1/* 2 * xsave/xrstor support. 3 * 4 * Author: Suresh Siddha <suresh.b.siddha@intel.com> 5 */ 6#include <linux/bootmem.h> 7#include <linux/compat.h> 8#include <asm/i387.h> 9#ifdef CONFIG_IA32_EMULATION 10#include <asm/sigcontext32.h> 11#endif 12#include <asm/xcr.h> 13 14/* 15 * Supported feature mask by the CPU and the kernel. 16 */ 17u64 pcntxt_mask; 18 19/* 20 * Represents init state for the supported extended state. 21 */ 22static struct xsave_struct *init_xstate_buf; 23 24struct _fpx_sw_bytes fx_sw_reserved; 25#ifdef CONFIG_IA32_EMULATION 26struct _fpx_sw_bytes fx_sw_reserved_ia32; 27#endif 28 29static unsigned int *xstate_offsets, *xstate_sizes, xstate_features; 30 31/* 32 * If a processor implementation discern that a processor state component is 33 * in its initialized state it may modify the corresponding bit in the 34 * xsave_hdr.xstate_bv as '0', with out modifying the corresponding memory 35 * layout in the case of xsaveopt. While presenting the xstate information to 36 * the user, we always ensure that the memory layout of a feature will be in 37 * the init state if the corresponding header bit is zero. This is to ensure 38 * that the user doesn't see some stale state in the memory layout during 39 * signal handling, debugging etc. 40 */ 41void __sanitize_i387_state(struct task_struct *tsk) 42{ 43 u64 xstate_bv; 44 int feature_bit = 0x2; 45 struct i387_fxsave_struct *fx = &tsk->thread.fpu.state->fxsave; 46 47 if (!fx) 48 return; 49 50 BUG_ON(task_thread_info(tsk)->status & TS_USEDFPU); 51 52 xstate_bv = tsk->thread.fpu.state->xsave.xsave_hdr.xstate_bv; 53 54 /* 55 * None of the feature bits are in init state. So nothing else 56 * to do for us, as the memory layout is upto date. 57 */ 58 if ((xstate_bv & pcntxt_mask) == pcntxt_mask) 59 return; 60 61 /* 62 * FP is in init state 63 */ 64 if (!(xstate_bv & XSTATE_FP)) { 65 fx->cwd = 0x37f; 66 fx->swd = 0; 67 fx->twd = 0; 68 fx->fop = 0; 69 fx->rip = 0; 70 fx->rdp = 0; 71 memset(&fx->st_space[0], 0, 128); 72 } 73 74 /* 75 * SSE is in init state 76 */ 77 if (!(xstate_bv & XSTATE_SSE)) 78 memset(&fx->xmm_space[0], 0, 256); 79 80 xstate_bv = (pcntxt_mask & ~xstate_bv) >> 2; 81 82 /* 83 * Update all the other memory layouts for which the corresponding 84 * header bit is in the init state. 85 */ 86 while (xstate_bv) { 87 if (xstate_bv & 0x1) { 88 int offset = xstate_offsets[feature_bit]; 89 int size = xstate_sizes[feature_bit]; 90 91 memcpy(((void *) fx) + offset, 92 ((void *) init_xstate_buf) + offset, 93 size); 94 } 95 96 xstate_bv >>= 1; 97 feature_bit++; 98 } 99} 100 101/* 102 * Check for the presence of extended state information in the 103 * user fpstate pointer in the sigcontext. 104 */ 105int check_for_xstate(struct i387_fxsave_struct __user *buf, 106 void __user *fpstate, 107 struct _fpx_sw_bytes *fx_sw_user) 108{ 109 int min_xstate_size = sizeof(struct i387_fxsave_struct) + 110 sizeof(struct xsave_hdr_struct); 111 unsigned int magic2; 112 int err; 113 114 err = __copy_from_user(fx_sw_user, &buf->sw_reserved[0], 115 sizeof(struct _fpx_sw_bytes)); 116 if (err) 117 return -EFAULT; 118 119 /* 120 * First Magic check failed. 