This is a note to let you know that I've just added the patch titled
x86/fpu: Allow PKRU to be (once again) written by ptrace.
to the 5.15-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
x86-fpu-allow-pkru-to-be-once-again-written-by-ptrace.patch
and it can be found in the queue-5.15 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From me@xxxxxxxxxxxx Mon Jan 9 22:02:38 2023
From: Kyle Huey <me@xxxxxxxxxxxx>
Date: Mon, 9 Jan 2023 13:02:12 -0800
Subject: x86/fpu: Allow PKRU to be (once again) written by ptrace.
To: stable@xxxxxxxxxxxxxxx, Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx>
Cc: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>, Thomas Gleixner <tglx@xxxxxxxxxxxxx>, Borislav Petkov <bp@xxxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>, x86@xxxxxxxxxx, "H. Peter Anvin" <hpa@xxxxxxxxx>, Paolo Bonzini <pbonzini@xxxxxxxxxx>, Andy Lutomirski <luto@xxxxxxxxxx>, Peter Zijlstra <peterz@xxxxxxxxxxxxx>, Sean Christopherson <seanjc@xxxxxxxxxx>, Robert O'Callahan <robert@xxxxxxxxxxxxx>, David Manouchehri <david.manouchehri@xxxxxxxxxx>, Kyle Huey <me@xxxxxxxxxxxx>
Message-ID: <20230109210214.71068-5-khuey@xxxxxxxxxxxx>
From: Kyle Huey <me@xxxxxxxxxxxx>
From: Kyle Huey <me@xxxxxxxxxxxx>
commit 4a804c4f8356 upstream
Handle PKRU in copy_uabi_to_xstate() for the benefit of APIs that write
the XSTATE such as PTRACE_SETREGSET with NT_X86_XSTATE.
This restores the pre-5.14 behavior of ptrace. The regression can be seen
by running gdb and executing `p $pkru`, `set $pkru = 42`, and `p $pkru`.
On affected kernels (5.14+) the write to the PKRU register (which gdb
performs through ptrace) is ignored.
Fixes: e84ba47e313d ("x86/fpu: Hook up PKRU into ptrace()")
Signed-off-by: Kyle Huey <me@xxxxxxxxxxxx>
Signed-off-by: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>
Link: https://lore.kernel.org/all/20221115230932.7126-5-khuey%40kylehuey.com
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
arch/x86/kernel/fpu/xstate.c | 30 ++++++++++++++++++++++++++++++
1 file changed, 30 insertions(+)
--- a/arch/x86/kernel/fpu/xstate.c
+++ b/arch/x86/kernel/fpu/xstate.c
@@ -1091,6 +1091,29 @@ static int copy_from_buffer(void *dst, u
}
+/**
+ * copy_uabi_to_xstate - Copy a UABI format buffer to the kernel xstate
+ * @fpstate: The fpstate buffer to copy to
+ * @kbuf: The UABI format buffer, if it comes from the kernel
+ * @ubuf: The UABI format buffer, if it comes from userspace
+ * @pkru: The location to write the PKRU value to
+ *
+ * Converts from the UABI format into the kernel internal hardware
+ * dependent format.
+ *
+ * This function ultimately has two different callers with distinct PKRU
+ * behavior.
+ * 1. When called from sigreturn the PKRU register will be restored from
+ * @fpstate via an XRSTOR. Correctly copying the UABI format buffer to
+ * @fpstate is sufficient to cover this case, but the caller will also
+ * pass a pointer to the thread_struct's pkru field in @pkru and updating
+ * it is harmless.
+ * 2. When called from ptrace the PKRU register will be restored from the
+ * thread_struct's pkru field. A pointer to that is passed in @pkru.
+ * The kernel will restore it manually, so the XRSTOR behavior that resets
+ * the PKRU register to the hardware init value (0) if the corresponding
+ * xfeatures bit is not set is emulated here.
+ */
static int copy_uabi_to_xstate(struct xregs_state *xsave, const void *kbuf,
const void __user *ubuf, u32 *pkru)
{
@@ -1140,6 +1163,13 @@ static int copy_uabi_to_xstate(struct xr
}
}
+ if (hdr.xfeatures & XFEATURE_MASK_PKRU) {
+ struct pkru_state *xpkru;
+
+ xpkru = __raw_xsave_addr(xsave, XFEATURE_PKRU);
+ *pkru = xpkru->pkru;
+ }
+
/*
* The state that came in from userspace was user-state only.
* Mask all the user states out of 'xfeatures':
Patches currently in stable-queue which might be from me@xxxxxxxxxxxx are
queue-5.15/x86-fpu-take-task_struct-in-copy_sigframe_from_user_to_xstate.patch
queue-5.15/selftests-vm-pkeys-add-a-regression-test-for-setting-pkru-through-ptrace.patch
queue-5.15/x86-fpu-emulate-xrstor-s-behavior-if-the-xfeatures-pkru-bit-is-not-set.patch
queue-5.15/x86-fpu-allow-pkru-to-be-once-again-written-by-ptrace.patch
queue-5.15/x86-fpu-add-a-pkru-argument-to-copy_uabi_to_xstate.patch
queue-5.15/x86-fpu-add-a-pkru-argument-to-copy_uabi_from_kernel_to_xstate.patch
