kern/98460 : [kernel] [patch] fpu_clean_state() cannot be
disabled
for not AMD processors, those are not vulnerable to FreeBSD-SA-06:14.fpu
Bruce Evans
bde at zeta.org.au
Sun Jun 4 15:30:57 PDT 2006
The following reply was made to PR kern/98460; it has been noted by GNATS.
From: Bruce Evans <bde at zeta.org.au>
To: Rostislav Krasny <rosti.bsd at gmail.com>
Cc: freebsd-gnats-submit at FreeBSD.org
Subject: Re: kern/98460 : [kernel] [patch] fpu_clean_state() cannot be disabled
for not AMD processors, those are not vulnerable to FreeBSD-SA-06:14.fpu
Date: Mon, 5 Jun 2006 08:25:06 +1000 (EST)
On Sun, 4 Jun 2006, Rostislav Krasny wrote:
> On Sun, 4 Jun 2006, Bruce Evans wrote:
> > The configuration should be dynamic and automatic, so that it doesn't
> > take changes to zillions of configuration files to implement and
> > document an option that almost no one will know to set. I think there
> > is a simple feature test for the AMD misfeature.
>
> David Xu had proposed something like that. But from Colin Percival's
> reply I understood that it is hard to be done effectively. See their
> discussion by the first URL in this PR.
I don't see how it can be hard. Perhaps it is too CPU-dependent for
tests based on cpuid to be easy or future-proof, but a runtime test
in the probe would be easy. Here is a userland version. It gives the
expected result on the following systems P2(Celeron) (mine), P3
(freefall), P4(Xeon) (nosedive), AthlonXP (mine) and Opteron (sledge).
It would crash on systems without FXSR. To be complete, the userland
version should repeat the test many times to reduce the chance of a
misprobe due to broken context switching clobbering the pointer
underneath it. The kernel version can check for FXSR more easily and
can just prevent context switching.
%%%
#include <sys/types.h>
#ifdef __amd64__
#include <machine/fpu.h>
static struct savefpu xmmstate;
#define en_fip en_rip
#else
#include <machine/npx.h>
static struct savexmm xmmstate;
#endif
int
main(void)
{
/* Set up a fairly clean state with a zero last-instruction pointer. */
asm("fninit");
/* Set the last-instruction pointer mod 2^32 to nonzero. */
asm(".align 2,0x90; nop; fnop");
/* Try to see what the last-instruction pointer got changed to. */
asm("fxsave xmmstate");
/* Have dubious AMD optimizations iff the change didn't get saved. */
if (xmmstate.sv_env.en_fip == 0) {
printf("cpu_fxsr |= CPU_FXSR_NEEDCLEAN;\n");
return (1);
} else {
printf("cpu_fxsr &= ~CPU_FXSR_NEEDCLEAN;\n");
return (0);
}
}
%%%
Bruce
More information about the freebsd-bugs
mailing list