Kernel/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-12-29 17:25:38 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
ae6012d72f
linux-stable/arch/x86
History
Aruna Ramakrishna ae6012d72f x86/pkeys: Ensure updated PKRU value is XRSTOR'd 
When XSTATE_BV[i] is 0, and XRSTOR attempts to restore state component
'i' it ignores any value in the XSAVE buffer and instead restores the
state component's init value.

This means that if XSAVE writes XSTATE_BV[PKRU]=0 then XRSTOR will
ignore the value that update_pkru_in_sigframe() writes to the XSAVE buffer.

XSTATE_BV[PKRU] only gets written as 0 if PKRU is in its init state. On
Intel CPUs, basically never happens because the kernel usually
overwrites the init value (aside: this is why we didn't notice this bug
until now). But on AMD, the init tracker is more aggressive and will
track PKRU as being in its init state upon any wrpkru(0x0).
Unfortunately, sig_prepare_pkru() does just that: wrpkru(0x0).

This writes XSTATE_BV[PKRU]=0 which makes XRSTOR ignore the PKRU value
in the sigframe.

To fix this, always overwrite the sigframe XSTATE_BV with a value that
has XSTATE_BV[PKRU]==1.  This ensures that XRSTOR will not ignore what
update_pkru_in_sigframe() wrote.

The problematic sequence of events is something like this:

Userspace does:
	* wrpkru(0xffff0000) (or whatever)
	* Hardware sets: XINUSE[PKRU]=1
Signal happens, kernel is entered:
	* sig_prepare_pkru() => wrpkru(0x00000000)
	* Hardware sets: XINUSE[PKRU]=0 (aggressive AMD init tracker)
	* XSAVE writes most of XSAVE buffer, including
	  XSTATE_BV[PKRU]=XINUSE[PKRU]=0
	* update_pkru_in_sigframe() overwrites PKRU in XSAVE buffer
... signal handling
	* XRSTOR sees XSTATE_BV[PKRU]==0, ignores just-written value
	  from update_pkru_in_sigframe()

Fixes: 70044df250 ("x86/pkeys: Update PKRU to enable all pkeys before XSAVE")
Suggested-by: Rudi Horn <rudi.horn@oracle.com>
Signed-off-by: Aruna Ramakrishna <aruna.ramakrishna@oracle.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Acked-by: Dave Hansen <dave.hansen@linux.intel.com>
Link: https://lore.kernel.org/all/20241119174520.3987538-3-aruna.ramakrishna%40oracle.com
2024-12-02 15:25:29 -08:00
..
boot x86 cleanups for v6.13: 2024-11-19 14:46:39 -08:00
coco - Add new infrastructure for reading TDX metadata 2024-11-22 13:07:19 -08:00
configs tinyconfig: remove unnecessary 'is not set' for choice blocks 2024-09-01 20:34:38 +09:00
crypto This update includes the following changes: 2024-11-19 10:28:41 -08:00
entry - The series "zram: optimal post-processing target selection" from 2024-11-23 09:58:07 -08:00
events perf/core: Correct perf sampling with guest VMs 2024-11-14 10:40:01 +01:00
hyperv hyperv-next for v6.12 2024-09-19 08:15:30 +02:00
ia32
include - Add a terminating zero end-element to the array describing AMD CPUs affected 2024-12-01 12:35:37 -08:00
kernel x86/pkeys: Ensure updated PKRU value is XRSTOR'd 2024-12-02 15:25:29 -08:00
kvm The biggest change here is eliminating the awful idea that KVM had, of 2024-11-23 16:00:50 -08:00
lib x86: fix user address masking non-canonical speculation issue 2024-10-25 09:53:03 -07:00
math-emu x86/math-emu: Fix function cast warnings 2024-04-08 16:06:22 +02:00
mm - Add a terminating zero end-element to the array describing AMD CPUs affected 2024-12-01 12:35:37 -08:00
net bpf, x86: Propagate tailcall info only for subprogs 2024-11-12 17:24:03 -08:00
pci Merge branch 'pci/thunderbolt' 2024-11-25 13:40:55 -06:00
platform EFI updates for v6.13 2024-11-20 14:13:28 -08:00
power - Kuan-Wei Chiu has developed the well-named series "lib min_heap: Min 2024-03-14 18:03:09 -07:00
purgatory Kbuild updates for v6.10 2024-05-18 12:39:20 -07:00
ras
realmode Makefile: remove redundant tool coverage variables 2024-05-14 23:35:48 +09:00
tools First step of consolidating the VDSO data page handling: 2024-11-19 16:09:13 -08:00
um um: fix sparse warnings in signal code 2024-11-07 17:34:50 +01:00
video arch: Fix name collision with ACPI's video.o 2024-05-20 21:17:06 +00:00
virt - Do the proper memory conversion of guest memory in order to be able to kexec 2024-11-19 12:21:35 -08:00
xen x86/xen: Avoid relocatable quantities in Xen ELF notes 2024-10-29 17:23:36 +01:00
.gitignore
Kbuild x86/build: Use obj-y to descend into arch/x86/virt/ 2024-03-30 10:41:49 +01:00
Kconfig Kbuild updates for v6.13 2024-11-30 13:41:50 -08:00
Kconfig.assembler x86/kconfig: Add as-instr64 macro to properly evaluate AS_WRUSS 2024-06-20 19:48:18 +02:00
Kconfig.cpu x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 2024-02-09 16:28:19 +01:00
Kconfig.debug x86/kconfig: Select ARCH_WANT_FRAME_POINTERS again when UNWINDER_FRAME_POINTER=y 2024-05-20 11:37:23 +02:00
Makefile x86/stackprotector: Work around strict Clang TLS symbol requirements 2024-11-08 13:16:00 +01:00
Makefile_32.cpu
Makefile.postlink
Makefile.um arch: um: rust: Use the generated target.json again 2024-07-03 12:22:11 +02:00