1 /*
2 * xsave/xrstor support.
3 *
4 * Author: Suresh Siddha <suresh.b.siddha@intel.com>
5 */
6 #include <linux/bootmem.h>
7 #include <linux/compat.h>
8 #include <asm/i387.h>
9 #ifdef CONFIG_IA32_EMULATION
10 #include <asm/sigcontext32.h>
11 #endif
12 #include <asm/xcr.h>
13
14 /*
15 * Supported feature mask by the CPU and the kernel.
16 */
17 u64 pcntxt_mask;
18
19 /*
20 * Represents init state for the supported extended state.
21 */
22 static struct xsave_struct *init_xstate_buf;
23
24 struct _fpx_sw_bytes fx_sw_reserved;
25 #ifdef CONFIG_IA32_EMULATION
26 struct _fpx_sw_bytes fx_sw_reserved_ia32;
27 #endif
28
29 static unsigned int *xstate_offsets, *xstate_sizes, xstate_features;
30
31 /*
32 * If a processor implementation discern that a processor state component is
33 * in its initialized state it may modify the corresponding bit in the
34 * xsave_hdr.xstate_bv as '0', with out modifying the corresponding memory
35 * layout in the case of xsaveopt. While presenting the xstate information to
36 * the user, we always ensure that the memory layout of a feature will be in
37 * the init state if the corresponding header bit is zero. This is to ensure
38 * that the user doesn't see some stale state in the memory layout during
39 * signal handling, debugging etc.
40 */
__sanitize_i387_state(struct task_struct * tsk)41 void __sanitize_i387_state(struct task_struct *tsk)
42 {
43 u64 xstate_bv;
44 int feature_bit = 0x2;
45 struct i387_fxsave_struct *fx = &tsk->thread.fpu.state->fxsave;
46
47 if (!fx)
48 return;
49
50 BUG_ON(task_thread_info(tsk)->status & TS_USEDFPU);
51
52 xstate_bv = tsk->thread.fpu.state->xsave.xsave_hdr.xstate_bv;
53
54 /*
55 * None of the feature bits are in init state. So nothing else
56 * to do for us, as the memory layout is up to date.
57 */
58 if ((xstate_bv & pcntxt_mask) == pcntxt_mask)
59 return;
60
61 /*
62 * FP is in init state
63 */
64 if (!(xstate_bv & XSTATE_FP)) {
65 fx->cwd = 0x37f;
66 fx->swd = 0;
67 fx->twd = 0;
68 fx->fop = 0;
69 fx->rip = 0;
70 fx->rdp = 0;
71 memset(&fx->st_space[0], 0, 128);
72 }
73
74 /*
75 * SSE is in init state
76 */
77 if (!(xstate_bv & XSTATE_SSE))
78 memset(&fx->xmm_space[0], 0, 256);
79
80 xstate_bv = (pcntxt_mask & ~xstate_bv) >> 2;
81
82 /*
83 * Update all the other memory layouts for which the corresponding
84 * header bit is in the init state.
85 */
86 while (xstate_bv) {
87 if (xstate_bv & 0x1) {
88 int offset = xstate_offsets[feature_bit];
89 int size = xstate_sizes[feature_bit];
90
91 memcpy(((void *) fx) + offset,
92 ((void *) init_xstate_buf) + offset,
93 size);
94 }
95
96 xstate_bv >>= 1;
97 feature_bit++;
98 }
99 }
100
101 /*
102 * Check for the presence of extended state information in the
103 * user fpstate pointer in the sigcontext.
104 */
check_for_xstate(struct i387_fxsave_struct __user * buf,void __user * fpstate,struct _fpx_sw_bytes * fx_sw_user)105 int check_for_xstate(struct i387_fxsave_struct __user *buf,
106 void __user *fpstate,
107 struct _fpx_sw_bytes *fx_sw_user)
108 {
109 int min_xstate_size = sizeof(struct i387_fxsave_struct) +
110 sizeof(struct xsave_hdr_struct);
111 unsigned int magic2;
112 int err;
113
114 err = __copy_from_user(fx_sw_user, &buf->sw_reserved[0],
115 sizeof(struct _fpx_sw_bytes));
116 if (err)
117 return -EFAULT;
118
119 /*
120 * First Magic check failed.