121 */ 122 if (fx_sw_user->magic1 != FP_XSTATE_MAGIC1) 123 return -EINVAL; 124 125 /* 126 * Check for error scenarios. 127 */ 128 if (fx_sw_user->xstate_size < min_xstate_size || 129 fx_sw_user->xstate_size > xstate_size || 130 fx_sw_user->xstate_size > fx_sw_user->extended_size) 131 return -EINVAL; 132 133 err = __get_user(magic2, (__u32 *) (((void *)fpstate) + 134 fx_sw_user->extended_size - 135 FP_XSTATE_MAGIC2_SIZE)); 136 if (err) 137 return err; 138 /* 139 * Check for the presence of second magic word at the end of memory 140 * layout. This detects the case where the user just copied the legacy 141 * fpstate layout with out copying the extended state information 142 * in the memory layout. 143 */ 144 if (magic2 != FP_XSTATE_MAGIC2) 145 return -EFAULT; 146 147 return 0; 148} 149 150#ifdef CONFIG_X86_64 151/* 152 * Signal frame handlers. 153 */ 154 155int save_i387_xstate(void __user *buf) 156{ 157 struct task_struct *tsk = current; 158 int err = 0; 159 160 if (!access_ok(VERIFY_WRITE, buf, sig_xstate_size)) 161 return -EACCES; 162 163 BUG_ON(sig_xstate_size < xstate_size); 164 165 if ((unsigned long)buf % 64) 166 printk("save_i387_xstate: bad fpstate %p\n", buf); 167 168 if (!used_math()) 169 return 0; 170 171 if (task_thread_info(tsk)->status & TS_USEDFPU) { 172 if (use_xsave()) 173 err = xsave_user(buf); 174 else 175 err = fxsave_user(buf); 176 177 if (err) 178 return err; 179 task_thread_info(tsk)->status &= ~TS_USEDFPU; 180 stts(); 181 } else { 182 sanitize_i387_state(tsk); 183 if (__copy_to_user(buf, &tsk->thread.fpu.state->fxsave, 184 xstate_size)) 185 return -1; 186 } 187 188 clear_used_math(); /* trigger finit */ 189 190 if (use_xsave()) { 191 struct _fpstate __user *fx = buf; 192 struct _xstate __user *x = buf; 193 u64 xstate_bv; 194 195 err = __copy_to_user(&fx->sw_reserved, &fx_sw_reserved, 196 sizeof(struct _fpx_sw_bytes)); 197 198 err |= __put_user(FP_XSTATE_MAGIC2, 199 (__u32 __user *) (buf + sig_xstate_size 200 - FP_XSTATE_MAGIC2_SIZE)); 201 202 /* 203 * Read the xstate_bv which we copied (directly from the cpu or 204 * from the state in task struct) to the user buffers and 205 * set the FP/SSE bits. 206 */ 207 err |= __get_user(xstate_bv, &x->xstate_hdr.xstate_bv); 208 209 /* 210 * For legacy compatible, we always set FP/SSE bits in the bit 211 * vector while saving the state to the user context. This will 212 * enable us capturing any changes(during sigreturn) to 213 * the FP/SSE bits by the legacy applications which don't touch 214 * xstate_bv in the xsave header. 215 * 216 * xsave aware apps can change the xstate_bv in the xsave 217 * header as well as change any contents in the memory layout. 218 * xrestore as part of sigreturn will capture all the changes. 219 */ 220 xstate_bv |= XSTATE_FPSSE; 221 222 err |= __put_user(xstate_bv, &x->xstate_hdr.xstate_bv); 223 224 if (err) 225 return err; 226 } 227 228 return 1; 229} 230 231/* 232 * Restore the extended state if present. Otherwise, restore the FP/SSE 233 * state. 