1 files changed, 161 insertions, 34 deletions
diff --git a/arch/x86/kernel/xsave.c b/arch/x86/kernel/xsave.c
index 37e68fc5e24a..9c253bd65e24 100644
--- a/arch/x86/kernel/xsave.c
+++ b/arch/x86/kernel/xsave.c
@@ -16,11 +16,88 @@
 */
 u64 pcntxt_mask;
+/*
+ * Represents init state for the supported extended state.
+ */
+static struct xsave_struct *init_xstate_buf;
 struct _fpx_sw_bytes fx_sw_reserved;
 #ifdef CONFIG_IA32_EMULATION
 struct _fpx_sw_bytes fx_sw_reserved_ia32;
 #endif
+static unsigned int *xstate_offsets, *xstate_sizes, xstate_features;
+/*
+ * If a processor implementation discern that a processor state component is
+ * in its initialized state it may modify the corresponding bit in the
+ * xsave_hdr.xstate_bv as '0', with out modifying the corresponding memory
+ * layout in the case of xsaveopt. While presenting the xstate information to
+ * the user, we always ensure that the memory layout of a feature will be in
+ * the init state if the corresponding header bit is zero. This is to ensure
+ * that the user doesn't see some stale state in the memory layout during
+ * signal handling, debugging etc.
+ */
+void __sanitize_i387_state(struct task_struct *tsk)
+{
+        u64 xstate_bv;
+        int feature_bit = 0x2;
+        struct i387_fxsave_struct *fx = &tsk->thread.fpu.state->fxsave;
+        if (!fx)
+                return;
+        BUG_ON(task_thread_info(tsk)->status & TS_USEDFPU);
+        xstate_bv = tsk->thread.fpu.state->xsave.xsave_hdr.xstate_bv;
+        /*
+         * None of the feature bits are in init state. So nothing else
+         * to do for us, as the memory layout is upto date.
+         */
+        if ((xstate_bv & pcntxt_mask) == pcntxt_mask)
+                return;
+        /*
+         * FP is in init state
+         */
+        if (!(xstate_bv & XSTATE_FP)) {
+                fx->cwd = 0x37f;
+                fx->swd = 0;
+                fx->twd = 0;
+                fx->fop = 0;
+                fx->rip = 0;
+                fx->rdp = 0;
+                memset(&fx->st_space[0], 0, 128);
+        }
+        /*
+         * SSE is in init state
+         */
+        if (!(xstate_bv & XSTATE_SSE))
+                memset(&fx->xmm_space[0], 0, 256);
+        xstate_bv = (pcntxt_mask & ~xstate_bv) >> 2;
+        /*
+         * Update all the other memory layouts for which the corresponding
+         * header bit is in the init state.
+         */
+        while (xstate_bv) {
+                if (xstate_bv & 0x1) {
+                        int offset = xstate_offsets[feature_bit];
+                        int size = xstate_sizes[feature_bit];
+                        memcpy(((void *) fx) + offset,
+                               ((void *) init_xstate_buf) + offset,
+                               size);
+                }
+                xstate_bv >>= 1;
+                feature_bit++;
+        }
+}
 /*
 * Check for the presence of extended state information in the
 * user fpstate pointer in the sigcontext.
@@ -36,15 +113,14 @@ int check_for_xstate(struct i387_fxsave_struct __user *buf,
        err = __copy_from_user(fx_sw_user, &buf->sw_reserved[0],
                               sizeof(struct _fpx_sw_bytes));
        if (err)
-                return err;
+                return -EFAULT;
        /*
         * First Magic check failed.
         */
        if (fx_sw_user->magic1 != FP_XSTATE_MAGIC1)
-                return -1;
+                return -EINVAL;
        /*
         * Check for error scenarios.
@@ -52,19 +128,21 @@ int check_for_xstate(struct i387_fxsave_struct __user *buf,
        if (fx_sw_user->xstate_size < min_xstate_size ||
            fx_sw_user->xstate_size > xstate_size ||
            fx_sw_user->xstate_size > fx_sw_user->extended_size)
-                return -1;
+                return -EINVAL;
        err = __get_user(magic2, (__u32 *) (((void *)fpstate) +
                                            fx_sw_user->extended_size -
                                            FP_XSTATE_MAGIC2_SIZE));
+        if (err)
+                return err;
        /*
         * Check for the presence of second magic word at the end of memory
         * layout. This detects the case where the user just copied the legacy
         * fpstate layout with out copying the extended state information
         * in the memory layout.