121 */
122 if (fx_sw_user->magic1 != FP_XSTATE_MAGIC1)
123 return -EINVAL;
124
125 /*
126 * Check for error scenarios.
127 */
128 if (fx_sw_user->xstate_size < min_xstate_size ||
129 fx_sw_user->xstate_size > xstate_size ||
130 fx_sw_user->xstate_size > fx_sw_user->extended_size)
131 return -EINVAL;
132
133 err = __get_user(magic2, (__u32 *) (((void *)fpstate) +
134 fx_sw_user->extended_size -
135 FP_XSTATE_MAGIC2_SIZE));
136 if (err)
137 return err;
138 /*
139 * Check for the presence of second magic word at the end of memory
140 * layout. This detects the case where the user just copied the legacy
141 * fpstate layout with out copying the extended state information
142 * in the memory layout.
143 */
144 if (magic2 != FP_XSTATE_MAGIC2)
145 return -EFAULT;
146
147 return 0;
148 }
149
150 #ifdef CONFIG_X86_64
151 /*
152 * Signal frame handlers.
153 */
154
save_i387_xstate(void __user * buf)155 int save_i387_xstate(void __user *buf)
156 {
157 struct task_struct *tsk = current;
158 int err = 0;
159
160 if (!access_ok(VERIFY_WRITE, buf, sig_xstate_size))
161 return -EACCES;
162
163 BUG_ON(sig_xstate_size < xstate_size);
164
165 if ((unsigned long)buf % 64)
166 printk("save_i387_xstate: bad fpstate %p\n", buf);
167
168 if (!used_math())
169 return 0;
170
171 if (task_thread_info(tsk)->status & TS_USEDFPU) {
172 if (use_xsave())
173 err = xsave_user(buf);
174 else
175 err = fxsave_user(buf);
176
177 if (err)
178 return err;
179 task_thread_info(tsk)->status &= ~TS_USEDFPU;
180 stts();
181 } else {
182 sanitize_i387_state(tsk);
183 if (__copy_to_user(buf, &tsk->thread.fpu.state->fxsave,
184 xstate_size))
185 return -1;
186 }
187
188 clear_used_math(); /* trigger finit */
189
190 if (use_xsave()) {
191 struct _fpstate __user *fx = buf;
192 struct _xstate __user *x = buf;
193 u64 xstate_bv;
194
195 err = __copy_to_user(&fx->sw_reserved, &fx_sw_reserved,
196 sizeof(struct _fpx_sw_bytes));
197
198 err |= __put_user(FP_XSTATE_MAGIC2,
199 (__u32 __user *) (buf + sig_xstate_size
200 - FP_XSTATE_MAGIC2_SIZE));
201
202 /*
203 * Read the xstate_bv which we copied (directly from the cpu or
204 * from the state in task struct) to the user buffers and
205 * set the FP/SSE bits.
206 */
207 err |= __get_user(xstate_bv, &x->xstate_hdr.xstate_bv);
208
209 /*
210 * For legacy compatible, we always set FP/SSE bits in the bit
211 * vector while saving the state to the user context. This will
212 * enable us capturing any changes(during sigreturn) to
213 * the FP/SSE bits by the legacy applications which don't touch
214 * xstate_bv in the xsave header.
215 *
216 * xsave aware apps can change the xstate_bv in the xsave
217 * header as well as change any contents in the memory layout.
218 * xrestore as part of sigreturn will capture all the changes.
219 */
220 xstate_bv |= XSTATE_FPSSE;
221
222 err |= __put_user(xstate_bv, &x->xstate_hdr.xstate_bv);
223
224 if (err)
225 return err;
226 }
227
228 return 1;
229 }
230
231 /*
232 * Restore the extended state if present. Otherwise, restore the FP/SSE
233 * state.
