Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
torvalds
GitHub Repository: torvalds/linux
 Path: blob/master/arch/x86/kernel/fpu/signal.c
26481 views
1
// SPDX-License-Identifier: GPL-2.0

2
/*

3
 * FPU signal frame handling routines.

4
 */

5


6
#include <linux/compat.h>

7
#include <linux/cpu.h>

8
#include <linux/pagemap.h>

9


10
#include <asm/fpu/signal.h>

11
#include <asm/fpu/regset.h>

12
#include <asm/fpu/xstate.h>

13


14
#include <asm/sigframe.h>

15
#include <asm/trapnr.h>

16
#include <asm/trace/fpu.h>

17


18
#include "context.h"

19
#include "internal.h"

20
#include "legacy.h"

21
#include "xstate.h"

22


23
/*

24
 * Check for the presence of extended state information in the

25
 * user fpstate pointer in the sigcontext.

26
 */

27
static inline bool check_xstate_in_sigframe(struct fxregs_state __user *fxbuf,

28
					    struct _fpx_sw_bytes *fx_sw)

29
{

30
	void __user *fpstate = fxbuf;

31
	unsigned int magic2;

32


33
	if (__copy_from_user(fx_sw, &fxbuf->sw_reserved[0], sizeof(*fx_sw)))

34
		return false;

35


36
	/* Check for the first magic field */

37
	if (fx_sw->magic1 != FP_XSTATE_MAGIC1)

38
		goto setfx;

39


40
	/*

41
	 * Check for the presence of second magic word at the end of memory

42
	 * layout. This detects the case where the user just copied the legacy

43
	 * fpstate layout with out copying the extended state information

44
	 * in the memory layout.

45
	 */

46
	if (__get_user(magic2, (__u32 __user *)(fpstate + x86_task_fpu(current)->fpstate->user_size)))

47
		return false;

48


49
	if (likely(magic2 == FP_XSTATE_MAGIC2))

50
		return true;

51
setfx:

52
	trace_x86_fpu_xstate_check_failed(x86_task_fpu(current));

53


54
	/* Set the parameters for fx only state */

55
	fx_sw->magic1 = 0;

56
	fx_sw->xstate_size = sizeof(struct fxregs_state);

57
	fx_sw->xfeatures = XFEATURE_MASK_FPSSE;

58
	return true;

59
}

60


61
/*

62
 * Signal frame handlers.

63
 */

64
static inline bool save_fsave_header(struct task_struct *tsk, void __user *buf)

65
{

66
	if (use_fxsr()) {

67
		struct xregs_state *xsave = &x86_task_fpu(tsk)->fpstate->regs.xsave;

68
		struct user_i387_ia32_struct env;

69
		struct _fpstate_32 __user *fp = buf;

70


71
		fpregs_lock();

72
		if (!test_thread_flag(TIF_NEED_FPU_LOAD))

73
			fxsave(&x86_task_fpu(tsk)->fpstate->regs.fxsave);

74
		fpregs_unlock();

75


76
		convert_from_fxsr(&env, tsk);

77


78
		if (__copy_to_user(buf, &env, sizeof(env)) ||

79
		    __put_user(xsave->i387.swd, &fp->status) ||

80
		    __put_user(X86_FXSR_MAGIC, &fp->magic))

81
			return false;

82
	} else {

83
		struct fregs_state __user *fp = buf;

84
		u32 swd;

85


86
		if (__get_user(swd, &fp->swd) || __put_user(swd, &fp->status))

87
			return false;

88
	}

89


90
	return true;

91
}

92


93
/*

94
 * Prepare the SW reserved portion of the fxsave memory layout, indicating

95
 * the presence of the extended state information in the memory layout

96
 * pointed to by the fpstate pointer in the sigcontext.

97
 * This is saved when ever the FP and extended state context is

98
 * saved on the user stack during the signal handler delivery to the user.

