframe(buf_fx, &fx_sw_user))
+ return false;
fx_only = !fx_sw_user.magic1;
state_size = fx_sw_user.xstate_size;
@@ -342,8 +342,8 @@ static int __fpu_restore_sig(void __user
* faults. If it does, fall back to the slow path below, going
* through the kernel buffer with the enabled pagefault handler.
*/
- return restore_fpregs_from_user(buf_fx, user_xfeatures, fx_only,
- state_size);
+ return !restore_fpregs_from_user(buf_fx, user_xfeatures, fx_only,
+ state_size);
}
/*
@@ -351,9 +351,8 @@ static int __fpu_restore_sig(void __user
* to be ignored for histerical raisins. The legacy state is folded
* in once the larger state has been copied.
*/
- ret = __copy_from_user(&env, buf, sizeof(env));
- if (ret)
- return ret;
+ if (__copy_from_user(&env, buf, sizeof(env)))
+ return false;
/*
* By setting TIF_NEED_FPU_LOAD it is ensured that our xstate is
@@ -380,17 +379,16 @@ static int __fpu_restore_sig(void __user
fpregs_unlock();
if (use_xsave() && !fx_only) {
- ret = copy_sigframe_from_user_to_xstate(&fpu->state.xsave, buf_fx);
- if (ret)
- return ret;
+ if (copy_sigframe_from_user_to_xstate(&fpu->state.xsave, buf_fx))
+ return false;
} else {
if (__copy_from_user(&fpu->state.fxsave, buf_fx,
sizeof(fpu->state.fxsave)))
- return -EFAULT;
+ return false;
/* Reject invalid MXCSR values. */
if (fpu->state.fxsave.mxcsr & ~mxcsr_feature_mask)
- return -EINVAL;
+ return false;
/* Enforce XFEATURE_MASK_FPSSE when XSAVE is enabled */
if (use_xsave())
@@ -414,17 +412,18 @@ static int __fpu_restore_sig(void __user
u64 mask = user_xfeatures | xfeatures_mask_supervisor();
fpu->state.xsave.header.xfeatures &= mask;
- ret = os_xrstor_safe(&fpu->state.xsave, xfeatures_mask_all) ? -EINVAL : 0;
+ success = !os_xrstor_safe(&fpu->state.xsave, xfeatures_mask_all);
} else {
- ret = fxrstor_safe(&fpu->state.fxsave);
+ success = !fxrstor_safe(&fpu->state.fxsave);
}
- if (likely(!ret))
+ if (likely(success))
fpregs_mark_activate();
fpregs_unlock();
- return ret;
+ return success;
}
+
static inline int xstate_sigframe_size(void)
{
return use_xsave() ? fpu_user_xstate_size + FP_XSTATE_MAGIC2_SIZE :
@@ -468,7 +467,7 @@ bool fpu__restore_sig(void __user *buf,
sizeof(struct user_i387_ia32_struct),
NULL, buf);
} else {
- success = !__fpu_restore_sig(buf, buf_fx, ia32_fxstate);
+ success = __fpu_restore_sig(buf, buf_fx, ia32_fxstate);
}
out:
^ permalink raw reply [flat|nested] 47+ messages in thread
* [tip: x86/fpu] x86/fpu/signal: Change return type of __fpu_restore_sig() to boolean
2021-09-08 13:29 ` [patch V3 18/20] x86/fpu/signal: Change return type of __fpu_restore_sig() " Thomas Gleixner
@ 2021-09-14 19:19 ` tip-bot2 for Thomas Gleixner
0 siblings, 0 replies; 47+ messages in thread
From: tip-bot2 for Thomas Gleixner @ 2021-09-14 19:19 UTC (permalink / raw)
To: linux-tip-commits
Cc: Al Viro, Thomas Gleixner, Borislav Petkov, x86, linux-kernel
The following commit has been merged into the x86/fpu branch of tip:
Commit-ID: 1193f408cd5140f2cfd38c7e60a2d39d39cd485f
Gitweb: https://git.kernel.org/tip/1193f408cd5140f2cfd38c7e60a2d39d39cd485f
Author: Thomas Gleixner <tglx@linutronix.de>
AuthorDate: Wed, 08 Sep 2021 15:29:38 +02:00
Committer: Borislav Petkov <bp@suse.de>
CommitterDate: Tue, 14 Sep 2021 21:10:03 +02:00
x86/fpu/signal: Change return type of __fpu_restore_sig() to boolean
Now that fpu__restore_sig() returns a boolean get rid of the individual
error codes in __fpu_restore_sig() as well.
Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lkml.kernel.org/r/20210908132525.966197097@linutronix.de
---
arch/x86/kernel/fpu/signal.c | 41 +++++++++++++++++------------------
1 file changed, 20 insertions(+), 21 deletions(-)
diff --git a/arch/x86/kernel/fpu/signal.c b/arch/x86/kernel/fpu/signal.c
index d418d28..912d770 100644
--- a/arch/x86/kernel/fpu/signal.c
+++ b/arch/x86/kernel/fpu/signal.c
@@ -309,8 +309,8 @@ retry:
return 0;
}
-static int __fpu_restore_sig(void __user *buf, void __user *buf_fx,
- bool ia32_fxstate)
+static bool __fpu_restore_sig(void __user *buf, void __user *buf_fx,
+ bool ia32_fxstate)
{
int state_size = fpu_kernel_xstate_size;
struct task_struct *tsk = current;
@@ -318,14 +318,14 @@ static int __fpu_restore_sig(void __user *buf, void __user *buf_fx,
struct user_i387_ia32_struct env;
u64 user_xfeatures = 0;
bool fx_only = false;
- int ret;
+ bool success;
+
if (use_xsave()) {
struct _fpx_sw_bytes fx_sw_user;
- ret = check_xstate_in_sigframe(buf_fx, &fx_sw_user);
- if (unlikely(ret))
- return ret;
+ if (check_xstate_in_sigframe(buf_fx, &fx_sw_user))
+ return false;
fx_only = !fx_sw_user.magic1;
state_size = fx_sw_user.xstate_size;
@@ -341,8 +341,8 @@ static int __fpu_restore_sig(void __user *buf, void __user *buf_fx,
* faults. If it does, fall back to the slow path below, going
* through the kernel buffer with the enabled pagefault handler.
*/
- return restore_fpregs_from_user(buf_fx, user_xfeatures, fx_only,
- state_size);
+ return !restore_fpregs_from_user(buf_fx, user_xfeatures, fx_only,
+ state_size);
}
/*
@@ -350,9 +350,8 @@ static int __fpu_restore_sig(void __user *buf, void __user *buf_fx,
* to be ignored for histerical raisins. The legacy state is folded
* in once the larger state has been copied.
*/
- ret = __copy_from_user(&env, buf, sizeof(env));
- if (ret)
- return ret;
+ if (__copy_from_user(&env, buf, sizeof(env)))
+ return false;
/*
* By setting TIF_NEED_FPU_LOAD it is ensured that our xstate is
@@ -379,17 +378,16 @@ static int __fpu_restore_sig(void __user *buf, void __user *buf_fx,
fpregs_unlock();
if (use_xsave() && !fx_only) {
- ret = copy_sigframe_from_user_to_xstate(&fpu->state.xsave, buf_fx);
- if (ret)
- return ret;
+ if (copy_sigframe_from_user_to_xstate(&fpu->state.xsave, buf_fx))
+ return false;
} else {
if (__copy_from_user(&fpu->state.fxsave, buf_fx,
sizeof(fpu->state.fxsave)))
- return -EFAULT;
+ return false;
/* Reject invalid MXCSR values. */
if (fpu->state.fxsave.mxcsr & ~mxcsr_feature_mask)
- return -EINVAL;
+ return false;
/* Enforce XFEATURE_MASK_FPSSE when XSAVE is enabled */
if (use_xsave())
@@ -413,17 +411,18 @@ static int __fpu_restore_sig(void __user *buf, void __user *buf_fx,
u64 mask = user_xfeatures | xfeatures_mask_supervisor();
fpu->state.xsave.header.xfeatures &= mask;
- ret = os_xrstor_safe(&fpu->state.xsave, xfeatures_mask_all) ? -EINVAL : 0;
+ success = !os_xrstor_safe(&fpu->state.xsave, xfeatures_mask_all);
} else {
- ret = fxrstor_safe(&fpu->state.fxsave);
+ success = !fxrstor_safe(&fpu->state.fxsave);
}
- if (likely(!ret))
+ if (likely(success))
fpregs_mark_activate();
fpregs_unlock();
- return ret;
+ return success;
}
+
static inline int xstate_sigframe_size(void)
{
return use_xsave() ? fpu_user_xstate_size + FP_XSTATE_MAGIC2_SIZE :
@@ -467,7 +466,7 @@ bool fpu__restore_sig(void __user *buf, int ia32_frame)
sizeof(struct user_i387_ia32_struct),
NULL, buf);
} else {
- success = !__fpu_restore_sig(buf, buf_fx, ia32_fxstate);
+ success = __fpu_restore_sig(buf, buf_fx, ia32_fxstate);
}
out:
^ permalink raw reply related [flat|nested] 47+ messages in thread
* [patch V3 19/20] x86/fpu/signal: Change return code of check_xstate_in_sigframe() to boolean
2021-09-08 13:29 [patch V3 00/20] x86/fpu: Clean up exception fixups and error handling in sigframe related code Thomas Gleixner
` (17 preceding siblings ...)
