Message ID | 20190904045529.23002-2-gromero@linux.vnet.ibm.com (mailing list archive) |
---|---|
State | Accepted |
Commit | a8318c13e79badb92bc6640704a64cc022a6eb97 |
Headers | show |
Series | [v2,1/3] powerpc/tm: Fix FP/VMX unavailable exceptions inside a transaction | expand |
Context | Check | Description |
---|---|---|
snowpatch_ozlabs/apply_patch | success | Successfully applied on branch next (c317052c95bef1f977b023158e5aa929215f443d) |
snowpatch_ozlabs/checkpatch | warning | total: 0 errors, 0 warnings, 1 checks, 38 lines checked |
On Wed, 2019-09-04 at 04:55:28 UTC, gromero wrote: > From: Gustavo Romero <gromero@linux.ibm.com> > > When in userspace and MSR FP=0 the hardware FP state is unrelated to > the current process. This is extended for transactions where if tbegin > is run with FP=0, the hardware checkpoint FP state will also be > unrelated to the current process. Due to this, we need to ensure this > hardware checkpoint is updated with the correct state before we enable > FP for this process. ... > > This fixes CVE-2019-15031. > > Fixes: a7771176b439 ("powerpc: Don't enable FP/Altivec if not checkpointed") > Cc: stable@vger.kernel.org # 4.15+ > Signed-off-by: Gustavo Romero <gromero@linux.ibm.com> > Signed-off-by: Michael Neuling <mikey@neuling.org> Applied to powerpc fixes, thanks. https://git.kernel.org/powerpc/c/a8318c13e79badb92bc6640704a64cc022a6eb97 cheers
diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c index 437b57068cf8..7a84c9f1778e 100644 --- a/arch/powerpc/kernel/process.c +++ b/arch/powerpc/kernel/process.c @@ -101,21 +101,8 @@ static void check_if_tm_restore_required(struct task_struct *tsk) } } -static bool tm_active_with_fp(struct task_struct *tsk) -{ - return MSR_TM_ACTIVE(tsk->thread.regs->msr) && - (tsk->thread.ckpt_regs.msr & MSR_FP); -} - -static bool tm_active_with_altivec(struct task_struct *tsk) -{ - return MSR_TM_ACTIVE(tsk->thread.regs->msr) && - (tsk->thread.ckpt_regs.msr & MSR_VEC); -} #else static inline void check_if_tm_restore_required(struct task_struct *tsk) { } -static inline bool tm_active_with_fp(struct task_struct *tsk) { return false; } -static inline bool tm_active_with_altivec(struct task_struct *tsk) { return false; } #endif /* CONFIG_PPC_TRANSACTIONAL_MEM */ bool strict_msr_control; @@ -252,7 +239,7 @@ EXPORT_SYMBOL(enable_kernel_fp); static int restore_fp(struct task_struct *tsk) { - if (tsk->thread.load_fp || tm_active_with_fp(tsk)) { + if (tsk->thread.load_fp) { load_fp_state(¤t->thread.fp_state); current->thread.load_fp++; return 1; @@ -334,8 +321,7 @@ EXPORT_SYMBOL_GPL(flush_altivec_to_thread); static int restore_altivec(struct task_struct *tsk) { - if (cpu_has_feature(CPU_FTR_ALTIVEC) && - (tsk->thread.load_vec || tm_active_with_altivec(tsk))) { + if (cpu_has_feature(CPU_FTR_ALTIVEC) && (tsk->thread.load_vec)) { load_vr_state(&tsk->thread.vr_state); tsk->thread.used_vr = 1; tsk->thread.load_vec++;