99
 */

100
static inline void save_sw_bytes(struct _fpx_sw_bytes *sw_bytes, bool ia32_frame,

101
				 struct fpstate *fpstate)

102
{

103
	sw_bytes->magic1 = FP_XSTATE_MAGIC1;

104
	sw_bytes->extended_size = fpstate->user_size + FP_XSTATE_MAGIC2_SIZE;

105
	sw_bytes->xfeatures = fpstate->user_xfeatures;

106
	sw_bytes->xstate_size = fpstate->user_size;

107


108
	if (ia32_frame)

109
		sw_bytes->extended_size += sizeof(struct fregs_state);

110
}

111


112
static inline bool save_xstate_epilog(void __user *buf, int ia32_frame,

113
				      struct fpstate *fpstate)

114
{

115
	struct xregs_state __user *x = buf;

116
	struct _fpx_sw_bytes sw_bytes = {};

117
	int err;

118


119
	/* Setup the bytes not touched by the [f]xsave and reserved for SW. */

120
	save_sw_bytes(&sw_bytes, ia32_frame, fpstate);

121
	err = __copy_to_user(&x->i387.sw_reserved, &sw_bytes, sizeof(sw_bytes));

122


123
	if (!use_xsave())

124
		return !err;

125


126
	err |= __put_user(FP_XSTATE_MAGIC2,

127
			  (__u32 __user *)(buf + fpstate->user_size));

128


129
	/*

130
	 * For legacy compatible, we always set FP/SSE bits in the bit

131
	 * vector while saving the state to the user context. This will

132
	 * enable us capturing any changes(during sigreturn) to

133
	 * the FP/SSE bits by the legacy applications which don't touch

134
	 * xfeatures in the xsave header.

135
	 *

136
	 * xsave aware apps can change the xfeatures in the xsave

137
	 * header as well as change any contents in the memory layout.

138
	 * xrestore as part of sigreturn will capture all the changes.

139
	 */

140
	err |= set_xfeature_in_sigframe(x, XFEATURE_MASK_FPSSE);

141


142
	return !err;

143
}

144


145
static inline int copy_fpregs_to_sigframe(struct xregs_state __user *buf, u32 pkru)

146
{

147
	if (use_xsave())

148
		return xsave_to_user_sigframe(buf, pkru);

149


150
	if (use_fxsr())

151
		return fxsave_to_user_sigframe((struct fxregs_state __user *) buf);

152
	else

153
		return fnsave_to_user_sigframe((struct fregs_state __user *) buf);

154
}

155


156
/*

157
 * Save the fpu, extended register state to the user signal frame.

158
 *

159
 * 'buf_fx' is the 64-byte aligned pointer at which the [f|fx|x]save

160
 *  state is copied.

161
 *  'buf' points to the 'buf_fx' or to the fsave header followed by 'buf_fx'.

162
 *

163
 *	buf == buf_fx for 64-bit frames and 32-bit fsave frame.

164
 *	buf != buf_fx for 32-bit frames with fxstate.

165
 *

166
 * Save it directly to the user frame with disabled page fault handler. If

167
 * that faults, try to clear the frame which handles the page fault.

168
 *

169
 * If this is a 32-bit frame with fxstate, put a fsave header before

170
 * the aligned state at 'buf_fx'.

171
 *

172
 * For [f]xsave state, update the SW reserved fields in the [f]xsave frame

173
 * indicating the absence/presence of the extended state to the user.

174
 */

175
bool copy_fpstate_to_sigframe(void __user *buf, void __user *buf_fx, int size, u32 pkru)

176
{

177
	struct task_struct *tsk = current;

178
	struct fpstate *fpstate = x86_task_fpu(tsk)->fpstate;

179
	bool ia32_fxstate = (buf != buf_fx);

180
	int ret;

181


182
	ia32_fxstate &= (IS_ENABLED(CONFIG_X86_32) ||

183
			 IS_ENABLED(CONFIG_IA32_EMULATION));

184


185
	if (!static_cpu_has(X86_FEATURE_FPU)) {

186
		struct user_i387_ia32_struct fp;

187


188
		fpregs_soft_get(current, NULL, (struct membuf){.p = &fp,

189
						.left = sizeof(fp)});

190
		return !copy_to_user(buf, &fp, sizeof(fp));

191
	}

192


193
	if (!access_ok(buf, size))

194
		return false;

195


196
	if (use_xsave()) {

197
		struct xregs_state __user *xbuf = buf_fx;

198


199
		/*

200
		 * Clear the xsave header first, so that reserved fields are

201
		 * initialized to zero.

