1 /*
2 * xsave/xrstor support.
3 *
4 * Author: Suresh Siddha <suresh.b.siddha@intel.com>
5 */
6 #include <linux/bootmem.h>
7 #include <linux/compat.h>
8 #include <asm/i387.h>
9 #include <asm/fpu-internal.h>
10 #ifdef CONFIG_IA32_EMULATION
11 #include <asm/sigcontext32.h>
12 #endif
13 #include <asm/xcr.h>
14
15 /*
16 * Supported feature mask by the CPU and the kernel.
17 */
18 u64 pcntxt_mask;
19
20 /*
21 * Represents init state for the supported extended state.
22 */
23 static struct xsave_struct *init_xstate_buf;
24
25 struct _fpx_sw_bytes fx_sw_reserved;
26 #ifdef CONFIG_IA32_EMULATION
27 struct _fpx_sw_bytes fx_sw_reserved_ia32;
28 #endif
29
30 static unsigned int *xstate_offsets, *xstate_sizes, xstate_features;
31
32 /*
33 * If a processor implementation discern that a processor state component is
34 * in its initialized state it may modify the corresponding bit in the
35 * xsave_hdr.xstate_bv as '0', with out modifying the corresponding memory
36 * layout in the case of xsaveopt. While presenting the xstate information to
37 * the user, we always ensure that the memory layout of a feature will be in
38 * the init state if the corresponding header bit is zero. This is to ensure
39 * that the user doesn't see some stale state in the memory layout during
40 * signal handling, debugging etc.
41 */
__sanitize_i387_state(struct task_struct * tsk)42 void __sanitize_i387_state(struct task_struct *tsk)
43 {
44 u64 xstate_bv;
45 int feature_bit = 0x2;
46 struct i387_fxsave_struct *fx = &tsk->thread.fpu.state->fxsave;
47
48 if (!fx)
49 return;
50
51 BUG_ON(__thread_has_fpu(tsk));
52
53 xstate_bv = tsk->thread.fpu.state->xsave.xsave_hdr.xstate_bv;
54
55 /*
56 * None of the feature bits are in init state. So nothing else
57 * to do for us, as the memory layout is up to date.
58 */
59 if ((xstate_bv & pcntxt_mask) == pcntxt_mask)
60 return;
61
62 /*
63 * FP is in init state
64 */
65 if (!(xstate_bv & XSTATE_FP)) {
66 fx->cwd = 0x37f;
67 fx->swd = 0;
68 fx->twd = 0;
69 fx->fop = 0;
70 fx->rip = 0;
71 fx->rdp = 0;
72 memset(&fx->st_space[0], 0, 128);
73 }
74
75 /*
76 * SSE is in init state
77 */
78 if (!(xstate_bv & XSTATE_SSE))
79 memset(&fx->xmm_space[0], 0, 256);
80
81 xstate_bv = (pcntxt_mask & ~xstate_bv) >> 2;
82
83 /*
84 * Update all the other memory layouts for which the corresponding
85 * header bit is in the init state.
86 */
87 while (xstate_bv) {
88 if (xstate_bv & 0x1) {
89 int offset = xstate_offsets[feature_bit];
90 int size = xstate_sizes[feature_bit];
91
92 memcpy(((void *) fx) + offset,
93 ((void *) init_xstate_buf) + offset,
94 size);
95 }
96
97 xstate_bv >>= 1;
98 feature_bit++;
99 }
100 }
101
102 /*
103 * Check for the presence of extended state information in the
104 * user fpstate pointer in the sigcontext.
105 */
check_for_xstate(struct i387_fxsave_struct __user * buf,void __user * fpstate,struct _fpx_sw_bytes * fx_sw_user)106 int check_for_xstate(struct i387_fxsave_struct __user *buf,
107 void __user *fpstate,
108 struct _fpx_sw_bytes *fx_sw_user)
109 {
110 int min_xstate_size = sizeof(struct i387_fxsave_struct) +
111 sizeof(struct xsave_hdr_struct);
112 unsigned int magic2;
113 int err;
114
115 err = __copy_from_user(fx_sw_user, &buf->sw_reserved[0],
116 sizeof(struct _fpx_sw_bytes));
117 if (err)
118 return -EFAULT;
119
120 /*
121 * First Magic check failed.