         */
-        if (err || magic2 != FP_XSTATE_MAGIC2)
+        if (magic2 != FP_XSTATE_MAGIC2)
-                return -1;
+                return -EFAULT;
        return 0;
 }
@@ -91,14 +169,6 @@ int save_i387_xstate(void __user *buf)
                return 0;
        if (task_thread_info(tsk)->status & TS_USEDFPU) {
-                /*
-                 * Start with clearing the user buffer. This will present a
-                 * clean context for the bytes not touched by the fxsave/xsave.
-                 */
-                err = __clear_user(buf, sig_xstate_size);
-                if (err)
-                        return err;
                if (use_xsave())
                        err = xsave_user(buf);
                else
@@ -109,6 +179,7 @@ int save_i387_xstate(void __user *buf)
                task_thread_info(tsk)->status &= ~TS_USEDFPU;
                stts();
        } else {
+                sanitize_i387_state(tsk);
                if (__copy_to_user(buf, &tsk->thread.fpu.state->fxsave,
                                   xstate_size))
                        return -1;
@@ -184,8 +255,8 @@ static int restore_user_xstate(void __user *buf)
         * init the state skipped by the user.
         */
        mask = pcntxt_mask & ~mask;
+        if (unlikely(mask))
-        xrstor_state(init_xstate_buf, mask);
+                xrstor_state(init_xstate_buf, mask);
        return 0;
@@ -274,11 +345,6 @@ static void prepare_fx_sw_frame(void)
 #endif
 }
-/*
- * Represents init state for the supported extended state.
- */
-struct xsave_struct *init_xstate_buf;
 #ifdef CONFIG_X86_64
 unsigned int sig_xstate_size = sizeof(struct _fpstate);
 #endif
@@ -286,37 +352,77 @@ unsigned int sig_xstate_size = sizeof(struct _fpstate);
 /*
 * Enable the extended processor state save/restore feature
 */
-void __cpuinit xsave_init(void)
+static inline void xstate_enable(void)
 {
-        if (!cpu_has_xsave)
-                return;
        set_in_cr4(X86_CR4_OSXSAVE);
-        /*
-         * Enable all the features that the HW is capable of
-         * and the Linux kernel is aware of.
-         */
        xsetbv(XCR_XFEATURE_ENABLED_MASK, pcntxt_mask);
 }
 /*
+ * Record the offsets and sizes of different state managed by the xsave
+ * memory layout.
+ */
+static void __init setup_xstate_features(void)
+{
+        int eax, ebx, ecx, edx, leaf = 0x2;
+        xstate_features = fls64(pcntxt_mask);
+        xstate_offsets = alloc_bootmem(xstate_features * sizeof(int));
+        xstate_sizes = alloc_bootmem(xstate_features * sizeof(int));
+        do {
+                cpuid_count(XSTATE_CPUID, leaf, &eax, &ebx, &ecx, &edx);
+                if (eax == 0)
+                        break;
+                xstate_offsets[leaf] = ebx;
+                xstate_sizes[leaf] = eax;
+                leaf++;
+        } while (1);
+}
+/*
 * setup the xstate image representing the init state
 */
 static void __init setup_xstate_init(void)
 {
+        setup_xstate_features();
+        /*
+         * Setup init_xstate_buf to represent the init state of
+         * all the features managed by the xsave
+         */
        init_xstate_buf = alloc_bootmem(xstate_size);
        init_xstate_buf->i387.mxcsr = MXCSR_DEFAULT;
+        clts();
+        /*
+         * Init all the features state with header_bv being 0x0
+         */
+        xrstor_state(init_xstate_buf, -1);
+        /*
+         * Dump the init state again. This is to identify the init state
+         * of any feature which is not represented by all zero's.
+         */
+        xsave_state(init_xstate_buf, -1);
+        stts();
 }
 /*
 * Enable and initialize the xsave feature.