2021-09-08 13:29 ` [patch V3 18/20] x86/fpu/signal: Change return type of __fpu_restore_sig() " Thomas Gleixner
@ 2021-09-08 13:29 ` Thomas Gleixner
2021-09-14 19:19 ` [tip: x86/fpu] " tip-bot2 for Thomas Gleixner
2021-09-08 13:29 ` [patch V3 20/20] x86/fpu/signal: Change return code of restore_fpregs_from_user() " Thomas Gleixner
2021-09-08 15:57 ` [patch V3 00/20] x86/fpu: Clean up exception fixups and error handling in sigframe related code Luck, Tony
20 siblings, 1 reply; 47+ messages in thread
From: Thomas Gleixner @ 2021-09-08 13:29 UTC (permalink / raw)
To: LKML
Cc: x86, Al Viro, Linus Torvalds, Tony Luck, Alexei Starovoitov,
Peter Ziljstra, Song Liu, Daniel Borkmann
__fpu_sig_restore() only needs success/fail information and no detailed
error code.
Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
---
arch/x86/kernel/fpu/signal.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
--- a/arch/x86/kernel/fpu/signal.c
+++ b/arch/x86/kernel/fpu/signal.c
@@ -23,8 +23,8 @@ static struct _fpx_sw_bytes fx_sw_reserv
* Check for the presence of extended state information in the
* user fpstate pointer in the sigcontext.
*/
-static inline int check_xstate_in_sigframe(struct fxregs_state __user *fxbuf,
- struct _fpx_sw_bytes *fx_sw)
+static inline bool check_xstate_in_sigframe(struct fxregs_state __user *fxbuf,
+ struct _fpx_sw_bytes *fx_sw)
{
int min_xstate_size = sizeof(struct fxregs_state) +
sizeof(struct xstate_header);
@@ -32,7 +32,7 @@ static inline int check_xstate_in_sigfra
unsigned int magic2;
if (__copy_from_user(fx_sw, &fxbuf->sw_reserved[0], sizeof(*fx_sw)))
- return -EFAULT;
+ return false;
/* Check for the first magic field and other error scenarios. */
if (fx_sw->magic1 != FP_XSTATE_MAGIC1 ||
@@ -48,10 +48,10 @@ static inline int check_xstate_in_sigfra
* in the memory layout.
*/
if (__get_user(magic2, (__u32 __user *)(fpstate + fx_sw->xstate_size)))
- return -EFAULT;
+ return false;
if (likely(magic2 == FP_XSTATE_MAGIC2))
- return 0;
+ return true;
setfx:
trace_x86_fpu_xstate_check_failed(¤t->thread.fpu);
@@ -59,7 +59,7 @@ static inline int check_xstate_in_sigfra
fx_sw->magic1 = 0;
fx_sw->xstate_size = sizeof(struct fxregs_state);
fx_sw->xfeatures = XFEATURE_MASK_FPSSE;
- return 0;
+ return true;
}
/*
@@ -325,7 +325,7 @@ static bool __fpu_restore_sig(void __use
if (use_xsave()) {
struct _fpx_sw_bytes fx_sw_user;
- if (check_xstate_in_sigframe(buf_fx, &fx_sw_user))
+ if (!check_xstate_in_sigframe(buf_fx, &fx_sw_user))
return false;
fx_only = !fx_sw_user.magic1;
^ permalink raw reply [flat|nested] 47+ messages in thread
* [tip: x86/fpu] x86/fpu/signal: Change return code of check_xstate_in_sigframe() to boolean
2021-09-08 13:29 ` [patch V3 19/20] x86/fpu/signal: Change return code of check_xstate_in_sigframe() " Thomas Gleixner
@ 2021-09-14 19:19 ` tip-bot2 for Thomas Gleixner
0 siblings, 0 replies; 47+ messages in thread
From: tip-bot2 for Thomas Gleixner @ 2021-09-14 19:19 UTC (permalink / raw)
To: linux-tip-commits
Cc: Al Viro, Thomas Gleixner, Borislav Petkov, x86, linux-kernel
The following commit has been merged into the x86/fpu branch of tip:
Commit-ID: be0040144152ed834c369a7830487e5ee4f27080
Gitweb: https://git.kernel.org/tip/be0040144152ed834c369a7830487e5ee4f27080
Author: Thomas Gleixner <tglx@linutronix.de>
AuthorDate: Wed, 08 Sep 2021 15:29:40 +02:00
Committer: Borislav Petkov <bp@suse.de>
CommitterDate: Tue, 14 Sep 2021 21:10:04 +02:00
x86/fpu/signal: Change return code of check_xstate_in_sigframe() to boolean
__fpu_sig_restore() only needs success/fail information and no detailed
error code.
Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lkml.kernel.org/r/20210908132526.024024598@linutronix.de
---
arch/x86/kernel/fpu/signal.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/arch/x86/kernel/fpu/signal.c b/arch/x86/kernel/fpu/signal.c
index 912d770..2bd4d51 100644
--- a/arch/x86/kernel/fpu/signal.c
+++ b/arch/x86/kernel/fpu/signal.c
@@ -23,8 +23,8 @@ static struct _fpx_sw_bytes fx_sw_reserved_ia32 __ro_after_init;
* Check for the presence of extended state information in the
* user fpstate pointer in the sigcontext.
*/
-static inline int check_xstate_in_sigframe(struct fxregs_state __user *fxbuf,
- struct _fpx_sw_bytes *fx_sw)
+static inline bool check_xstate_in_sigframe(struct fxregs_state __user *fxbuf,
+ struct _fpx_sw_bytes *fx_sw)
{
int min_xstate_size = sizeof(struct fxregs_state) +
sizeof(struct xstate_header);
@@ -32,7 +32,7 @@ static inline int check_xstate_in_sigframe(struct fxregs_state __user *fxbuf,
unsigned int magic2;
if (__copy_from_user(fx_sw, &fxbuf->sw_reserved[0], sizeof(*fx_sw)))
- return -EFAULT;
+ return false;
/* Check for the first magic field and other error scenarios. */
if (fx_sw->magic1 != FP_XSTATE_MAGIC1 ||
@@ -48,10 +48,10 @@ static inline int check_xstate_in_sigframe(struct fxregs_state __user *fxbuf,
* in the memory layout.
*/
if (__get_user(magic2, (__u32 __user *)(fpstate + fx_sw->xstate_size)))
- return -EFAULT;
+ return false;
if (likely(magic2 == FP_XSTATE_MAGIC2))
- return 0;
+ return true;
setfx:
trace_x86_fpu_xstate_check_failed(¤t->thread.fpu);
@@ -59,7 +59,7 @@ setfx:
fx_sw->magic1 = 0;
fx_sw->xstate_size = sizeof(struct fxregs_state);
fx_sw->xfeatures = XFEATURE_MASK_FPSSE;
- return 0;
+ return true;
}
/*
@@ -324,7 +324,7 @@ static bool __fpu_restore_sig(void __user *buf, void __user *buf_fx,
if (use_xsave()) {
struct _fpx_sw_bytes fx_sw_user;
- if (check_xstate_in_sigframe(buf_fx, &fx_sw_user))
+ if (!check_xstate_in_sigframe(buf_fx, &fx_sw_user))
return false;
fx_only = !fx_sw_user.magic1;
^ permalink raw reply related [flat|nested] 47+ messages in thread
* [patch V3 20/20] x86/fpu/signal: Change return code of restore_fpregs_from_user() to boolean
2021-09-08 13:29 [patch V3 00/20] x86/fpu: Clean up exception fixups and error handling in sigframe related code Thomas Gleixner
` (18 preceding siblings ...)
