[PATCH 03/19] x86, mpx: Use new get_xsave_field_ptr()
From: Dave Hansen The MPX registers (bndcsr/bndcfgu/bndstatus) are not directly accessible via normal instructions. They essentially act as if they were floating point registers and are saved/restored along with those registers. There are two main paths in the MPX code where we care about the contents of these registers: 1. #BR (bounds) faults 2. the prctl() code where we are setting MPX up Both of those paths _might_ be called without the FPU having been used. That means that 'tsk->thread.fpu.state' might never be allocated. Also, fpu_save_init() is not preempt-safe. It was a bug to call it without disabling preemption. The new get_xsave_addr() calls unlazy_fpu() instead and properly disables preemption. Signed-off-by: Dave Hansen Reviewed-by: Thomas Gleixner Cc: Oleg Nesterov Cc: b...@alien8.de Cc: Rik van Riel Cc: Suresh Siddha Cc: Andy Lutomirski Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Fenghua Yu Cc: the arch/x86 maintainers Cc: linux-kernel --- Changes from v21: * rename get_xsave_field() to get_xsave_field_ptr() --- b/arch/x86/include/asm/mpx.h |8 b/arch/x86/kernel/traps.c| 17 - b/arch/x86/mm/mpx.c | 30 +++--- 3 files changed, 27 insertions(+), 28 deletions(-) diff -puN arch/x86/include/asm/mpx.h~use-new-tsk_get_xsave_addr arch/x86/include/asm/mpx.h --- a/arch/x86/include/asm/mpx.h~use-new-tsk_get_xsave_addr 2015-06-01 10:24:03.804711835 -0700 +++ b/arch/x86/include/asm/mpx.h2015-06-01 10:24:03.810712106 -0700 @@ -60,8 +60,8 @@ #ifdef CONFIG_X86_INTEL_MPX siginfo_t *mpx_generate_siginfo(struct pt_regs *regs, - struct xregs_state *xsave_buf); -int mpx_handle_bd_fault(struct xregs_state *xsave_buf); + struct task_struct *tsk); +int mpx_handle_bd_fault(struct task_struct *tsk); static inline int kernel_managing_mpx_tables(struct mm_struct *mm) { return (mm->bd_addr != MPX_INVALID_BOUNDS_DIR); @@ -78,11 +78,11 @@ void mpx_notify_unmap(struct mm_struct * unsigned long start, unsigned long end); #else static inline siginfo_t *mpx_generate_siginfo(struct pt_regs *regs, - struct xregs_state *xsave_buf) + struct task_struct *tsk) { return NULL; } -static inline int mpx_handle_bd_fault(struct xregs_state *xsave_buf) +static inline int mpx_handle_bd_fault(struct task_struct *tsk) { return -EINVAL; } diff -puN arch/x86/kernel/traps.c~use-new-tsk_get_xsave_addr arch/x86/kernel/traps.c --- a/arch/x86/kernel/traps.c~use-new-tsk_get_xsave_addr2015-06-01 10:24:03.805711880 -0700 +++ b/arch/x86/kernel/traps.c 2015-06-01 10:24:03.810712106 -0700 @@ -59,6 +59,7 @@ #include #include #include +#include #include #ifdef CONFIG_X86_64 @@ -371,9 +372,8 @@ dotraplinkage void do_double_fault(struc dotraplinkage void do_bounds(struct pt_regs *regs, long error_code) { struct task_struct *tsk = current; - struct xregs_state *xsave_buf; enum ctx_state prev_state; - struct bndcsr *bndcsr; + const struct bndcsr *bndcsr; siginfo_t *info; prev_state = exception_enter(); @@ -392,12 +392,11 @@ dotraplinkage void do_bounds(struct pt_r /* * We need to look at BNDSTATUS to resolve this exception. -* It is not directly accessible, though, so we need to -* do an xsave and then pull it out of the xsave buffer. +* A NULL here might mean that it is in its 'init state', +* which is all zeros which indicates MPX was not +* responsible for the exception. */ - copy_fpregs_to_fpstate(&tsk->thread.fpu); - xsave_buf = &(tsk->thread.fpu.state.xsave); - bndcsr = get_xsave_addr(xsave_buf, XSTATE_BNDCSR); + bndcsr = get_xsave_field_ptr(XSTATE_BNDCSR); if (!bndcsr) goto exit_trap; @@ -408,11 +407,11 @@ dotraplinkage void do_bounds(struct pt_r */ switch (bndcsr->bndstatus & MPX_BNDSTA_ERROR_CODE) { case 2: /* Bound directory has invalid entry. */ - if (mpx_handle_bd_fault(xsave_buf)) + if (mpx_handle_bd_fault(tsk)) goto exit_trap; break; /* Success, it was handled */ case 1: /* Bound violation. */ - info = mpx_generate_siginfo(regs, xsave_buf); + info = mpx_generate_siginfo(regs, tsk); if (IS_ERR(info)) { /* * We failed to decode the MPX instruction. Act as if diff -puN arch/x86/mm/mpx.c~use-new-tsk_get_xsave_addr arch/x86/mm/mpx.c --- a/arch/x86/mm/mpx.c~use-new-tsk_get_xsave_addr 2015-06-01 10:24:03.807711971 -0700 +++ b/arch/x86/mm/mpx.c 2015-06-01 10:24:03.811712151 -0700 @@ -272,9 +272,9 @@ bad_opcode: * The caller is expected to
[PATCH 03/19] x86, mpx: Use new get_xsave_field_ptr()
From: Dave Hansen The MPX registers (bndcsr/bndcfgu/bndstatus) are not directly accessible via normal instructions. They essentially act as if they were floating point registers and are saved/restored along with those registers. There are two main paths in the MPX code where we care about the contents of these registers: 1. #BR (bounds) faults 2. the prctl() code where we are setting MPX up Both of those paths _might_ be called without the FPU having been used. That means that 'tsk->thread.fpu.state' might never be allocated. Also, fpu_save_init() is not preempt-safe. It was a bug to call it without disabling preemption. The new get_xsave_addr() calls unlazy_fpu() instead and properly disables preemption. Signed-off-by: Dave Hansen Reviewed-by: Thomas Gleixner Cc: Oleg Nesterov Cc: b...@alien8.de Cc: Rik van Riel Cc: Suresh Siddha Cc: Andy Lutomirski Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Fenghua Yu Cc: the arch/x86 maintainers Cc: linux-kernel --- Changes from v21: * rename get_xsave_field() to get_xsave_field_ptr() --- b/arch/x86/include/asm/mpx.h |8 b/arch/x86/kernel/traps.c| 15 +++ b/arch/x86/mm/mpx.c | 24 3 files changed, 23 insertions(+), 24 deletions(-) diff -puN arch/x86/include/asm/mpx.h~use-new-tsk_get_xsave_addr arch/x86/include/asm/mpx.h --- a/arch/x86/include/asm/mpx.h~use-new-tsk_get_xsave_addr 2015-05-27 09:32:15.346481924 -0700 +++ b/arch/x86/include/asm/mpx.h2015-05-27 09:32:15.353482240 -0700 @@ -60,8 +60,8 @@ #ifdef CONFIG_X86_INTEL_MPX siginfo_t *mpx_generate_siginfo(struct pt_regs *regs, - struct xregs_state *xsave_buf); -int mpx_handle_bd_fault(struct xregs_state *xsave_buf); + struct task_struct *tsk); +int mpx_handle_bd_fault(struct task_struct *tsk); static inline int kernel_managing_mpx_tables(struct mm_struct *mm) { return (mm->bd_addr != MPX_INVALID_BOUNDS_DIR); @@ -78,11 +78,11 @@ void mpx_notify_unmap(struct mm_struct * unsigned long start, unsigned long end); #else static inline siginfo_t *mpx_generate_siginfo(struct pt_regs *regs, - struct xregs_state *xsave_buf) + struct task_struct *tsk) { return NULL; } -static inline int mpx_handle_bd_fault(struct xregs_state *xsave_buf) +static inline int mpx_handle_bd_fault(struct task_struct *tsk) { return -EINVAL; } diff -puN arch/x86/kernel/traps.c~use-new-tsk_get_xsave_addr arch/x86/kernel/traps.c --- a/arch/x86/kernel/traps.c~use-new-tsk_get_xsave_addr2015-05-27 09:32:15.348482015 -0700 +++ b/arch/x86/kernel/traps.c 2015-05-27 09:32:15.353482240 -0700 @@ -59,6 +59,7 @@ #include #include #include +#include #include #ifdef CONFIG_X86_64 @@ -371,7 +372,6 @@ dotraplinkage void do_double_fault(struc dotraplinkage void do_bounds(struct pt_regs *regs, long error_code) { struct task_struct *tsk = current; - struct xregs_state *xsave_buf; enum ctx_state prev_state; struct bndcsr *bndcsr; siginfo_t *info; @@ -392,12 +392,11 @@ dotraplinkage void do_bounds(struct pt_r /* * We need to look at BNDSTATUS to