 */
-void __ref xsave_cntxt_init(void)
+static void __init xstate_enable_boot_cpu(void)
 {
        unsigned int eax, ebx, ecx, edx;
-        cpuid_count(0xd, 0, &eax, &ebx, &ecx, &edx);
+        if (boot_cpu_data.cpuid_level < XSTATE_CPUID) {
+                WARN(1, KERN_ERR "XSTATE_CPUID missing\n");
+                return;
+        }
+        cpuid_count(XSTATE_CPUID, 0, &eax, &ebx, &ecx, &edx);
        pcntxt_mask = eax + ((u64)edx << 32);
        if ((pcntxt_mask & XSTATE_FPSSE) != XSTATE_FPSSE) {
@@ -329,12 +435,13 @@ void __ref xsave_cntxt_init(void)
         * Support only the state known to OS.
         */
        pcntxt_mask = pcntxt_mask & XCNTXT_MASK;
-        xsave_init();
+        xstate_enable();
        /*
         * Recompute the context size for enabled features
         */
-        cpuid_count(0xd, 0, &eax, &ebx, &ecx, &edx);
+        cpuid_count(XSTATE_CPUID, 0, &eax, &ebx, &ecx, &edx);
        xstate_size = ebx;
        update_regset_xstate_info(xstate_size, pcntxt_mask);
@@ -346,3 +453,23 @@ void __ref xsave_cntxt_init(void)
               "cntxt size 0x%x\n",
               pcntxt_mask, xstate_size);
 }
+/*
+ * For the very first instance, this calls xstate_enable_boot_cpu();
+ * for all subsequent instances, this calls xstate_enable().
+ *
+ * This is somewhat obfuscated due to the lack of powerful enough
+ * overrides for the section checks.
+ */
+void __cpuinit xsave_init(void)
+{
+        static __refdata void (*next_func)(void) = xstate_enable_boot_cpu;
+        void (*this_func)(void);
+        if (!cpu_has_xsave)
+                return;
+        this_func = next_func;
+        next_func = xstate_enable;
+        this_func();
+}

diff --git a/arch/x86/kernel/xsave.c b/arch/x86/kernel/xsave.c index 37e68fc5e24a..9c253bd65e24 100644 --- a/arch/x86/kernel/xsave.c +++ b/arch/x86/kernel/xsave.c
@@ -16,11 +16,88 @@
16	*/	16	*/
17	u64 pcntxt_mask;	17	u64 pcntxt_mask;
18		18
		19	/*
		20	* Represents init state for the supported extended state.
		21	*/
		22	static struct xsave_struct *init_xstate_buf;
		23
19	struct _fpx_sw_bytes fx_sw_reserved;	24	struct _fpx_sw_bytes fx_sw_reserved;
20	#ifdef CONFIG_IA32_EMULATION	25	#ifdef CONFIG_IA32_EMULATION
21	struct _fpx_sw_bytes fx_sw_reserved_ia32;	26	struct _fpx_sw_bytes fx_sw_reserved_ia32;
22	#endif	27	#endif
23		28
		29	static unsigned int xstate_offsets, xstate_sizes, xstate_features;
		30
		31	/*
		32	* If a processor implementation discern that a processor state component is
		33	* in its initialized state it may modify the corresponding bit in the
		34	* xsave_hdr.xstate_bv as '0', with out modifying the corresponding memory
		35	* layout in the case of xsaveopt. While presenting the xstate information to
		36	* the user, we always ensure that the memory layout of a feature will be in
		37	* the init state if the corresponding header bit is zero. This is to ensure
		38	* that the user doesn't see some stale state in the memory layout during
		39	* signal handling, debugging etc.
		40	*/
		41	void __sanitize_i387_state(struct task_struct *tsk)
		42	{
		43	u64 xstate_bv;
		44	int feature_bit = 0x2;
		45	struct i387_fxsave_struct *fx = &tsk->thread.fpu.state->fxsave;
		46
		47	if (!fx)
		48	return;
		49
		50	BUG_ON(task_thread_info(tsk)->status & TS_USEDFPU);
		51
		52	xstate_bv = tsk->thread.fpu.state->xsave.xsave_hdr.xstate_bv;
		53
		54	/*
		55	* None of the feature bits are in init state. So nothing else
		56	* to do for us, as the memory layout is upto date.
