x86/mpx: Use the new get_xsave_field_ptr()API
The MPX registers (bndcsr/bndcfgu/bndstatus) are not directly accessible via normal instructions. They essentially act as if they were floating point registers and are saved/restored along with those registers. There are two main paths in the MPX code where we care about the contents of these registers: 1. #BR (bounds) faults 2. the prctl() code where we are setting MPX up Both of those paths _might_ be called without the FPU having been used. That means that 'tsk->thread.fpu.state' might never be allocated. Also, fpu_save_init() is not preempt-safe. It was a bug to call it without disabling preemption. The new get_xsave_addr() calls unlazy_fpu() instead and properly disables preemption. Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> Reviewed-by: Thomas Gleixner <tglx@linutronix.de> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Andy Lutomirski <luto@amacapital.net> Cc: Dave Hansen <dave@sr71.net> Cc: Fenghua Yu <fenghua.yu@intel.com> Cc: H. Peter Anvin <hpa@zytor.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Oleg Nesterov <oleg@redhat.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Rik van Riel <riel@redhat.com> Cc: Suresh Siddha <sbsiddha@gmail.com> Cc: bp@alien8.de Link: http://lkml.kernel.org/r/20150607183701.BC0D37CF@viggo.jf.intel.com Signed-off-by: Ingo Molnar <mingo@kernel.org>
This commit is contained in:
Dave Hansen
Ingo Molnar
parent
04cd027bcb
commit
a84eeaa96b
|
|
@ -60,8 +60,8 @@
|
|||
|
||||
#ifdef CONFIG_X86_INTEL_MPX
|
||||
siginfo_t *mpx_generate_siginfo(struct pt_regs *regs,
|
||||
struct xregs_state *xsave_buf);
|
||||
int mpx_handle_bd_fault(struct xregs_state *xsave_buf);
|
||||
struct task_struct *tsk);
|
||||
int mpx_handle_bd_fault(struct task_struct *tsk);
|
||||
static inline int kernel_managing_mpx_tables(struct mm_struct *mm)
|
||||
{
|
||||
return (mm->bd_addr != MPX_INVALID_BOUNDS_DIR);
|
||||
|
|
@ -78,11 +78,11 @@ void mpx_notify_unmap(struct mm_struct *mm, struct vm_area_struct *vma,
|
|||
unsigned long start, unsigned long end);
|
||||
#else
|
||||
static inline siginfo_t *mpx_generate_siginfo(struct pt_regs *regs,
|
||||
struct xregs_state *xsave_buf)
|
||||
struct task_struct *tsk)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
static inline int mpx_handle_bd_fault(struct xregs_state *xsave_buf)
|
||||
static inline int mpx_handle_bd_fault(struct task_struct *tsk)
|
||||
{
|
||||
return -EINVAL;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -59,6 +59,7 @@
|
|||
#include <asm/fixmap.h>
|
||||
#include <asm/mach_traps.h>
|
||||
#include <asm/alternative.h>
|
||||
#include <asm/fpu/xstate.h>
|
||||
#include <asm/mpx.h>
|
||||
|
||||
#ifdef CONFIG_X86_64
|
||||
|
|
@ -371,9 +372,8 @@ dotraplinkage void do_double_fault(struct pt_regs *regs, long error_code)
|
|||
dotraplinkage void do_bounds(struct pt_regs *regs, long error_code)
|
||||
{
|
||||
struct task_struct *tsk = current;
|
||||
struct xregs_state *xsave_buf;
|
||||
enum ctx_state prev_state;
|
||||
struct bndcsr *bndcsr;
|
||||
const struct bndcsr *bndcsr;
|
||||
siginfo_t *info;
|
||||
|
||||
prev_state = exception_enter();
|
||||
|
|
@ -392,12 +392,11 @@ dotraplinkage void do_bounds(struct pt_regs *regs, long error_code)
|
|||
|
||||
/*
|
||||
* We need to look at BNDSTATUS to resolve this exception.
|
||||
* It is not directly accessible, though, so we need to
|
||||
* do an xsave and then pull it out of the xsave buffer.
|
||||
* A NULL here might mean that it is in its 'init state',
|
||||
* which is all zeros which indicates MPX was not
|
||||
* responsible for the exception.
|
||||
*/
|
||||
copy_fpregs_to_fpstate(&tsk->thread.fpu);
|
||||
xsave_buf = &(tsk->thread.fpu.state.xsave);
|
||||
bndcsr = get_xsave_addr(xsave_buf, XSTATE_BNDCSR);
|
||||
bndcsr = get_xsave_field_ptr(XSTATE_BNDCSR);
|
||||
if (!bndcsr)
|
||||
goto exit_trap;
|
||||
|
||||
|
|
@ -408,11 +407,11 @@ dotraplinkage void do_bounds(struct pt_regs *regs, long error_code)
|
|||
*/
|
||||
switch (bndcsr->bndstatus & MPX_BNDSTA_ERROR_CODE) {
|
||||
case 2: /* Bound directory has invalid entry. */
|
||||
if (mpx_handle_bd_fault(xsave_buf))
|
||||
if (mpx_handle_bd_fault(tsk))
|
||||
goto exit_trap;
|
||||
break; /* Success, it was handled */
|
||||
case 1: /* Bound violation. */
|
||||
info = mpx_generate_siginfo(regs, xsave_buf);
|
||||
info = mpx_generate_siginfo(regs, tsk);
|
||||
if (IS_ERR(info)) {
|
||||
/*
|
||||
* We failed to decode the MPX instruction. Act as if
|
||||
|
|
|
|||
|
|
@ -272,9 +272,9 @@ bad_opcode:
|
|||
* The caller is expected to kfree() the returned siginfo_t.