2021-09-08 13:29 ` [patch V3 19/20] x86/fpu/signal: Change return code of check_xstate_in_sigframe() " Thomas Gleixner
@ 2021-09-08 13:29 ` Thomas Gleixner
2021-09-14 19:19 ` [tip: x86/fpu] " tip-bot2 for Thomas Gleixner
2021-09-08 15:57 ` [patch V3 00/20] x86/fpu: Clean up exception fixups and error handling in sigframe related code Luck, Tony
20 siblings, 1 reply; 47+ messages in thread
From: Thomas Gleixner @ 2021-09-08 13:29 UTC (permalink / raw)
To: LKML
Cc: x86, Al Viro, Linus Torvalds, Tony Luck, Alexei Starovoitov,
Peter Ziljstra, Song Liu, Daniel Borkmann
__fpu_sig_restore() only needs information about success or fail and no
real error code.
This cleans up the confusing conversion of the trap number, which is
returned by the *RSTOR() exception fixups, to an error code.
Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
---
arch/x86/kernel/fpu/signal.c | 17 ++++++++---------
1 file changed, 8 insertions(+), 9 deletions(-)
--- a/arch/x86/kernel/fpu/signal.c
+++ b/arch/x86/kernel/fpu/signal.c
@@ -255,8 +255,8 @@ static int __restore_fpregs_from_user(vo
* Attempt to restore the FPU registers directly from user memory.
* Pagefaults are handled and any errors returned are fatal.
*/
-static int restore_fpregs_from_user(void __user *buf, u64 xrestore,
- bool fx_only, unsigned int size)
+static bool restore_fpregs_from_user(void __user *buf, u64 xrestore,
+ bool fx_only, unsigned int size)
{
struct fpu *fpu = ¤t->thread.fpu;
int ret;
@@ -285,12 +285,11 @@ static int restore_fpregs_from_user(void
/* Try to handle #PF, but anything else is fatal. */
if (ret != X86_TRAP_PF)
- return -EINVAL;
+ return false;
- ret = fault_in_pages_readable(buf, size);
- if (!ret)
+ if (!fault_in_pages_readable(buf, size))
goto retry;
- return ret;
+ return false;
}
/*
@@ -307,7 +306,7 @@ static int restore_fpregs_from_user(void
fpregs_mark_activate();
fpregs_unlock();
- return 0;
+ return true;
}
static bool __fpu_restore_sig(void __user *buf, void __user *buf_fx,
@@ -342,8 +341,8 @@ static bool __fpu_restore_sig(void __use
* faults. If it does, fall back to the slow path below, going
* through the kernel buffer with the enabled pagefault handler.
*/
- return !restore_fpregs_from_user(buf_fx, user_xfeatures, fx_only,
- state_size);
+ return restore_fpregs_from_user(buf_fx, user_xfeatures, fx_only,
+ state_size);
}
/*
^ permalink raw reply [flat|nested] 47+ messages in thread
* [tip: x86/fpu] x86/fpu/signal: Change return code of restore_fpregs_from_user() to boolean
2021-09-08 13:29 ` [patch V3 20/20] x86/fpu/signal: Change return code of restore_fpregs_from_user() " Thomas Gleixner
@ 2021-09-14 19:19 ` tip-bot2 for Thomas Gleixner
0 siblings, 0 replies; 47+ messages in thread
From: tip-bot2 for Thomas Gleixner @ 2021-09-14 19:19 UTC (permalink / raw)
To: linux-tip-commits
Cc: Al Viro, Thomas Gleixner, Borislav Petkov, x86, linux-kernel
The following commit has been merged into the x86/fpu branch of tip:
Commit-ID: a2a8fd9a3efd8d22ee14a441e9e78cf5c998e69a
Gitweb: https://git.kernel.org/tip/a2a8fd9a3efd8d22ee14a441e9e78cf5c998e69a
Author: Thomas Gleixner <tglx@linutronix.de>
AuthorDate: Wed, 08 Sep 2021 15:29:41 +02:00
Committer: Borislav Petkov <bp@suse.de>
CommitterDate: Tue, 14 Sep 2021 21:10:04 +02:00
x86/fpu/signal: Change return code of restore_fpregs_from_user() to boolean
__fpu_sig_restore() only needs information about success or fail and no
real error code.
This cleans up the confusing conversion of the trap number, which is
returned by the *RSTOR() exception fixups, to an error code.
Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lkml.kernel.org/r/20210908132526.084109938@linutronix.de
---
arch/x86/kernel/fpu/signal.c | 17 ++++++++---------
1 file changed, 8 insertions(+), 9 deletions(-)
diff --git a/arch/x86/kernel/fpu/signal.c b/arch/x86/kernel/fpu/signal.c
index 2bd4d51..68f03da 100644
--- a/arch/x86/kernel/fpu/signal.c
+++ b/arch/x86/kernel/fpu/signal.c
@@ -254,8 +254,8 @@ static int __restore_fpregs_from_user(void __user *buf, u64 xrestore,
* Attempt to restore the FPU registers directly from user memory.
