| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | /* $NetBSD: fpu.c,v 1.68 2020/07/13 16:51:51 riastradh Exp $ */ | | 1 | /* $NetBSD: fpu.c,v 1.69 2020/07/20 16:37:34 riastradh Exp $ */ |
2 | | | 2 | |
3 | /* | | 3 | /* |
4 | * Copyright (c) 2008, 2019 The NetBSD Foundation, Inc. All | | 4 | * Copyright (c) 2008, 2019 The NetBSD Foundation, Inc. All |
5 | * rights reserved. | | 5 | * rights reserved. |
6 | * | | 6 | * |
7 | * This code is derived from software developed for The NetBSD Foundation | | 7 | * This code is derived from software developed for The NetBSD Foundation |
8 | * by Andrew Doran and Maxime Villard. | | 8 | * by Andrew Doran and Maxime Villard. |
9 | * | | 9 | * |
10 | * Redistribution and use in source and binary forms, with or without | | 10 | * Redistribution and use in source and binary forms, with or without |
11 | * modification, are permitted provided that the following conditions | | 11 | * modification, are permitted provided that the following conditions |
12 | * are met: | | 12 | * are met: |
13 | * 1. Redistributions of source code must retain the above copyright | | 13 | * 1. Redistributions of source code must retain the above copyright |
14 | * notice, this list of conditions and the following disclaimer. | | 14 | * notice, this list of conditions and the following disclaimer. |
| @@ -86,27 +86,27 @@ | | | @@ -86,27 +86,27 @@ |
86 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | | 86 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE |
87 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | | 87 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
88 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | | 88 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
89 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | | 89 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
90 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | | 90 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
91 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | | 91 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
92 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | | 92 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
93 | * SUCH DAMAGE. | | 93 | * SUCH DAMAGE. |
94 | * | | 94 | * |
95 | * @(#)npx.c 7.2 (Berkeley) 5/12/91 | | 95 | * @(#)npx.c 7.2 (Berkeley) 5/12/91 |
96 | */ | | 96 | */ |
97 | | | 97 | |
98 | #include <sys/cdefs.h> | | 98 | #include <sys/cdefs.h> |
99 | __KERNEL_RCSID(0, "$NetBSD: fpu.c,v 1.68 2020/07/13 16:51:51 riastradh Exp $"); | | 99 | __KERNEL_RCSID(0, "$NetBSD: fpu.c,v 1.69 2020/07/20 16:37:34 riastradh Exp $"); |
100 | | | 100 | |
101 | #include "opt_multiprocessor.h" | | 101 | #include "opt_multiprocessor.h" |
102 | | | 102 | |
103 | #include <sys/param.h> | | 103 | #include <sys/param.h> |
104 | #include <sys/systm.h> | | 104 | #include <sys/systm.h> |
105 | #include <sys/conf.h> | | 105 | #include <sys/conf.h> |
106 | #include <sys/cpu.h> | | 106 | #include <sys/cpu.h> |
107 | #include <sys/file.h> | | 107 | #include <sys/file.h> |
108 | #include <sys/proc.h> | | 108 | #include <sys/proc.h> |
109 | #include <sys/kernel.h> | | 109 | #include <sys/kernel.h> |
110 | #include <sys/sysctl.h> | | 110 | #include <sys/sysctl.h> |
111 | #include <sys/xcall.h> | | 111 | #include <sys/xcall.h> |
112 | | | 112 | |
| @@ -411,48 +411,44 @@ fpu_kern_enter(void) | | | @@ -411,48 +411,44 @@ fpu_kern_enter(void) |
411 | */ | | 411 | */ |
412 | clts(); | | 412 | clts(); |
413 | } | | 413 | } |
414 | | | 414 | |
415 | /* | | 415 | /* |
416 | * fpu_kern_leave() | | 416 | * fpu_kern_leave() |
417 | * | | 417 | * |
418 | * End using the FPU after fpu_kern_enter(). | | 418 | * End using the FPU after fpu_kern_enter(). |
419 | */ | | 419 | */ |
420 | void | | 420 | void |
421 | fpu_kern_leave(void) | | 421 | fpu_kern_leave(void) |
422 | { | | 422 | { |
423 | static const union savefpu zero_fpu __aligned(64); | | 423 | static const union savefpu zero_fpu __aligned(64); |
424 | const union savefpu *savefpu; | | | |
425 | struct lwp *l = curlwp; | | | |
426 | struct pcb *pcb; | | | |
427 | struct cpu_info *ci = curcpu(); | | 424 | struct cpu_info *ci = curcpu(); |
428 | int s; | | 425 | int s; |
429 | | | 426 | |
430 | KASSERT(ci->ci_ilevel == IPL_VM); | | 427 | KASSERT(ci->ci_ilevel == IPL_VM); |
431 | KASSERT(ci->ci_kfpu_spl != -1); | | 428 | KASSERT(ci->ci_kfpu_spl != -1); |
432 | | | 429 | |
433 | /* | | 430 | /* |
434 | * Restore the FPU state immediately to avoid leaking any | | 431 | * Zero the fpu registers; otherwise we might leak secrets |
435 | * kernel secrets, or zero it if this is a kthread. | | 432 | * through Spectre-class attacks to userland, even if there are |
| | | 433 | * no bugs in fpu state management. |
436 | */ | | 434 | */ |
437 | if ((l->l_pflag & LP_INTR) && (l->l_switchto != NULL)) | | 435 | fpu_area_restore(&zero_fpu, x86_xsave_features); |
438 | l = l->l_switchto; | | 436 | |
439 | if (l->l_flag & LW_SYSTEM) { | | 437 | /* |
440 | savefpu = &zero_fpu; | | 438 | * Set CR0_TS again so that the kernel can't accidentally use |
441 | } else { | | 439 | * the FPU. |
442 | pcb = lwp_getpcb(l); | | 440 | */ |
443 | savefpu = &pcb->pcb_savefpu; | | 441 | stts(); |
444 | } | | | |
445 | fpu_area_restore(savefpu, x86_xsave_features); | | | |
446 | | | 442 | |
447 | s = ci->ci_kfpu_spl; | | 443 | s = ci->ci_kfpu_spl; |
448 | ci->ci_kfpu_spl = -1; | | 444 | ci->ci_kfpu_spl = -1; |
449 | splx(s); | | 445 | splx(s); |
450 | } | | 446 | } |
451 | | | 447 | |
452 | /* -------------------------------------------------------------------------- */ | | 448 | /* -------------------------------------------------------------------------- */ |
453 | | | 449 | |
454 | /* | | 450 | /* |
455 | * The following table is used to ensure that the FPE_... value | | 451 | * The following table is used to ensure that the FPE_... value |
456 | * that is passed as a trapcode to the signal handler of the user | | 452 | * that is passed as a trapcode to the signal handler of the user |
457 | * process does not have more than one bit set. | | 453 | * process does not have more than one bit set. |
458 | * | | 454 | * |