202
		 */

203
		if (__clear_user(&xbuf->header, sizeof(xbuf->header)))

204
			return false;

205
	}

206
retry:

207
	/*

208
	 * Load the FPU registers if they are not valid for the current task.

209
	 * With a valid FPU state we can attempt to save the state directly to

210
	 * userland's stack frame which will likely succeed. If it does not,

211
	 * resolve the fault in the user memory and try again.

212
	 */

213
	fpregs_lock();

214
	if (test_thread_flag(TIF_NEED_FPU_LOAD))

215
		fpregs_restore_userregs();

216


217
	pagefault_disable();

218
	ret = copy_fpregs_to_sigframe(buf_fx, pkru);

219
	pagefault_enable();

220
	fpregs_unlock();

221


222
	if (ret) {

223
		if (!__clear_user(buf_fx, fpstate->user_size))

224
			goto retry;

225
		return false;

226
	}

227


228
	/* Save the fsave header for the 32-bit frames. */

229
	if ((ia32_fxstate || !use_fxsr()) && !save_fsave_header(tsk, buf))

230
		return false;

231


232
	if (use_fxsr() && !save_xstate_epilog(buf_fx, ia32_fxstate, fpstate))

233
		return false;

234


235
	return true;

236
}

237


238
static int __restore_fpregs_from_user(void __user *buf, u64 ufeatures,

239
				      u64 xrestore, bool fx_only)

240
{

241
	if (use_xsave()) {

242
		u64 init_bv = ufeatures & ~xrestore;

243
		int ret;

244


245
		if (likely(!fx_only))

246
			ret = xrstor_from_user_sigframe(buf, xrestore);

247
		else

248
			ret = fxrstor_from_user_sigframe(buf);

249


250
		if (!ret && unlikely(init_bv))

251
			os_xrstor(&init_fpstate, init_bv);

252
		return ret;

253
	} else if (use_fxsr()) {

254
		return fxrstor_from_user_sigframe(buf);

255
	} else {

256
		return frstor_from_user_sigframe(buf);

257
	}

258
}

259


260
/*

261
 * Attempt to restore the FPU registers directly from user memory.

262
 * Pagefaults are handled and any errors returned are fatal.

263
 */

264
static bool restore_fpregs_from_user(void __user *buf, u64 xrestore, bool fx_only)

265
{

266
	struct fpu *fpu = x86_task_fpu(current);

267
	int ret;

268


269
	/* Restore enabled features only. */

270
	xrestore &= fpu->fpstate->user_xfeatures;

271
retry:

272
	fpregs_lock();

273
	/* Ensure that XFD is up to date */

274
	xfd_update_state(fpu->fpstate);

275
	pagefault_disable();

276
	ret = __restore_fpregs_from_user(buf, fpu->fpstate->user_xfeatures,

277
					 xrestore, fx_only);

278
	pagefault_enable();

279


280
	if (unlikely(ret)) {

281
		/*

282
		 * The above did an FPU restore operation, restricted to

283
		 * the user portion of the registers, and failed, but the

284
		 * microcode might have modified the FPU registers

285
		 * nevertheless.

286
		 *

287
		 * If the FPU registers do not belong to current, then

288
		 * invalidate the FPU register state otherwise the task

289
		 * might preempt current and return to user space with

290
		 * corrupted FPU registers.

291
		 */

292
		if (test_thread_flag(TIF_NEED_FPU_LOAD))

293
			__cpu_invalidate_fpregs_state();

294
		fpregs_unlock();

295


296
		/* Try to handle #PF, but anything else is fatal. */

297
		if (ret != X86_TRAP_PF)

298
			return false;

299


300
		if (!fault_in_readable(buf, fpu->fpstate->user_size))

301
			goto retry;

302
		return false;

303
	}

304


305
	/*

306
	 * Restore supervisor states: previous context switch etc has done

307
	 * XSAVES and saved the supervisor states in the kernel buffer from

308
	 * which they can be restored now.

309
	 *

310
	 * It would be optimal to handle this with a single XRSTORS, but

311
	 * this does not work because the rest of the FPU registers have

312
	 * been restored from a user buffer directly.