resolve this exception. -* It is not directly accessible, though, so we need to -* do an xsave and then pull it out of the xsave buffer. +* A NULL here might mean that it is in its 'init state', +* which is all zeros which indicates MPX was not +* responsible for the exception. */ - copy_fpregs_to_fpstate(&tsk->thread.fpu); - xsave_buf = &(tsk->thread.fpu.state.xsave); - bndcsr = get_xsave_addr(xsave_buf, XSTATE_BNDCSR); + bndcsr = get_xsave_field_ptr(XSTATE_BNDCSR); if (!bndcsr) goto exit_trap; @@ -408,11 +407,11 @@ dotraplinkage void do_bounds(struct pt_r */ switch (bndcsr->bndstatus & MPX_BNDSTA_ERROR_CODE) { case 2: /* Bound directory has invalid entry. */ - if (mpx_handle_bd_fault(xsave_buf)) + if (mpx_handle_bd_fault(tsk)) goto exit_trap; break; /* Success, it was handled */ case 1: /* Bound violation. */ - info = mpx_generate_siginfo(regs, xsave_buf); + info = mpx_generate_siginfo(regs, tsk); if (IS_ERR(info)) { /* * We failed to decode the MPX instruction. Act as if diff -puN arch/x86/mm/mpx.c~use-new-tsk_get_xsave_addr arch/x86/mm/mpx.c --- a/arch/x86/mm/mpx.c~use-new-tsk_get_xsave_addr 2015-05-27 09:32:15.349482059 -0700 +++ b/arch/x86/mm/mpx.c 2015-05-27 09:32:15.354482285 -0700 @@ -272,7 +272,7 @@ bad_opcode: * The caller is expected to kfree() the returned siginfo_t. */ siginfo_t *mpx_generate_siginfo(struct pt_regs *r
[PATCH 03/19] x86, mpx: Use new get_xsave_field_ptr()
From: Dave Hansen The MPX registers (bndcsr/bndcfgu/bndstatus) are not directly accessible via normal instructions. They essentially act as if they were floating point registers and are saved/restored along with those registers. There are two main paths in the MPX code where we care about the contents of these registers: 1. #BR (bounds) faults 2. the prctl() code where we are setting MPX up Both of those paths _might_ be called without the FPU having been used. That means that 'tsk->thread.fpu.state' might never be allocated. Also, fpu_save_init() is not preempt-safe. It was a bug to call it without disabling preemption. The new get_xsave_addr() calls unlazy_fpu() instead and properly disables preemption. Signed-off-by: Dave Hansen Reviewed-by: Thomas Gleixner Cc: Oleg Nesterov Cc: b...@alien8.de Cc: Rik van Riel Cc: Suresh Siddha Cc: Andy Lutomirski Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Fenghua Yu Cc: the arch/x86 maintainers Cc: linux-kernel --- Changes from v21: * rename get_xsave_field() to get_xsave_field_ptr() --- b/arch/x86/include/asm/mpx.h |8 b/arch/x86/kernel/traps.c| 15 +++ b/arch/x86/mm/mpx.c | 24 3 files changed, 23 insertions(+), 24 deletions(-) diff -puN arch/x86/include/asm/mpx.h~use-new-tsk_get_xsave_addr arch/x86/include/asm/mpx.h --- a/arch/x86/include/asm/mpx.h~use-new-tsk_get_xsave_addr 2015-05-27 09:32:15.346481924 -0700 +++ b/arch/x86/include/asm/mpx.h2015-05-27 09:32:15.353482240 -0700 @@ -60,8 +60,8 @@ #ifdef CONFIG_X86_INTEL_MPX siginfo_t *mpx_generate_siginfo(struct pt_regs *regs, - struct xregs_state *xsave_buf); -int mpx_handle_bd_fault(struct xregs_state *xsave_buf); + struct task_struct *tsk); +int mpx_handle_bd_fault(struct task_struct *tsk); static inline int kernel_managing_mpx_tables(struct mm_struct *mm) { return (mm->bd_addr != MPX_INVALID_BOUNDS_DIR); @@ -78,11 +78,11 @@ void mpx_notify_unmap(struct mm_struct * unsigned long start, unsigned long end); #else static inline siginfo_t *mpx_generate_siginfo(struct pt_regs *regs, - struct xregs_state *xsave_buf) + struct task_struct *tsk) { return NULL; } -static inline int mpx_handle_bd_fault(struct xregs_state *xsave_buf) +static inline int mpx_handle_bd_fault(struct task_struct *tsk) { return -EINVAL; } diff -puN