On Mon, May 31 2021 at 10:43, Borislav Petkov wrote:
> On Sat, May 29, 2021 at 11:17:30AM +0200, Thomas Gleixner wrote:
>> #2 is broken beyond repair. The comment in the code claims that it is safe
>> to invoke this in an IPI, but that's just wishful thinking.
>>
>> FPU state of a running task is protected by fregs_lock() which is
>> nothing else than a local_bh_disable(). As BH disabled regions run
>> usually with interrupts enabled the IPI can hit a code section which
>> modifies FPU state and there is absolutely no guarantee that any of the
>> assumptions which are made for the IPI case is true.
>
> ... so on a PASID system, your trivial reproducer would theoretically
> fire the same way and corrupt FPU state just as well.
This is worse and you can't selftest it because the IPI can just hit in
the middle of _any_ FPU state operation and corrupt state.
Thanks,
tglx
_______________________________________________
iommu mailing list
iommu@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/iommu