122 */
123 if (fx_sw_user->magic1 != FP_XSTATE_MAGIC1)
124 return -EINVAL;
125
126 /*
127 * Check for error scenarios.
128 */
129 if (fx_sw_user->xstate_size < min_xstate_size ||
130 fx_sw_user->xstate_size > xstate_size ||
131 fx_sw_user->xstate_size > fx_sw_user->extended_size)
132 return -EINVAL;
133
134 err = __get_user(magic2, (__u32 *) (((void *)fpstate) +
135 fx_sw_user->extended_size -
136 FP_XSTATE_MAGIC2_SIZE));
137 if (err)
138 return err;
139 /*
140 * Check for the presence of second magic word at the end of memory
141 * layout. This detects the case where the user just copied the legacy
142 * fpstate layout with out copying the extended state information
143 * in the memory layout.
144 */
145 if (magic2 != FP_XSTATE_MAGIC2)
146 return -EFAULT;
147
148 return 0;
149 }
150
151 #ifdef CONFIG_X86_64
152 /*
153 * Signal frame handlers.
154 */
155
save_i387_xstate(void __user * buf)156 int save_i387_xstate(void __user *buf)
157 {
158 struct task_struct *tsk = current;
159 int err = 0;
160
161 if (!access_ok(VERIFY_WRITE, buf, sig_xstate_size))
162 return -EACCES;
163
164 BUG_ON(sig_xstate_size < xstate_size);
165
166 if ((unsigned long)buf % 64)
167 printk("save_i387_xstate: bad fpstate %p\n", buf);
168
169 if (!used_math())
170 return 0;
171
172 if (user_has_fpu()) {
173 if (use_xsave())
174 err = xsave_user(buf);
175 else
176 err = fxsave_user(buf);
177
178 if (err)
179 return err;
180 user_fpu_end();
181 } else {
182 sanitize_i387_state(tsk);
183 if (__copy_to_user(buf, &tsk->thread.fpu.state->fxsave,
184 xstate_size))
185 return -1;
186 }
187
188 clear_used_math(); /* trigger finit */
189
190 if (use_xsave()) {
191 struct _fpstate __user *fx = buf;
192 struct _xstate __user *x = buf;
193 u64 xstate_bv;
194
195 err = __copy_to_user(&fx->sw_reserved, &fx_sw_reserved,
196 sizeof(struct _fpx_sw_bytes));
197
198 err |= __put_user(FP_XSTATE_MAGIC2,
199 (__u32 __user *) (buf + sig_xstate_size
200 - FP_XSTATE_MAGIC2_SIZE));
201
202 /*
203 * Read the xstate_bv which we copied (directly from the cpu or
204 * from the state in task struct) to the user buffers and
205 * set the FP/SSE bits.
206 */
207 err |= __get_user(xstate_bv, &x->xstate_hdr.xstate_bv);
208
209 /*
210 * For legacy compatible, we always set FP/SSE bits in the bit
211 * vector while saving the state to the user context. This will
212 * enable us capturing any changes(during sigreturn) to
213 * the FP/SSE bits by the legacy applications which don't touch
214 * xstate_bv in the xsave header.
215 *
216 * xsave aware apps can change the xstate_bv in the xsave
217 * header as well as change any contents in the memory layout.
218 * xrestore as part of sigreturn will capture all the changes.
219 */
220 xstate_bv |= XSTATE_FPSSE;
221
222 err |= __put_user(xstate_bv, &x->xstate_hdr.xstate_bv);
223
224 if (err)
225 return err;
226 }
227
228 return 1;
229 }
230
231 /*
232 * Restore the extended state if present. Otherwise, restore the FP/SSE
233 * state.