arch/x86/kernel/traps.c~use-new-tsk_get_xsave_addr arch/x86/kernel/traps.c --- a/arch/x86/kernel/traps.c~use-new-tsk_get_xsave_addr2015-05-27 09:32:15.348482015 -0700 +++ b/arch/x86/kernel/traps.c 2015-05-27 09:32:15.353482240 -0700 @@ -59,6 +59,7 @@ #include #include #include +#include #include #ifdef CONFIG_X86_64 @@ -371,7 +372,6 @@ dotraplinkage void do_double_fault(struc dotraplinkage void do_bounds(struct pt_regs *regs, long error_code) { struct task_struct *tsk = current; - struct xregs_state *xsave_buf; enum ctx_state prev_state; struct bndcsr *bndcsr; siginfo_t *info; @@ -392,12 +392,11 @@ dotraplinkage void do_bounds(struct pt_r /* * We need to look at BNDSTATUS to resolve this exception. -* It is not directly accessible, though, so we need to -* do an xsave and then pull it out of the xsave buffer. +* A NULL here might mean that it is in its 'init state', +* which is all zeros which indicates MPX was not +* responsible for the exception. */ - copy_fpregs_to_fpstate(&tsk->thread.fpu); - xsave_buf = &(tsk->thread.fpu.state.xsave); - bndcsr = get_xsave_addr(xsave_buf, XSTATE_BNDCSR); + bndcsr = get_xsave_field_ptr(XSTATE_BNDCSR); if (!bndcsr) goto exit_trap; @@ -408,11 +407,11 @@ dotraplinkage void do_bounds(struct pt_r */ switch (bndcsr->bndstatus & MPX_BNDSTA_ERROR_CODE) { case 2: /* Bound directory has invalid entry. */ - if (mpx_handle_bd_fault(xsave_buf)) + if (mpx_handle_bd_fault(tsk)) goto exit_trap; break; /* Success, it was handled */ case 1: /* Bound violation. */ - info = mpx_generate_siginfo(regs, xsave_buf); + info = mpx_generate_siginfo(regs, tsk); if (IS_ERR(info)) { /* * We failed to decode the MPX instruction. Act as if diff -puN arch/x86/mm/mpx.c~use-new-tsk_get_xsave_addr arch/x86/mm/mpx.c --- a/arch/x86/mm/mpx.c~use-new-tsk_get_xsave_addr 2015-05-27 09:32:15.349482059 -0700 +++ b/arch/x86/mm/mpx.c 2015-05-27 09:32:15.354482285 -0700 @@ -272,7 +272,7 @@ bad_opcode: * The caller is expected to kfree() the returned siginfo_t. */ siginfo_t *mpx_generate_siginfo(struct pt_regs *r
Re: [PATCH 03/19] x86, mpx: Use new get_xsave_field_ptr()
On Mon, 18 May 2015, Dave Hansen wrote: > From: Dave Hansen > > The MPX registers (bndcsr/bndcfgu/bndstatus) are not directly > accessible via normal instructions. They essentially act as > if they were floating point registers and are saved/restored > along with those registers. > > There are two main paths in the MPX code where we care about > the contents of these registers: > 1. #BR (bounds) faults > 2. the prctl() code where we are setting MPX up > > Both of those paths _might_ be called without the FPU having > been used. That means that 'tsk->thread.fpu.state' might > never be allocated. > > Also, fpu_save_init() is not preempt-safe. It was a bug to > call it without disabling preemption. The new > get_xsave_addr() calls unlazy_fpu() instead and properly > disables preemption. > > Signed-off-by: Dave Hansen Reviewed-by: Thomas Gleixner -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH 03/19] x86, mpx: Use new get_xsave_field_ptr()
From: Dave Hansen The MPX registers (bndcsr/bndcfgu/bndstatus) are not directly accessible via normal instructions. They essentially act as if they were floating point registers and are saved/restored along with those registers. There are two main paths in the MPX code where we care about the contents of these registers: 1. #BR (bounds) faults 2. the prctl() code where we are setting MPX up Both of those paths _might_ be called without the FPU having been used. That means that 'tsk->thread.fpu.state' might never be allocated. Also, fpu_save_init() is not preempt-safe. It was a bug to call it without disabling preemption. The new get_xsave_addr() calls unlazy_fpu() instead and properly disables preemption. Signed-off-by: Dave Hansen Cc: Oleg Nesterov Cc: b...