x86/fpu/signal: Move header zeroing out of xsave_to_user_sigframe()

mainline inclusion from mainline-v5.16-rc1 commit 4164a482 category: feature bugzilla: https://gitee.com/openeuler/intel-kernel/issues/I590ZC CVE: NA Intel-SIG: commit 4164a482 x86/fpu/signal: Move header zeroing out of xsave_to_user_sigframe(). -------------------------------- There is no reason to have the header zeroing in the pagefault disabled region. Do it upfront once. Signed-off-by: N Thomas Gleixner <tglx@linutronix.de> Signed-off-by: N Borislav Petkov <bp@suse.de> Link: https://lkml.kernel.org/r/20210908132525.621674721@linutronix.deSigned-off-by: N Lin Wang <lin.x.wang@intel.com> Signed-off-by: N Aichun Shi <aichun.shi@intel.com>

x86/fpu/signal: Move header zeroing out of xsave_to_user_sigframe()
mainline inclusion from mainline-v5.16-rc1 commit 4164a482 category: feature bugzilla: https://gitee.com/openeuler/intel-kernel/issues/I590ZC CVE: NA Intel-SIG: commit 4164a482 x86/fpu/signal: Move header zeroing out of xsave_to_user_sigframe(). -------------------------------- There is no reason to have the header zeroing in the pagefault disabled region. Do it upfront once. Signed-off-by: N Thomas Gleixner <tglx@linutronix.de> Signed-off-by: N Borislav Petkov <bp@suse.de> Link: https://lkml.kernel.org/r/20210908132525.621674721@linutronix.deSigned-off-by: N Lin Wang <lin.x.wang@intel.com> Signed-off-by: N Aichun Shi <aichun.shi@intel.com>
d17d90fa · Thomas Gleixner · Aichun Shi · 3638ba40 · d17d90fa · d17d90fa
隐藏空白更改
内联并排

Showing with 18 addition and 11 deletion

arch/x86/include/asm/fpu/internal.h arch/x86/include/asm/fpu/internal.h +6 -11

arch/x86/kernel/fpu/signal.c arch/x86/kernel/fpu/signal.c +12 -0

未找到文件。
--- a/arch/x86/include/asm/fpu/internal.h
+++ b/arch/x86/include/asm/fpu/internal.h
@@ -326,9 +326,12 @@ static inline void os_xrstor(struct xregs_state *xstate, u64 mask)
 * We don't use modified optimization because xrstor/xrstors might track
 * a different application.
 *
- * We don't use compacted format xsave area for
- * backward compatibility for old applications which don't understand
- * compacted format of xsave area.
+ * We don't use compacted format xsave area for backward compatibility for
+ * old applications which don't understand the compacted format of the
+ * xsave area.
+ *
+ * The caller has to zero buf::header before calling this because XSAVE*
+ * does not touch the reserved fields in the header.
 */
 static inline int xsave_to_user_sigframe(struct xregs_state __user *buf)
 {
@@ -342,14 +345,6 @@ static inline int xsave_to_user_sigframe(struct xregs_state __user *buf)
 	u32 hmask = mask >> 32;
 	int err;

-	/*
-	 * Clear the xsave header first, so that reserved fields are
-	 * initialized to zero.
-	 */
-	err = __clear_user(&buf->header, sizeof(buf->header));
-	if (unlikely(err))
-		return -EFAULT;
-
 	stac();
 	XSTATE_OP(XSAVE, buf, lmask, hmask, err);
 	clac();

--- a/arch/x86/kernel/fpu/signal.c
+++ b/arch/x86/kernel/fpu/signal.c
@@ -189,6 +189,18 @@ int copy_fpstate_to_sigframe(void __user *buf, void __user *buf_fx, int size)

 	if (!access_ok(buf, size))
 		return -EACCES;
+
+	if (use_xsave()) {
+		struct xregs_state __user *xbuf = buf_fx;
+
+		/*
+		 * Clear the xsave header first, so that reserved fields are
+		 * initialized to zero.
+		 */
+		ret = __clear_user(&xbuf->header, sizeof(xbuf->header));
+		if (unlikely(ret))
+			return ret;
+	}
 retry:
 	/*
 	 * Load the FPU registers if they are not valid for the current task.