* Pagefaults are handled and any errors returned are fatal.
*/
-static int restore_fpregs_from_user(void __user *buf, u64 xrestore,
- bool fx_only, unsigned int size)
+static bool restore_fpregs_from_user(void __user *buf, u64 xrestore,
+ bool fx_only, unsigned int size)
{
struct fpu *fpu = ¤t->thread.fpu;
int ret;
@@ -284,12 +284,11 @@ retry:
/* Try to handle #PF, but anything else is fatal. */
if (ret != X86_TRAP_PF)
- return -EINVAL;
+ return false;
- ret = fault_in_pages_readable(buf, size);
- if (!ret)
+ if (!fault_in_pages_readable(buf, size))
goto retry;
- return ret;
+ return false;
}
/*
@@ -306,7 +305,7 @@ retry:
fpregs_mark_activate();
fpregs_unlock();
- return 0;
+ return true;
}
static bool __fpu_restore_sig(void __user *buf, void __user *buf_fx,
@@ -341,8 +340,8 @@ static bool __fpu_restore_sig(void __user *buf, void __user *buf_fx,
* faults. If it does, fall back to the slow path below, going
* through the kernel buffer with the enabled pagefault handler.
*/
- return !restore_fpregs_from_user(buf_fx, user_xfeatures, fx_only,
- state_size);
+ return restore_fpregs_from_user(buf_fx, user_xfeatures, fx_only,
+ state_size);
}
/*
^ permalink raw reply related [flat|nested] 47+ messages in thread
* RE: [patch V3 00/20] x86/fpu: Clean up exception fixups and error handling in sigframe related code
2021-09-08 13:29 [patch V3 00/20] x86/fpu: Clean up exception fixups and error handling in sigframe related code Thomas Gleixner
` (19 preceding siblings ...)
2021-09-08 13:29 ` [patch V3 20/20] x86/fpu/signal: Change return code of restore_fpregs_from_user() " Thomas Gleixner
@ 2021-09-08 15:57 ` Luck, Tony
2021-09-08 17:01 ` Luck, Tony
20 siblings, 1 reply; 47+ messages in thread
From: Luck, Tony @ 2021-09-08 15:57 UTC (permalink / raw)
To: Thomas Gleixner, LKML
Cc: x86, Al Viro, Linus Torvalds, Alexei Starovoitov, Peter Ziljstra,
Song Liu, Daniel Borkmann
> Changes vs. V2 [2]:
>
> - Fix the bogus left over check for #PF which causes boot failures
Much better. This version boots. Machine check recovery works as well as it did before
(user triggered machine checks are fine, kernel triggered ones are ok where they were
before and still trigger infinite loops where they did before).
-Tony
^ permalink raw reply [flat|nested] 47+ messages in thread
* RE: [patch V3 00/20] x86/fpu: Clean up exception fixups and error handling in sigframe related code
2021-09-08 15:57 ` [patch V3 00/20] x86/fpu: Clean up exception fixups and error handling in sigframe related code Luck, Tony
@ 2021-09-08 17:01 ` Luck, Tony
0 siblings, 0 replies; 47+ messages in thread
From: Luck, Tony @ 2021-09-08 17:01 UTC (permalink / raw)
To: Thomas Gleixner, LKML
Cc: x86, Al Viro, Linus Torvalds, Alexei Starovoitov, Peter Ziljstra,
Song Liu, Daniel Borkmann
> Much better. This version boots. Machine check recovery works as well as it did before
> (user triggered machine checks are fine, kernel triggered ones are ok where they were
> before and still trigger infinite loops where they did before).
With these three patches:
https://lore.kernel.org/all/20210818002942.1607544-1-tony.luck@intel.com/
on top of your series the infinite loops are fixed (first patch).
Other two patches fix my write(2) test which does:
ret = write(fd, buf, 512);
Where I have injected poison at some offset within "buf".
If the poison is at the start of buf I get ret == -1 with errno == -EFAULT.
If the poison is at a non-zero offset, the the bytes up to the poison
are written to the file and "ret" tells you how many were written.
-Tony
^ permalink raw reply [flat|nested] 47+ messages in thread