234 */
restore_user_xstate(void __user * buf)235 static int restore_user_xstate(void __user *buf)
236 {
237 struct _fpx_sw_bytes fx_sw_user;
238 u64 mask;
239 int err;
240
241 if (((unsigned long)buf % 64) ||
242 check_for_xstate(buf, buf, &fx_sw_user))
243 goto fx_only;
244
245 mask = fx_sw_user.xstate_bv;
246
247 /*
248 * restore the state passed by the user.
249 */
250 err = xrestore_user(buf, mask);
251 if (err)
252 return err;
253
254 /*
255 * init the state skipped by the user.
256 */
257 mask = pcntxt_mask & ~mask;
258 if (unlikely(mask))
259 xrstor_state(init_xstate_buf, mask);
260
261 return 0;
262
263 fx_only:
264 /*
265 * couldn't find the extended state information in the
266 * memory layout. Restore just the FP/SSE and init all
267 * the other extended state.
268 */
269 xrstor_state(init_xstate_buf, pcntxt_mask & ~XSTATE_FPSSE);
270 return fxrstor_checking((__force struct i387_fxsave_struct *)buf);
271 }
272
273 /*
274 * This restores directly out of user space. Exceptions are handled.
275 */
restore_i387_xstate(void __user * buf)276 int restore_i387_xstate(void __user *buf)
277 {
278 struct task_struct *tsk = current;
279 int err = 0;
280
281 if (!buf) {
282 if (used_math())
283 goto clear;
284 return 0;
285 } else
286 if (!access_ok(VERIFY_READ, buf, sig_xstate_size))
287 return -EACCES;
288
289 if (!used_math()) {
290 err = init_fpu(tsk);
291 if (err)
292 return err;
293 }
294
295 if (!(task_thread_info(current)->status & TS_USEDFPU)) {
296 clts();
297 task_thread_info(current)->status |= TS_USEDFPU;
298 }
299 if (use_xsave())
300 err = restore_user_xstate(buf);
301 else
302 err = fxrstor_checking((__force struct i387_fxsave_struct *)
303 buf);
304 if (unlikely(err)) {
305 /*
306 * Encountered an error while doing the restore from the
307 * user buffer, clear the fpu state.
308 */
309 clear:
310 clear_fpu(tsk);
311 clear_used_math();
312 }
313 return err;
314 }
315 #endif
316
317 /*
318 * Prepare the SW reserved portion of the fxsave memory layout, indicating
319 * the presence of the extended state information in the memory layout
320 * pointed by the fpstate pointer in the sigcontext.
321 * This will be saved when ever the FP and extended state context is
322 * saved on the user stack during the signal handler delivery to the user.
323 */
prepare_fx_sw_frame(void)324 static void prepare_fx_sw_frame(void)
325 {
326 int size_extended = (xstate_size - sizeof(struct i387_fxsave_struct)) +
327 FP_XSTATE_MAGIC2_SIZE;
328
329 sig_xstate_size = sizeof(struct _fpstate) + size_extended;
330
331 #ifdef CONFIG_IA32_EMULATION
332 sig_xstate_ia32_size = sizeof(struct _fpstate_ia32) + size_extended;
333 #endif
334
335 memset(&fx_sw_reserved, 0, sizeof(fx_sw_reserved));
336
337 fx_sw_reserved.magic1 = FP_XSTATE_MAGIC1;
338 fx_sw_reserved.extended_size = sig_xstate_size;
339 fx_sw_reserved.xstate_bv = pcntxt_mask;
340 fx_sw_reserved.xstate_size = xstate_size;
341 #ifdef CONFIG_IA32_EMULATION
342 memcpy(&fx_sw_reserved_ia32, &fx_sw_reserved,
343 sizeof(struct _fpx_sw_bytes));
344 fx_sw_reserved_ia32.extended_size = sig_xstate_ia32_size;
345 #endif
346 }
347
348 #ifdef CONFIG_X86_64
349 unsigned int sig_xstate_size = sizeof(struct _fpstate);
350 #endif
351
352 /*
353 * Enable the extended processor state save/restore feature
354 */
xstate_enable(void)355 static inline void xstate_enable(void)
356 {
357 set_in_cr4(X86_CR4_OSXSAVE);
358 xsetbv(XCR_XFEATURE_ENABLED_MASK, pcntxt_mask);
359 }
360
361 /*
362 * Record the offsets and sizes of different state managed by the xsave
363 * memory layout.