		57	*/
		58	if ((xstate_bv & pcntxt_mask) == pcntxt_mask)
		59	return;
		60
		61	/*
		62	* FP is in init state
		63	*/
		64	if (!(xstate_bv & XSTATE_FP)) {
		65	fx->cwd = 0x37f;
		66	fx->swd = 0;
		67	fx->twd = 0;
		68	fx->fop = 0;
		69	fx->rip = 0;
		70	fx->rdp = 0;
		71	memset(&fx->st_space[0], 0, 128);
		72	}
		73
		74	/*
		75	* SSE is in init state
		76	*/
		77	if (!(xstate_bv & XSTATE_SSE))
		78	memset(&fx->xmm_space[0], 0, 256);
		79
		80	xstate_bv = (pcntxt_mask & ~xstate_bv) >> 2;
		81
		82	/*
		83	* Update all the other memory layouts for which the corresponding
		84	* header bit is in the init state.
		85	*/
		86	while (xstate_bv) {
		87	if (xstate_bv & 0x1) {
		88	int offset = xstate_offsets[feature_bit];
		89	int size = xstate_sizes[feature_bit];
		90
		91	memcpy(((void *) fx) + offset,
		92	((void *) init_xstate_buf) + offset,
		93	size);
		94	}
		95
		96	xstate_bv >>= 1;
		97	feature_bit++;
		98	}
		99	}
		100
24	/*	101	/*
25	* Check for the presence of extended state information in the	102	* Check for the presence of extended state information in the
26	* user fpstate pointer in the sigcontext.	103	* user fpstate pointer in the sigcontext.
@@ -36,15 +113,14 @@ int check_for_xstate(struct i387_fxsave_struct __user *buf,
36		113
37	err = __copy_from_user(fx_sw_user, &buf->sw_reserved[0],	114	err = __copy_from_user(fx_sw_user, &buf->sw_reserved[0],
38	sizeof(struct _fpx_sw_bytes));	115	sizeof(struct _fpx_sw_bytes));
39
40	if (err)	116	if (err)
41	return err;	117	return -EFAULT;
42		118
43	/*	119	/*
44	* First Magic check failed.	120	* First Magic check failed.
45	*/	121	*/
46	if (fx_sw_user->magic1 != FP_XSTATE_MAGIC1)	122	if (fx_sw_user->magic1 != FP_XSTATE_MAGIC1)
47	return -1;	123	return -EINVAL;
48		124
49	/*	125	/*
50	* Check for error scenarios.	126	* Check for error scenarios.
@@ -52,19 +128,21 @@ int check_for_xstate(struct i387_fxsave_struct __user *buf,
52	if (fx_sw_user->xstate_size < min_xstate_size \|\|	128	if (fx_sw_user->xstate_size < min_xstate_size \|\|
53	fx_sw_user->xstate_size > xstate_size \|\|	129	fx_sw_user->xstate_size > xstate_size \|\|
54	fx_sw_user->xstate_size > fx_sw_user->extended_size)	130	fx_sw_user->xstate_size > fx_sw_user->extended_size)
55	return -1;	131	return -EINVAL;
56		132
57	err = __get_user(magic2, (__u32 ) (((void )fpstate) +	133	err = __get_user(magic2, (__u32 ) (((void )fpstate) +
58	fx_sw_user->extended_size -	134	fx_sw_user->extended_size -
59	FP_XSTATE_MAGIC2_SIZE));	135	FP_XSTATE_MAGIC2_SIZE));
		136	if (err)
		137	return err;
60	/*	138	/*
61	* Check for the presence of second magic word at the end of memory	139	* Check for the presence of second magic word at the end of memory
62	* layout. This detects the case where the user just copied the legacy	140	* layout. This detects the case where the user just copied the legacy
63	* fpstate layout with out copying the extended state information	141	* fpstate layout with out copying the extended state information
64	* in the memory layout.	142	* in the memory layout.