|
||||
*/
|
||||
siginfo_t *mpx_generate_siginfo(struct pt_regs *regs,
|
||||
struct xregs_state *xsave_buf)
|
||||
struct task_struct *tsk)
|
||||
{
|
||||
struct bndreg *bndregs, *bndreg;
|
||||
const struct bndreg *bndregs, *bndreg;
|
||||
siginfo_t *info = NULL;
|
||||
struct insn insn;
|
||||
uint8_t bndregno;
|
||||
|
|
@ -294,8 +294,8 @@ siginfo_t *mpx_generate_siginfo(struct pt_regs *regs,
|
|||
err = -EINVAL;
|
||||
goto err_out;
|
||||
}
|
||||
/* get the bndregs _area_ of the xsave structure */
|
||||
bndregs = get_xsave_addr(xsave_buf, XSTATE_BNDREGS);
|
||||
/* get bndregs field from current task's xsave area */
|
||||
bndregs = get_xsave_field_ptr(XSTATE_BNDREGS);
|
||||
if (!bndregs) {
|
||||
err = -EINVAL;
|
||||
goto err_out;
|
||||
|
|
@ -342,7 +342,7 @@ err_out:
|
|||
|
||||
static __user void *task_get_bounds_dir(struct task_struct *tsk)
|
||||
{
|
||||
struct bndcsr *bndcsr;
|
||||
const struct bndcsr *bndcsr;
|
||||
|
||||
if (!cpu_feature_enabled(X86_FEATURE_MPX))
|
||||
return MPX_INVALID_BOUNDS_DIR;
|
||||
|
|
@ -357,8 +357,7 @@ static __user void *task_get_bounds_dir(struct task_struct *tsk)
|
|||
* The bounds directory pointer is stored in a register
|
||||
* only accessible if we first do an xsave.
|
||||
*/
|
||||
copy_fpregs_to_fpstate(&tsk->thread.fpu);
|
||||
bndcsr = get_xsave_addr(&tsk->thread.fpu.state.xsave, XSTATE_BNDCSR);
|
||||
bndcsr = get_xsave_field_ptr(XSTATE_BNDCSR);
|
||||
if (!bndcsr)
|
||||
return MPX_INVALID_BOUNDS_DIR;
|
||||
|
||||
|
|
@ -389,9 +388,10 @@ int mpx_enable_management(struct task_struct *tsk)
|
|||
* directory into XSAVE/XRSTOR Save Area and enable MPX through
|
||||
* XRSTOR instruction.
|
||||
*
|
||||
* copy_xregs_to_kernel() is expected to be very expensive. Storing the bounds
|
||||
* directory here means that we do not have to do xsave in the unmap
|
||||
* path; we can just use mm->bd_addr instead.
|
||||
* The copy_xregs_to_kernel() beneath get_xsave_field_ptr() is
|
||||
* expected to be relatively expensive. Storing the bounds
|
||||
* directory here means that we do not have to do xsave in the
|
||||
* unmap path; we can just use mm->bd_addr instead.
|
||||
*/
|
||||
bd_base = task_get_bounds_dir(tsk);
|
||||
down_write(&mm->mmap_sem);
|
||||
|
|
@ -497,12 +497,12 @@ out_unmap:
|
|||
* bound table is 16KB. With 64-bit mode, the size of BD is 2GB,
|
||||
* and the size of each bound table is 4MB.
|
||||
*/
|
||||
static int do_mpx_bt_fault(struct xregs_state *xsave_buf)
|
||||
static int do_mpx_bt_fault(struct task_struct *tsk)
|
||||
{
|
||||
unsigned long bd_entry, bd_base;
|
||||
struct bndcsr *bndcsr;
|
||||
const struct bndcsr *bndcsr;
|
||||
|
||||
bndcsr = get_xsave_addr(xsave_buf, XSTATE_BNDCSR);
|
||||
bndcsr = get_xsave_field_ptr(XSTATE_BNDCSR);
|
||||
if (!bndcsr)
|
||||
return -EINVAL;
|
||||
/*
|
||||
|
|
@ -525,7 +525,7 @@ static int do_mpx_bt_fault(struct xregs_state *xsave_buf)
|
|||
return allocate_bt((long __user *)bd_entry);
|
||||
}
|
||||
|
||||
int mpx_handle_bd_fault(struct xregs_state *xsave_buf)
|
||||
int mpx_handle_bd_fault(struct task_struct *tsk)
|
||||
{
|
||||
/*
|
||||
* Userspace never asked us to manage the bounds tables,
|
||||
|
|
@ -534,7 +534,7 @@ int mpx_handle_bd_fault(struct xregs_state *xsave_buf)
|
|||
if (!kernel_managing_mpx_tables(current->mm))
|
||||
return -EINVAL;
|
||||
|
||||
if (do_mpx_bt_fault(xsave_buf)) {
|
||||
if (do_mpx_bt_fault(tsk)) {
|
||||
force_sig(SIGSEGV, current);
|
||||
/*
|
||||
* The force_sig() is essentially "handling" this
|
||||
|
|
|
|||
Loading…
Reference in New Issue