364 */
setup_xstate_features(void)365 static void __init setup_xstate_features(void)
366 {
367 int eax, ebx, ecx, edx, leaf = 0x2;
368
369 xstate_features = fls64(pcntxt_mask);
370 xstate_offsets = alloc_bootmem(xstate_features * sizeof(int));
371 xstate_sizes = alloc_bootmem(xstate_features * sizeof(int));
372
373 do {
374 cpuid_count(XSTATE_CPUID, leaf, &eax, &ebx, &ecx, &edx);
375
376 if (eax == 0)
377 break;
378
379 xstate_offsets[leaf] = ebx;
380 xstate_sizes[leaf] = eax;
381
382 leaf++;
383 } while (1);
384 }
385
386 /*
387 * setup the xstate image representing the init state
388 */
setup_xstate_init(void)389 static void __init setup_xstate_init(void)
390 {
391 setup_xstate_features();
392
393 /*
394 * Setup init_xstate_buf to represent the init state of
395 * all the features managed by the xsave
396 */
397 init_xstate_buf = alloc_bootmem_align(xstate_size,
398 __alignof__(struct xsave_struct));
399 init_xstate_buf->i387.mxcsr = MXCSR_DEFAULT;
400
401 clts();
402 /*
403 * Init all the features state with header_bv being 0x0
404 */
405 xrstor_state(init_xstate_buf, -1);
406 /*
407 * Dump the init state again. This is to identify the init state
408 * of any feature which is not represented by all zero's.
409 */
410 xsave_state(init_xstate_buf, -1);
411 stts();
412 }
413
414 /*
415 * Enable and initialize the xsave feature.
416 */
xstate_enable_boot_cpu(void)417 static void __init xstate_enable_boot_cpu(void)
418 {
419 unsigned int eax, ebx, ecx, edx;
420
421 if (boot_cpu_data.cpuid_level < XSTATE_CPUID) {
422 WARN(1, KERN_ERR "XSTATE_CPUID missing\n");
423 return;
424 }
425
426 cpuid_count(XSTATE_CPUID, 0, &eax, &ebx, &ecx, &edx);
427 pcntxt_mask = eax + ((u64)edx << 32);
428
429 if ((pcntxt_mask & XSTATE_FPSSE) != XSTATE_FPSSE) {
430 printk(KERN_ERR "FP/SSE not shown under xsave features 0x%llx\n",
431 pcntxt_mask);
432 BUG();
433 }
434
435 /*
436 * Support only the state known to OS.
437 */
438 pcntxt_mask = pcntxt_mask & XCNTXT_MASK;
439
440 xstate_enable();
441
442 /*
443 * Recompute the context size for enabled features
444 */
445 cpuid_count(XSTATE_CPUID, 0, &eax, &ebx, &ecx, &edx);
446 xstate_size = ebx;
447
448 update_regset_xstate_info(xstate_size, pcntxt_mask);
449 prepare_fx_sw_frame();
450
451 setup_xstate_init();
452
453 printk(KERN_INFO "xsave/xrstor: enabled xstate_bv 0x%llx, "
454 "cntxt size 0x%x\n",
455 pcntxt_mask, xstate_size);
456 }
457
458 /*
459 * For the very first instance, this calls xstate_enable_boot_cpu();
460 * for all subsequent instances, this calls xstate_enable().
461 *
462 * This is somewhat obfuscated due to the lack of powerful enough
463 * overrides for the section checks.
464 */
xsave_init(void)465 void __cpuinit xsave_init(void)
466 {
467 static __refdata void (*next_func)(void) = xstate_enable_boot_cpu;
468 void (*this_func)(void);
469
470 if (!cpu_has_xsave)
471 return;
472
473 this_func = next_func;
474 next_func = xstate_enable;
475 this_func();
476 }
477