65	*/	143	*/
66	if (err \|\| magic2 != FP_XSTATE_MAGIC2)	144	if (magic2 != FP_XSTATE_MAGIC2)
67	return -1;	145	return -EFAULT;
68		146
69	return 0;	147	return 0;
70	}	148	}
@@ -91,14 +169,6 @@ int save_i387_xstate(void __user *buf)
91	return 0;	169	return 0;
92		170
93	if (task_thread_info(tsk)->status & TS_USEDFPU) {	171	if (task_thread_info(tsk)->status & TS_USEDFPU) {
94	/*
95	* Start with clearing the user buffer. This will present a
96	* clean context for the bytes not touched by the fxsave/xsave.
97	*/
98	err = __clear_user(buf, sig_xstate_size);
99	if (err)
100	return err;
101
102	if (use_xsave())	172	if (use_xsave())
103	err = xsave_user(buf);	173	err = xsave_user(buf);
104	else	174	else
@@ -109,6 +179,7 @@ int save_i387_xstate(void __user *buf)
109	task_thread_info(tsk)->status &= ~TS_USEDFPU;	179	task_thread_info(tsk)->status &= ~TS_USEDFPU;
110	stts();	180	stts();
111	} else {	181	} else {
		182	sanitize_i387_state(tsk);
112	if (__copy_to_user(buf, &tsk->thread.fpu.state->fxsave,	183	if (__copy_to_user(buf, &tsk->thread.fpu.state->fxsave,
113	xstate_size))	184	xstate_size))
114	return -1;	185	return -1;
@@ -184,8 +255,8 @@ static int restore_user_xstate(void __user *buf)
184	* init the state skipped by the user.	255	* init the state skipped by the user.
185	*/	256	*/
186	mask = pcntxt_mask & ~mask;	257	mask = pcntxt_mask & ~mask;
187		258	if (unlikely(mask))
188	xrstor_state(init_xstate_buf, mask);	259	xrstor_state(init_xstate_buf, mask);
189		260
190	return 0;	261	return 0;
191		262
@@ -274,11 +345,6 @@ static void prepare_fx_sw_frame(void)
274	#endif	345	#endif
275	}	346	}
276		347
277	/*
278	* Represents init state for the supported extended state.
279	*/
280	struct xsave_struct *init_xstate_buf;
281
282	#ifdef CONFIG_X86_64	348	#ifdef CONFIG_X86_64
283	unsigned int sig_xstate_size = sizeof(struct _fpstate);	349	unsigned int sig_xstate_size = sizeof(struct _fpstate);
284	#endif	350	#endif
@@ -286,37 +352,77 @@ unsigned int sig_xstate_size = sizeof(struct _fpstate);
286	/*	352	/*
287	* Enable the extended processor state save/restore feature	353	* Enable the extended processor state save/restore feature
288	*/	354	*/
289	void __cpuinit xsave_init(void)	355	static inline void xstate_enable(void)
290	{	356	{
291	if (!cpu_has_xsave)
292	return;
293
294	set_in_cr4(X86_CR4_OSXSAVE);	357	set_in_cr4(X86_CR4_OSXSAVE);
295
296	/*
297	* Enable all the features that the HW is capable of
298	* and the Linux kernel is aware of.
299	*/
300	xsetbv(XCR_XFEATURE_ENABLED_MASK, pcntxt_mask);	358	xsetbv(XCR_XFEATURE_ENABLED_MASK, pcntxt_mask);
301	}	359	}
302		360
303	/*	361	/*
		362	* Record the offsets and sizes of different state managed by the xsave
		363	* memory layout.
