• yu-cheng yu's avatar
    x86/fpu: Disable AVX when eagerfpu is off · 3db9ce10
    yu-cheng yu authored
    BugLink: https://bugs.launchpad.net/bugs/1777389
    
    commit 394db20c upstream.
    
    When "eagerfpu=off" is given as a command-line input, the kernel
    should disable AVX support.
    
    The Task Switched bit used for lazy context switching does not
    support AVX. If AVX is enabled without eagerfpu context
    switching, one task's AVX state could become corrupted or leak
    to other tasks. This is a bug and has bad security implications.
    
    This only affects systems that have AVX/AVX2/AVX512 and this
    issue will be found only when one actually uses AVX/AVX2/AVX512
    _AND_ does eagerfpu=off.
    
    Reference: Intel Software Developer's Manual Vol. 3A
    
    Sec. 2.5 Control Registers:
    TS Task Switched bit (bit 3 of CR0) -- Allows the saving of the
    x87 FPU/ MMX/SSE/SSE2/SSE3/SSSE3/SSE4 context on a task switch
    to be delayed until an x87 FPU/MMX/SSE/SSE2/SSE3/SSSE3/SSE4
    instruction is actually executed by the new task.
    
    Sec. 13.4.1 Using the TS Flag to Control the Saving of the X87
    FPU and SSE State
    When the TS flag is set, the processor monitors the instruction
    stream for x87 FPU, MMX, SSE instructions. When the processor
    detects one of these instructions, it raises a
    device-not-available exeception (#NM) prior to executing the
    instruction.
    Signed-off-by: default avatarYu-cheng Yu <yu-cheng.yu@intel.com>
    Cc: Andy Lutomirski <luto@amacapital.net>
    Cc: Borislav Petkov <bp@alien8.de>
    Cc: Borislav Petkov <bp@suse.de>
    Cc: Dave Hansen <dave.hansen@linux.intel.com>
    Cc: Fenghua Yu <fenghua.yu@intel.com>
    Cc: H. Peter Anvin <hpa@zytor.com>
    Cc: Linus Torvalds <torvalds@linux-foundation.org>
    Cc: Oleg Nesterov <oleg@redhat.com>
    Cc: Peter Zijlstra <peterz@infradead.org>
    Cc: Quentin Casasnovas <quentin.casasnovas@oracle.com>
    Cc: Ravi V. Shankar <ravi.v.shankar@intel.com>
    Cc: Sai Praneeth Prakhya <sai.praneeth.prakhya@intel.com>
    Cc: Thomas Gleixner <tglx@linutronix.de>
    Cc: yu-cheng yu <yu-cheng.yu@intel.com>
    Link: http://lkml.kernel.org/r/1452119094-7252-5-git-send-email-yu-cheng.yu@intel.comSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    Signed-off-by: default avatarJuerg Haefliger <juergh@canonical.com>
    Signed-off-by: default avatarKhalid Elmously <khalid.elmously@canonical.com>
    3db9ce10
init.c 11 KB