234 */ 235static int restore_user_xstate(void __user *buf) 236{ 237 struct _fpx_sw_bytes fx_sw_user; 238 u64 mask; 239 int err; 240 241 if (((unsigned long)buf % 64) || 242 check_for_xstate(buf, buf, &fx_sw_user)) 243 goto fx_only; 244 245 mask = fx_sw_user.xstate_bv; 246 247 /* 248 * restore the state passed by the user. 249 */ 250 err = xrestore_user(buf, mask); 251 if (err) 252 return err; 253 254 /* 255 * init the state skipped by the user. 256 */ 257 mask = pcntxt_mask & ~mask; 258 if (unlikely(mask)) 259 xrstor_state(init_xstate_buf, mask); 260 261 return 0; 262 263fx_only: 264 /* 265 * couldn't find the extended state information in the 266 * memory layout. Restore just the FP/SSE and init all 267 * the other extended state. 268 */ 269 xrstor_state(init_xstate_buf, pcntxt_mask & ~XSTATE_FPSSE); 270 return fxrstor_checking((__force struct i387_fxsave_struct *)buf); 271} 272 273/* 274 * This restores directly out of user space. Exceptions are handled. 275 */ 276int restore_i387_xstate(void __user *buf) 277{ 278 struct task_struct *tsk = current; 279 int err = 0; 280 281 if (!buf) { 282 if (used_math()) 283 goto clear; 284 return 0; 285 } else 286 if (!access_ok(VERIFY_READ, buf, sig_xstate_size)) 287 return -EACCES; 288 289 if (!used_math()) { 290 err = init_fpu(tsk); 291 if (err) 292 return err; 293 } 294 295 if (!(task_thread_info(current)->status & TS_USEDFPU)) { 296 clts(); 297 task_thread_info(current)->status |= TS_USEDFPU; 298 } 299 if (use_xsave()) 300 err = restore_user_xstate(buf); 301 else 302 err = fxrstor_checking((__force struct i387_fxsave_struct *) 303 buf); 304 if (unlikely(err)) { 305 /* 306 * Encountered an error while doing the restore from the 307 * user buffer, clear the fpu state. 308 */ 309clear: 310 clear_fpu(tsk); 311 clear_used_math(); 312 } 313 return err; 314} 315#endif 316 317/* 318 * Prepare the SW reserved portion of the fxsave memory layout, indicating 319 * the presence of the extended state information in the memory layout 320 * pointed by the fpstate pointer in the sigcontext. 321 * This will be saved when ever the FP and extended state context is 322 * saved on the user stack during the signal handler delivery to the user. 323 */ 324static void prepare_fx_sw_frame(void) 325{ 326 int size_extended = (xstate_size - sizeof(struct i387_fxsave_struct)) + 327 FP_XSTATE_MAGIC2_SIZE; 328 329 sig_xstate_size = sizeof(struct _fpstate) + size_extended; 330 331#ifdef CONFIG_IA32_EMULATION 332 sig_xstate_ia32_size = sizeof(struct _fpstate_ia32) + size_extended; 333#endif 334 335 memset(&fx_sw_reserved, 0, sizeof(fx_sw_reserved)); 336 337 fx_sw_reserved.magic1 = FP_XSTATE_MAGIC1; 338 fx_sw_reserved.extended_size = sig_xstate_size; 339 fx_sw_reserved.xstate_bv = pcntxt_mask; 340 fx_sw_reserved.xstate_size = xstate_size; 341#ifdef CONFIG_IA32_EMULATION 342 memcpy(&fx_sw_reserved_ia32, &fx_sw_reserved, 343 sizeof(struct _fpx_sw_bytes)); 344 fx_sw_reserved_ia32.extended_size = sig_xstate_ia32_size; 345#endif 346} 347 348#ifdef CONFIG_X86_64 349unsigned int sig_xstate_size = sizeof(struct _fpstate); 350#endif 351 352/* 353 * Enable the extended processor state save/restore feature 354 */ 355static inline void xstate_enable(void) 356{ 357 set_in_cr4(X86_CR4_OSXSAVE); 358 xsetbv(XCR_XFEATURE_ENABLED_MASK, pcntxt_mask); 359} 360 361/* 362 * Record the offsets and sizes of different state managed by the xsave 363 * memory layout. 