[thirdparty/kernel/stable-queue.git] / releases / 4.9.11 / x86-fpu-xstate-fix-xcomp_bv-in-xsaves-header.patch

From dffba9a31c7769be3231c420d4b364c92ba3f1ac Mon Sep 17 00:00:00 2001
From: Yu-cheng Yu <yu-cheng.yu@intel.com>
Date: Mon, 23 Jan 2017 14:54:44 -0800
Subject: x86/fpu/xstate: Fix xcomp_bv in XSAVES header

From: Yu-cheng Yu <yu-cheng.yu@intel.com>

commit dffba9a31c7769be3231c420d4b364c92ba3f1ac upstream.

The compacted-format XSAVES area is determined at boot time and
never changed after.  The field xsave.header.xcomp_bv indicates
which components are in the fixed XSAVES format.

In fpstate_init() we did not set xcomp_bv to reflect the XSAVES
format since at the time there is no valid data.

However, after we do copy_init_fpstate_to_fpregs() in fpu__clear(),
as in commit:

  b22cbe404a9c x86/fpu: Fix invalid FPU ptrace state after execve()

and when __fpu_restore_sig() does fpu__restore() for a COMPAT-mode
app, a #GP occurs.  This can be easily triggered by doing valgrind on
a COMPAT-mode "Hello World," as reported by Joakim Tjernlund and
others:

	https://bugzilla.kernel.org/show_bug.cgi?id=190061

Fix it by setting xcomp_bv correctly.

This patch also moves the xcomp_bv initialization to the proper
place, which was in copyin_to_xsaves() as of:

  4c833368f0bf x86/fpu: Set the xcomp_bv when we fake up a XSAVES area

which fixed the bug too, but it's more efficient and cleaner to
initialize things once per boot, not for every signal handling
operation.

Reported-by: Kevin Hao <haokexin@gmail.com>
Reported-by: Joakim Tjernlund <Joakim.Tjernlund@infinera.com>
Signed-off-by: Yu-cheng Yu <yu-cheng.yu@intel.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Borislav Petkov <bp@suse.de>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Fenghua Yu <fenghua.yu@intel.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Ravi V. Shankar <ravi.v.shankar@intel.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: haokexin@gmail.com
Link: http://lkml.kernel.org/r/1485212084-4418-1-git-send-email-yu-cheng.yu@intel.com
[ Combined it with 4c833368f0bf. ]
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/x86/kernel/fpu/core.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/arch/x86/kernel/fpu/core.c
+++ b/arch/x86/kernel/fpu/core.c
@@ -236,7 +236,8 @@ void fpstate_init(union fpregs_state *st
 	 * it will #GP. Make sure it is replaced after the memset().
 	 */
 	if (static_cpu_has(X86_FEATURE_XSAVES))
-		state->xsave.header.xcomp_bv = XCOMP_BV_COMPACTED_FORMAT;
+		state->xsave.header.xcomp_bv = XCOMP_BV_COMPACTED_FORMAT |
+					       xfeatures_mask;
 
 	if (static_cpu_has(X86_FEATURE_FXSR))
 		fpstate_init_fxstate(&state->fxsave);
Commit	Line	Data
459fa4a7 GKH	1	From dffba9a31c7769be3231c420d4b364c92ba3f1ac Mon Sep 17 00:00:00 2001
	2	From: Yu-cheng Yu <yu-cheng.yu@intel.com>
	3	Date: Mon, 23 Jan 2017 14:54:44 -0800
	4	Subject: x86/fpu/xstate: Fix xcomp_bv in XSAVES header
	5
	6	From: Yu-cheng Yu <yu-cheng.yu@intel.com>
	7
	8	commit dffba9a31c7769be3231c420d4b364c92ba3f1ac upstream.
	9
	10	The compacted-format XSAVES area is determined at boot time and
	11	never changed after. The field xsave.header.xcomp_bv indicates
	12	which components are in the fixed XSAVES format.
	13
	14	In fpstate_init() we did not set xcomp_bv to reflect the XSAVES
	15	format since at the time there is no valid data.
	16
	17	However, after we do copy_init_fpstate_to_fpregs() in fpu__clear(),
	18	as in commit:
	19
	20	b22cbe404a9c x86/fpu: Fix invalid FPU ptrace state after execve()
	21
	22	and when __fpu_restore_sig() does fpu__restore() for a COMPAT-mode
	23	app, a #GP occurs. This can be easily triggered by doing valgrind on
	24	a COMPAT-mode "Hello World," as reported by Joakim Tjernlund and
	25	others:
	26
	27	https://bugzilla.kernel.org/show_bug.cgi?id=190061
	28
	29	Fix it by setting xcomp_bv correctly.
	30
	31	This patch also moves the xcomp_bv initialization to the proper
	32	place, which was in copyin_to_xsaves() as of:
	33
	34	4c833368f0bf x86/fpu: Set the xcomp_bv when we fake up a XSAVES area
	35
	36	which fixed the bug too, but it's more efficient and cleaner to
	37	initialize things once per boot, not for every signal handling
	38	operation.
	39
	40	Reported-by: Kevin Hao <haokexin@gmail.com>
	41	Reported-by: Joakim Tjernlund <Joakim.Tjernlund@infinera.com>
	42	Signed-off-by: Yu-cheng Yu <yu-cheng.yu@intel.com>
	43	Cc: Andy Lutomirski <luto@kernel.org>
	44	Cc: Borislav Petkov <bp@suse.de>
	45	Cc: Dave Hansen <dave.hansen@linux.intel.com>
	46	Cc: Fenghua Yu <fenghua.yu@intel.com>
	47	Cc: Linus Torvalds <torvalds@linux-foundation.org>
	48	Cc: Peter Zijlstra <peterz@infradead.org>
	49	Cc: Ravi V. Shankar <ravi.v.shankar@intel.com>
	50	Cc: Thomas Gleixner <tglx@linutronix.de>
	51	Cc: haokexin@gmail.com
	52	Link: http://lkml.kernel.org/r/1485212084-4418-1-git-send-email-yu-cheng.yu@intel.com
	53	[ Combined it with 4c833368f0bf. ]
	54	Signed-off-by: Ingo Molnar <mingo@kernel.org>
	55	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	56
	57	---
	58	arch/x86/kernel/fpu/core.c \| 3 ++-
	59	1 file changed, 2 insertions(+), 1 deletion(-)
	60
	61	--- a/arch/x86/kernel/fpu/core.c
	62	+++ b/arch/x86/kernel/fpu/core.c
	63	@@ -236,7 +236,8 @@ void fpstate_init(union fpregs_state *st
	64	* it will #GP. Make sure it is replaced after the memset().
65	*/
66	if (static_cpu_has(X86_FEATURE_XSAVES))
67	- state->xsave.header.xcomp_bv = XCOMP_BV_COMPACTED_FORMAT;
68	+ state->xsave.header.xcomp_bv = XCOMP_BV_COMPACTED_FORMAT \|
69	+ xfeatures_mask;
70
71	if (static_cpu_has(X86_FEATURE_FXSR))
72	fpstate_init_fxstate(&state->fxsave);