234 */
restore_user_xstate(void __user * buf)235 static int restore_user_xstate(void __user *buf)
236 {
237 struct _fpx_sw_bytes fx_sw_user;
238 u64 mask;
239 int err;
240
241 if (((unsigned long)buf % 64) ||
242 check_for_xstate(buf, buf, &fx_sw_user))
243 goto fx_only;
244
245 mask = fx_sw_user.xstate_bv;
246
247 /*
248 * restore the state passed by the user.
249 */
250 err = xrestore_user(buf, mask);
251 if (err)
252 return err;
253
254 /*
255 * init the state skipped by the user.
256 */
257 mask = pcntxt_mask & ~mask;
258 if (unlikely(mask))
259 xrstor_state(init_xstate_buf, mask);
260
261 return 0;
262
263 fx_only:
264 /*
265 * couldn't find the extended state information in the
266 * memory layout. Restore just the FP/SSE and init all
267 * the other extended state.
268 */
269 xrstor_state(init_xstate_buf, pcntxt_mask & ~XSTATE_FPSSE);
270 return fxrstor_checking((__force struct i387_fxsave_struct *)buf);
271 }
272
273 /*
274 * This restores directly out of user space. Exceptions are handled.
275 */
restore_i387_xstate(void __user * buf)276 int restore_i387_xstate(void __user *buf)
277 {
278 struct task_struct *tsk = current;
279 int err = 0;
280
281 if (!buf) {
282 if (used_math())
283 goto clear;
284 return 0;
285 } else
286 if (!access_ok(VERIFY_READ, buf, sig_xstate_size))
287 return -EACCES;
288
289 if (!used_math()) {
290 err = init_fpu(tsk);
291 if (err)
292 return err;
293 }
294
295 user_fpu_begin();
296 if (use_xsave())
297 err = restore_user_xstate(buf);
298 else
299 err = fxrstor_checking((__force struct i387_fxsave_struct *)
300 buf);
301 if (unlikely(err)) {
302 /*
303 * Encountered an error while doing the restore from the
304 * user buffer, clear the fpu state.
305 */
306 clear:
307 clear_fpu(tsk);
308 clear_used_math();
309 }
310 return err;
311 }
312 #endif
313
314 /*
315 * Prepare the SW reserved portion of the fxsave memory layout, indicating
316 * the presence of the extended state information in the memory layout
317 * pointed by the fpstate pointer in the sigcontext.
318 * This will be saved when ever the FP and extended state context is
319 * saved on the user stack during the signal handler delivery to the user.
320 */
prepare_fx_sw_frame(void)321 static void prepare_fx_sw_frame(void)
322 {
323 int size_extended = (xstate_size - sizeof(struct i387_fxsave_struct)) +
324 FP_XSTATE_MAGIC2_SIZE;
325
326 sig_xstate_size = sizeof(struct _fpstate) + size_extended;
327
328 #ifdef CONFIG_IA32_EMULATION
329 sig_xstate_ia32_size = sizeof(struct _fpstate_ia32) + size_extended;
330 #endif
331
332 memset(&fx_sw_reserved, 0, sizeof(fx_sw_reserved));
333
334 fx_sw_reserved.magic1 = FP_XSTATE_MAGIC1;
335 fx_sw_reserved.extended_size = sig_xstate_size;
336 fx_sw_reserved.xstate_bv = pcntxt_mask;
337 fx_sw_reserved.xstate_size = xstate_size;
338 #ifdef CONFIG_IA32_EMULATION
339 memcpy(&fx_sw_reserved_ia32, &fx_sw_reserved,
340 sizeof(struct _fpx_sw_bytes));
341 fx_sw_reserved_ia32.extended_size = sig_xstate_ia32_size;
342 #endif
343 }
344
345 #ifdef CONFIG_X86_64
346 unsigned int sig_xstate_size = sizeof(struct _fpstate);
347 #endif
348
349 /*
350 * Enable the extended processor state save/restore feature
351 */
xstate_enable(void)352 static inline void xstate_enable(void)
353 {
354 set_in_cr4(X86_CR4_OSXSAVE);
355 xsetbv(XCR_XFEATURE_ENABLED_MASK, pcntxt_mask);
356 }
357
358 /*
359 * Record the offsets and sizes of different state managed by the xsave
360 * memory layout.
