From: Thomas Gleixner <tglx@linutronix.de>
To: Andy Lutomirski <luto@kernel.org>,
syzbot <syzbot+2067e764dbcd10721e2e@syzkaller.appspotmail.com>,
bp@alien8.de, bp@suse.de, dave.hansen@linux.intel.com,
fenghua.yu@intel.com, hpa@zytor.com,
linux-kernel@vger.kernel.org, mingo@redhat.com,
peterz@infradead.org, syzkaller-bugs@googlegroups.com,
tony.luck@intel.com, x86@kernel.org, yu-cheng.yu@intel.com
Subject: Re: [syzbot] WARNING in ex_handler_fprestore
Date: Thu, 27 May 2021 21:05:06 +0200 [thread overview]
Message-ID: <874keo80bh.ffs@nanos.tec.linutronix.de> (raw)
In-Reply-To: <87bl8w86m3.ffs@nanos.tec.linutronix.de>
On Thu, May 27 2021 at 18:49, Thomas Gleixner wrote:
> On Thu, May 27 2021 at 00:03, Thomas Gleixner wrote:
> The original code kinda worked because fpu__clear() reinitialized the
> task fpu state, but as this code is preemptible the same issue can
> happen pre 5.8 as well if I'm not missing something. I'll verify that
> after dinner.
Yes, I was missing something and pre 5.8 _IS_ safe because fpu__clear()
wipes task->fpu.state. Preemption does not matter because
TIF_NEED_FPU_LOAD is set _before_ the copy from user happens and in the
failure case it is guaranteed that fpu__clear() is invoked before a
XRSTOR can happen from that wreckaged buffer.
So it's clearly this particular commit, which is sooo innocent according
to the submitter and fpu__clear() just helps to clean up the mess. It
just fails to clean up the mess which that commit created inside
fpu__clear() in the first place.
Clearly nothing of this whole system/user state seperation was
thoroughly tested, which means ANY patch which is XSTATE related is
blocked until this mess is analyzed and cleaned up.
From now on ANY patch which extends or modifies XSTATE handling has to
be accompanied by proper test cases and analysis. Without that such
patches are not even going to be reviewed. This applies to all patches
in flight as well.
I don't mind bugs, but unprofessionally dismissing a conclusive bisect
and handwaving about ptrace modified segment registers on X86_64 is just
not acceptable.
Thanks,
tglx
next prev parent reply other threads:[~2021-05-27 19:05 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-24 8:51 [syzbot] WARNING in ex_handler_fprestore syzbot
2021-05-26 0:33 ` Andy Lutomirski
2021-05-26 7:00 ` Dmitry Vyukov
2021-05-26 21:21 ` Yu, Yu-cheng
2021-05-26 22:37 ` Andy Lutomirski
2021-05-26 22:03 ` Thomas Gleixner
2021-05-27 16:49 ` Thomas Gleixner
2021-05-27 18:59 ` Yu, Yu-cheng
2021-05-27 19:17 ` Thomas Gleixner
2021-05-27 19:05 ` Thomas Gleixner [this message]
2021-05-31 17:46 ` syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=874keo80bh.ffs@nanos.tec.linutronix.de \
--to=tglx@linutronix.de \
--cc=bp@alien8.de \
--cc=bp@suse.de \
--cc=dave.hansen@linux.intel.com \
--cc=fenghua.yu@intel.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=syzbot+2067e764dbcd10721e2e@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=tony.luck@intel.com \
--cc=x86@kernel.org \
--cc=yu-cheng.yu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).