313
	 */

314
	if (test_thread_flag(TIF_NEED_FPU_LOAD) && xfeatures_mask_supervisor())

315
		os_xrstor_supervisor(fpu->fpstate);

316


317
	fpregs_mark_activate();

318
	fpregs_unlock();

319
	return true;

320
}

321


322
static bool __fpu_restore_sig(void __user *buf, void __user *buf_fx,

323
			      bool ia32_fxstate)

324
{

325
	struct task_struct *tsk = current;

326
	struct fpu *fpu = x86_task_fpu(tsk);

327
	struct user_i387_ia32_struct env;

328
	bool success, fx_only = false;

329
	union fpregs_state *fpregs;

330
	u64 user_xfeatures = 0;

331


332
	if (use_xsave()) {

333
		struct _fpx_sw_bytes fx_sw_user;

334


335
		if (!check_xstate_in_sigframe(buf_fx, &fx_sw_user))

336
			return false;

337


338
		fx_only = !fx_sw_user.magic1;

339
		user_xfeatures = fx_sw_user.xfeatures;

340
	} else {

341
		user_xfeatures = XFEATURE_MASK_FPSSE;

342
	}

343


344
	if (likely(!ia32_fxstate)) {

345
		/* Restore the FPU registers directly from user memory. */

346
		return restore_fpregs_from_user(buf_fx, user_xfeatures, fx_only);

347
	}

348


349
	/*

350
	 * Copy the legacy state because the FP portion of the FX frame has

351
	 * to be ignored for histerical raisins. The legacy state is folded

352
	 * in once the larger state has been copied.

353
	 */

354
	if (__copy_from_user(&env, buf, sizeof(env)))

355
		return false;

356


357
	/*

358
	 * By setting TIF_NEED_FPU_LOAD it is ensured that our xstate is

359
	 * not modified on context switch and that the xstate is considered

360
	 * to be loaded again on return to userland (overriding last_cpu avoids

361
	 * the optimisation).

362
	 */

363
	fpregs_lock();

364
	if (!test_thread_flag(TIF_NEED_FPU_LOAD)) {

365
		/*

366
		 * If supervisor states are available then save the

367
		 * hardware state in current's fpstate so that the

368
		 * supervisor state is preserved. Save the full state for

369
		 * simplicity. There is no point in optimizing this by only

370
		 * saving the supervisor states and then shuffle them to

371
		 * the right place in memory. It's ia32 mode. Shrug.

372
		 */

373
		if (xfeatures_mask_supervisor())

374
			os_xsave(fpu->fpstate);

375
		set_thread_flag(TIF_NEED_FPU_LOAD);

376
	}

377
	__fpu_invalidate_fpregs_state(fpu);

378
	__cpu_invalidate_fpregs_state();

379
	fpregs_unlock();

380


381
	fpregs = &fpu->fpstate->regs;

382
	if (use_xsave() && !fx_only) {

383
		if (copy_sigframe_from_user_to_xstate(tsk, buf_fx))

384
			return false;

385
	} else {

386
		if (__copy_from_user(&fpregs->fxsave, buf_fx,

387
				     sizeof(fpregs->fxsave)))

388
			return false;

389


390
		if (IS_ENABLED(CONFIG_X86_64)) {

391
			/* Reject invalid MXCSR values. */

392
			if (fpregs->fxsave.mxcsr & ~mxcsr_feature_mask)

393
				return false;

394
		} else {

395
			/* Mask invalid bits out for historical reasons (broken hardware). */

396
			fpregs->fxsave.mxcsr &= mxcsr_feature_mask;

397
		}

398


399
		/* Enforce XFEATURE_MASK_FPSSE when XSAVE is enabled */

400
		if (use_xsave())

401
			fpregs->xsave.header.xfeatures |= XFEATURE_MASK_FPSSE;

402
	}

403


404
	/* Fold the legacy FP storage */

405
	convert_to_fxsr(&fpregs->fxsave, &env);

406


407
	fpregs_lock();

408
	if (use_xsave()) {

409
		/*

410
		 * Remove all UABI feature bits not set in user_xfeatures

411
		 * from the memory xstate header which makes the full

412
		 * restore below bring them into init state. This works for

413
		 * fx_only mode as well because that has only FP and SSE

414
		 * set in user_xfeatures.