		364	*/
		365	static void __init setup_xstate_features(void)
		366	{
		367	int eax, ebx, ecx, edx, leaf = 0x2;
		368
		369	xstate_features = fls64(pcntxt_mask);
		370	xstate_offsets = alloc_bootmem(xstate_features * sizeof(int));
		371	xstate_sizes = alloc_bootmem(xstate_features * sizeof(int));
		372
		373	do {
		374	cpuid_count(XSTATE_CPUID, leaf, &eax, &ebx, &ecx, &edx);
		375
		376	if (eax == 0)
		377	break;
		378
		379	xstate_offsets[leaf] = ebx;
		380	xstate_sizes[leaf] = eax;
		381
		382	leaf++;
		383	} while (1);
		384	}
		385
		386	/*
304	* setup the xstate image representing the init state	387	* setup the xstate image representing the init state
305	*/	388	*/
306	static void __init setup_xstate_init(void)	389	static void __init setup_xstate_init(void)
307	{	390	{
		391	setup_xstate_features();
		392
		393	/*
		394	* Setup init_xstate_buf to represent the init state of
		395	* all the features managed by the xsave
		396	*/
308	init_xstate_buf = alloc_bootmem(xstate_size);	397	init_xstate_buf = alloc_bootmem(xstate_size);
309	init_xstate_buf->i387.mxcsr = MXCSR_DEFAULT;	398	init_xstate_buf->i387.mxcsr = MXCSR_DEFAULT;
		399
		400	clts();
		401	/*
		402	* Init all the features state with header_bv being 0x0
		403	*/
		404	xrstor_state(init_xstate_buf, -1);
		405	/*
		406	* Dump the init state again. This is to identify the init state
		407	* of any feature which is not represented by all zero's.
		408	*/
		409	xsave_state(init_xstate_buf, -1);
		410	stts();
310	}	411	}
311		412
312	/*	413	/*
313	* Enable and initialize the xsave feature.	414	* Enable and initialize the xsave feature.
314	*/	415	*/
315	void __ref xsave_cntxt_init(void)	416	static void __init xstate_enable_boot_cpu(void)
316	{	417	{
317	unsigned int eax, ebx, ecx, edx;	418	unsigned int eax, ebx, ecx, edx;
318		419
319	cpuid_count(0xd, 0, &eax, &ebx, &ecx, &edx);	420	if (boot_cpu_data.cpuid_level < XSTATE_CPUID) {
		421	WARN(1, KERN_ERR "XSTATE_CPUID missing\n");
		422	return;
		423	}
		424
		425	cpuid_count(XSTATE_CPUID, 0, &eax, &ebx, &ecx, &edx);
320	pcntxt_mask = eax + ((u64)edx << 32);	426	pcntxt_mask = eax + ((u64)edx << 32);
321		427
322	if ((pcntxt_mask & XSTATE_FPSSE) != XSTATE_FPSSE) {	428	if ((pcntxt_mask & XSTATE_FPSSE) != XSTATE_FPSSE) {
@@ -329,12 +435,13 @@ void __ref xsave_cntxt_init(void)
329	* Support only the state known to OS.	435	* Support only the state known to OS.
330	*/	436	*/
331	pcntxt_mask = pcntxt_mask & XCNTXT_MASK;	437	pcntxt_mask = pcntxt_mask & XCNTXT_MASK;
332	xsave_init();	438
		439	xstate_enable();
333		440
334	/*	441	/*
335	* Recompute the context size for enabled features	442	* Recompute the context size for enabled features
336	*/	443	*/
337	cpuid_count(0xd, 0, &eax, &ebx, &ecx, &edx);	444	cpuid_count(XSTATE_CPUID, 0, &eax, &ebx, &ecx, &edx);
338	xstate_size = ebx;	445	xstate_size = ebx;
339		446
340	update_regset_xstate_info(xstate_size, pcntxt_mask);	447	update_regset_xstate_info(xstate_size, pcntxt_mask);
@@ -346,3 +453,23 @@ void __ref xsave_cntxt_init(void)
346	"cntxt size 0x%x\n",	453	"cntxt size 0x%x\n",
347	pcntxt_mask, xstate_size);	454	pcntxt_mask, xstate_size);
348	}	455	}
		456
		457	/*
		458	* For the very first instance, this calls xstate_enable_boot_cpu();
		459	* for all subsequent instances, this calls xstate_enable().
		460	*
		461	* This is somewhat obfuscated due to the lack of powerful enough
		462	* overrides for the section checks.
		463	*/
		464	void __cpuinit xsave_init(void)
		465	{
		466	static __refdata void (*next_func)(void) = xstate_enable_boot_cpu;
		467	void (*this_func)(void);
		468
		469	if (!cpu_has_xsave)
		470	return;
		471
		472	this_func = next_func;
		473	next_func = xstate_enable;
		474	this_func();
		475	}