361 */
setup_xstate_features(void)362 static void __init setup_xstate_features(void)
363 {
364 int eax, ebx, ecx, edx, leaf = 0x2;
365
366 xstate_features = fls64(pcntxt_mask);
367 xstate_offsets = alloc_bootmem(xstate_features * sizeof(int));
368 xstate_sizes = alloc_bootmem(xstate_features * sizeof(int));
369
370 do {
371 cpuid_count(XSTATE_CPUID, leaf, &eax, &ebx, &ecx, &edx);
372
373 if (eax == 0)
374 break;
375
376 xstate_offsets[leaf] = ebx;
377 xstate_sizes[leaf] = eax;
378
379 leaf++;
380 } while (1);
381 }
382
383 /*
384 * setup the xstate image representing the init state
385 */
setup_xstate_init(void)386 static void __init setup_xstate_init(void)
387 {
388 setup_xstate_features();
389
390 /*
391 * Setup init_xstate_buf to represent the init state of
392 * all the features managed by the xsave
393 */
394 init_xstate_buf = alloc_bootmem_align(xstate_size,
395 __alignof__(struct xsave_struct));
396 init_xstate_buf->i387.mxcsr = MXCSR_DEFAULT;
397
398 clts();
399 /*
400 * Init all the features state with header_bv being 0x0
401 */
402 xrstor_state(init_xstate_buf, -1);
403 /*
404 * Dump the init state again. This is to identify the init state
405 * of any feature which is not represented by all zero's.
406 */
407 xsave_state(init_xstate_buf, -1);
408 stts();
409 }
410
411 /*
412 * Enable and initialize the xsave feature.
413 */
xstate_enable_boot_cpu(void)414 static void __init xstate_enable_boot_cpu(void)
415 {
416 unsigned int eax, ebx, ecx, edx;
417
418 if (boot_cpu_data.cpuid_level < XSTATE_CPUID) {
419 WARN(1, KERN_ERR "XSTATE_CPUID missing\n");
420 return;
421 }
422
423 cpuid_count(XSTATE_CPUID, 0, &eax, &ebx, &ecx, &edx);
424 pcntxt_mask = eax + ((u64)edx << 32);
425
426 if ((pcntxt_mask & XSTATE_FPSSE) != XSTATE_FPSSE) {
427 printk(KERN_ERR "FP/SSE not shown under xsave features 0x%llx\n",
428 pcntxt_mask);
429 BUG();
430 }
431
432 /*
433 * Support only the state known to OS.
434 */
435 pcntxt_mask = pcntxt_mask & XCNTXT_MASK;
436
437 xstate_enable();
438
439 /*
440 * Recompute the context size for enabled features
441 */
442 cpuid_count(XSTATE_CPUID, 0, &eax, &ebx, &ecx, &edx);
443 xstate_size = ebx;
444
445 update_regset_xstate_info(xstate_size, pcntxt_mask);
446 prepare_fx_sw_frame();
447
448 setup_xstate_init();
449
450 printk(KERN_INFO "xsave/xrstor: enabled xstate_bv 0x%llx, "
451 "cntxt size 0x%x\n",
452 pcntxt_mask, xstate_size);
453 }
454
455 /*
456 * For the very first instance, this calls xstate_enable_boot_cpu();
457 * for all subsequent instances, this calls xstate_enable().
458 *
459 * This is somewhat obfuscated due to the lack of powerful enough
460 * overrides for the section checks.
461 */
xsave_init(void)462 void __cpuinit xsave_init(void)
463 {
464 static __refdata void (*next_func)(void) = xstate_enable_boot_cpu;
465 void (*this_func)(void);
466
467 if (!cpu_has_xsave)
468 return;
469
470 this_func = next_func;
471 next_func = xstate_enable;
472 this_func();
473 }
474