415
		 *

416
		 * Preserve supervisor states!

417
		 */

418
		u64 mask = user_xfeatures | xfeatures_mask_supervisor();

419


420
		fpregs->xsave.header.xfeatures &= mask;

421
		success = !os_xrstor_safe(fpu->fpstate,

422
					  fpu_kernel_cfg.max_features);

423
	} else {

424
		success = !fxrstor_safe(&fpregs->fxsave);

425
	}

426


427
	if (likely(success))

428
		fpregs_mark_activate();

429


430
	fpregs_unlock();

431
	return success;

432
}

433


434
static inline unsigned int xstate_sigframe_size(struct fpstate *fpstate)

435
{

436
	unsigned int size = fpstate->user_size;

437


438
	return use_xsave() ? size + FP_XSTATE_MAGIC2_SIZE : size;

439
}

440


441
/*

442
 * Restore FPU state from a sigframe:

443
 */

444
bool fpu__restore_sig(void __user *buf, int ia32_frame)

445
{

446
	struct fpu *fpu = x86_task_fpu(current);

447
	void __user *buf_fx = buf;

448
	bool ia32_fxstate = false;

449
	bool success = false;

450
	unsigned int size;

451


452
	if (unlikely(!buf)) {

453
		fpu__clear_user_states(fpu);

454
		return true;

455
	}

456


457
	size = xstate_sigframe_size(fpu->fpstate);

458


459
	ia32_frame &= (IS_ENABLED(CONFIG_X86_32) ||

460
		       IS_ENABLED(CONFIG_IA32_EMULATION));

461


462
	/*

463
	 * Only FXSR enabled systems need the FX state quirk.

464
	 * FRSTOR does not need it and can use the fast path.

465
	 */

466
	if (ia32_frame && use_fxsr()) {

467
		buf_fx = buf + sizeof(struct fregs_state);

468
		size += sizeof(struct fregs_state);

469
		ia32_fxstate = true;

470
	}

471


472
	if (!access_ok(buf, size))

473
		goto out;

474


475
	if (!IS_ENABLED(CONFIG_X86_64) && !cpu_feature_enabled(X86_FEATURE_FPU)) {

476
		success = !fpregs_soft_set(current, NULL, 0,

477
					   sizeof(struct user_i387_ia32_struct),

478
					   NULL, buf);

479
	} else {

480
		success = __fpu_restore_sig(buf, buf_fx, ia32_fxstate);

481
	}

482


483
out:

484
	if (unlikely(!success))

485
		fpu__clear_user_states(fpu);

486
	return success;

487
}

488


489
unsigned long

490
fpu__alloc_mathframe(unsigned long sp, int ia32_frame,

491
		     unsigned long *buf_fx, unsigned long *size)

492
{

493
	unsigned long frame_size = xstate_sigframe_size(x86_task_fpu(current)->fpstate);

494


495
	*buf_fx = sp = round_down(sp - frame_size, 64);

496
	if (ia32_frame && use_fxsr()) {

497
		frame_size += sizeof(struct fregs_state);

498
		sp -= sizeof(struct fregs_state);

499
	}

500


501
	*size = frame_size;

502


503
	return sp;

504
}

505


506
unsigned long __init fpu__get_fpstate_size(void)

507
{

508
	unsigned long ret = fpu_user_cfg.max_size;

509


510
	if (use_xsave())

511
		ret += FP_XSTATE_MAGIC2_SIZE;

512


513
	/*

514
	 * This space is needed on (most) 32-bit kernels, or when a 32-bit

515
	 * app is running on a 64-bit kernel. To keep things simple, just

516
	 * assume the worst case and always include space for 'freg_state',

517
	 * even for 64-bit apps on 64-bit kernels. This wastes a bit of

518
	 * space, but keeps the code simple.

519
	 */

520
	if ((IS_ENABLED(CONFIG_IA32_EMULATION) ||

521
	     IS_ENABLED(CONFIG_X86_32)) && use_fxsr())

522
		ret += sizeof(struct fregs_state);

523


524
	return ret;

525
}

526


527


528