364 */ 365static void __init setup_xstate_features(void) 366{ 367 int eax, ebx, ecx, edx, leaf = 0x2; 368 369 xstate_features = fls64(pcntxt_mask); 370 xstate_offsets = alloc_bootmem(xstate_features * sizeof(int)); 371 xstate_sizes = alloc_bootmem(xstate_features * sizeof(int)); 372 373 do { 374 cpuid_count(XSTATE_CPUID, leaf, &eax, &ebx, &ecx, &edx); 375 376 if (eax == 0) 377 break; 378 379 xstate_offsets[leaf] = ebx; 380 xstate_sizes[leaf] = eax; 381 382 leaf++; 383 } while (1); 384} 385 386/* 387 * setup the xstate image representing the init state 388 */ 389static void __init setup_xstate_init(void) 390{ 391 setup_xstate_features(); 392 393 /* 394 * Setup init_xstate_buf to represent the init state of 395 * all the features managed by the xsave 396 */ 397 init_xstate_buf = alloc_bootmem_align(xstate_size, 398 __alignof__(struct xsave_struct)); 399 init_xstate_buf->i387.mxcsr = MXCSR_DEFAULT; 400 401 clts(); 402 /* 403 * Init all the features state with header_bv being 0x0 404 */ 405 xrstor_state(init_xstate_buf, -1); 406 /* 407 * Dump the init state again. This is to identify the init state 408 * of any feature which is not represented by all zero's. 409 */ 410 xsave_state(init_xstate_buf, -1); 411 stts(); 412} 413 414/* 415 * Enable and initialize the xsave feature. 416 */ 417static void __init xstate_enable_boot_cpu(void) 418{ 419 unsigned int eax, ebx, ecx, edx; 420 421 if (boot_cpu_data.cpuid_level < XSTATE_CPUID) { 422 WARN(1, KERN_ERR "XSTATE_CPUID missing\n"); 423 return; 424 } 425 426 cpuid_count(XSTATE_CPUID, 0, &eax, &ebx, &ecx, &edx); 427 pcntxt_mask = eax + ((u64)edx << 32); 428 429 if ((pcntxt_mask & XSTATE_FPSSE) != XSTATE_FPSSE) { 430 printk(KERN_ERR "FP/SSE not shown under xsave features 0x%llx\n", 431 pcntxt_mask); 432 BUG(); 433 } 434 435 /* 436 * Support only the state known to OS. 437 */ 438 pcntxt_mask = pcntxt_mask & XCNTXT_MASK; 439 440 xstate_enable(); 441 442 /* 443 * Recompute the context size for enabled features 444 */ 445 cpuid_count(XSTATE_CPUID, 0, &eax, &ebx, &ecx, &edx); 446 xstate_size = ebx; 447 448 update_regset_xstate_info(xstate_size, pcntxt_mask); 449 prepare_fx_sw_frame(); 450 451 setup_xstate_init(); 452 453 printk(KERN_INFO "xsave/xrstor: enabled xstate_bv 0x%llx, " 454 "cntxt size 0x%x\n", 455 pcntxt_mask, xstate_size); 456} 457 458/* 459 * For the very first instance, this calls xstate_enable_boot_cpu(); 460 * for all subsequent instances, this calls xstate_enable(). 461 * 462 * This is somewhat obfuscated due to the lack of powerful enough 463 * overrides for the section checks. 464 */ 465void __cpuinit xsave_init(void) 466{ 467 static __refdata void (*next_func)(void) = xstate_enable_boot_cpu; 468 void (*this_func)(void); 469 470 if (!cpu_has_xsave) 471 return; 472 473 this_func = next_func; 474 next_func = xstate_enable; 475 this_func(); 476} 477