@alien8.de Cc: Rik van Riel Cc: Suresh Siddha Cc: Andy Lutomirski Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Fenghua Yu Cc: the arch/x86 maintainers Cc: linux-kernel --- Changes from v21: * rename get_xsave_field() to get_xsave_field_ptr() --- b/arch/x86/include/asm/mpx.h |8 b/arch/x86/kernel/traps.c| 15 +++ b/arch/x86/mm/mpx.c | 23 +++ 3 files changed, 22 insertions(+), 24 deletions(-) diff -puN arch/x86/include/asm/mpx.h~use-new-tsk_get_xsave_addr arch/x86/include/asm/mpx.h --- a/arch/x86/include/asm/mpx.h~use-new-tsk_get_xsave_addr 2015-05-18 17:48:58.631409087 -0700 +++ b/arch/x86/include/asm/mpx.h2015-05-18 17:48:58.637409357 -0700 @@ -60,8 +60,8 @@ #ifdef CONFIG_X86_INTEL_MPX siginfo_t *mpx_generate_siginfo(struct pt_regs *regs, - struct xsave_struct *xsave_buf); -int mpx_handle_bd_fault(struct xsave_struct *xsave_buf); + struct task_struct *tsk); +int mpx_handle_bd_fault(struct task_struct *tsk); static inline int kernel_managing_mpx_tables(struct mm_struct *mm) { return (mm->bd_addr != MPX_INVALID_BOUNDS_DIR); @@ -78,11 +78,11 @@ void mpx_notify_unmap(struct mm_struct * unsigned long start, unsigned long end); #else static inline siginfo_t *mpx_generate_siginfo(struct pt_regs *regs, - struct xsave_struct *xsave_buf) + struct task_struct *tsk) { return NULL; } -static inline int mpx_handle_bd_fault(struct xsave_struct *xsave_buf) +static inline int mpx_handle_bd_fault(struct task_struct *tsk) { return -EINVAL; } diff -puN arch/x86/kernel/traps.c~use-new-tsk_get_xsave_addr arch/x86/kernel/traps.c --- a/arch/x86/kernel/traps.c~use-new-tsk_get_xsave_addr2015-05-18 17:48:58.632409132 -0700 +++ b/arch/x86/kernel/traps.c 2015-05-18 17:48:58.638409402 -0700 @@ -61,6 +61,7 @@ #include #include #include +#include #ifdef CONFIG_X86_64 #include @@ -372,7 +373,6 @@ dotraplinkage void do_double_fault(struc dotraplinkage void do_bounds(struct pt_regs *regs, long error_code) { struct task_struct *tsk = current; - struct xsave_struct *xsave_buf; enum ctx_state prev_state; struct bndcsr *bndcsr; siginfo_t *info; @@ -393,12 +393,11 @@ dotraplinkage void do_bounds(struct pt_r /* * We need to look at BNDSTATUS to resolve this exception. -* It is not directly accessible, though, so we need to -* do an xsave and then pull it out of the xsave buffer. +* A NULL here might mean that it is in its 'init state', +* which is all zeros which indicates MPX was not +* responsible for the exception. */ - fpu_save_init(&tsk->thread.fpu); - xsave_buf = &(tsk->thread.fpu.state->xsave); - bndcsr = get_xsave_addr(xsave_buf, XSTATE_BNDCSR); + bndcsr = get_xsave_field_ptr(XSTATE_BNDCSR); if (!bndcsr) goto exit_trap; @@ -409,11 +408,11 @@ dotraplinkage void do_bounds(struct pt_r */ switch (bndcsr->bndstatus & MPX_BNDSTA_ERROR_CODE) { case 2: /* Bound directory has invalid entry. */ - if (mpx_handle_bd_fault(xsave_buf)) + if (mpx_handle_bd_fault(tsk)) goto exit_trap; break; /* Success, it was handled */ case 1: /* Bound violation. */ - info = mpx_generate_siginfo(regs, xsave_buf); + info = mpx_generate_siginfo(regs, tsk); if (IS_ERR(info)) { /* * We failed to decode the MPX instruction. Act as if diff -puN arch/x86/mm/mpx.c~use-new-tsk_get_xsave_addr arch/x86/mm/mpx.c --- a/arch/x86/mm/mpx.c~use-new-tsk_get_xsave_addr 2015-05-18 17:48:58.634409222 -0700 +++ b/arch/x86/mm/mpx.c 2015-05-18 17:48:58.639409447 -0700 @@ -273,7 +273,7 @@ bad_opcode: * The caller is expected to kfree() the returned siginfo_t. */ siginfo_t *mpx_generate_siginfo(struct pt_regs *regs, -