svn commit: r190426 - in head/sys: amd64/amd64 i386/isa

Wed Mar 25 15:08:31 PDT 2009

Author: jhb
Date: Wed Mar 25 22:08:30 2009
New Revision: 190426
URL: http://svn.freebsd.org/changeset/base/190426

Log:
  Fix a few nits in the earlier changes to prevent local information leakage
  in AMD FPUs:
  - Do not clear the affected state in the case that the FPU registers for
    the thread that already owns the FPU are changed via fpu_setregs().  The
    only local information the thread would see is its own state in that
    case.
  - Fix a type mismatch for the dummy variable used in a "fld".  It accepts
    a float, not a double.
  
  Reviewed by:	bde
  Approved by:	so (cperciva)
  MFC after:	1 month

Modified:
  head/sys/amd64/amd64/fpu.c
  head/sys/i386/isa/npx.c

Modified: head/sys/amd64/amd64/fpu.c
==============================================================================

--- head/sys/amd64/amd64/fpu.c	Wed Mar 25 21:20:15 2009	(r190425)
+++ head/sys/amd64/amd64/fpu.c	Wed Mar 25 22:08:30 2009	(r190426)
@@ -480,7 +480,6 @@ fpusetregs(struct thread *td, struct sav
 
 	s = intr_disable();
 	if (td == PCPU_GET(fpcurthread)) {
-		fpu_clean_state();
 		fxrstor(addr);
 		intr_restore(s);
 	} else {
@@ -499,10 +498,10 @@ fpusetregs(struct thread *td, struct sav
  * In order to avoid leaking this information across processes, we clean
  * these values by performing a dummy load before executing fxrstor().
  */
-static	double	dummy_variable = 0.0;
 static void
 fpu_clean_state(void)
 {
+	static float dummy_variable = 0.0;
 	u_short status;
 
 	/*

Modified: head/sys/i386/isa/npx.c
==============================================================================
--- head/sys/i386/isa/npx.c	Wed Mar 25 21:20:15 2009	(r190425)
+++ head/sys/i386/isa/npx.c	Wed Mar 25 22:08:30 2009	(r190426)
@@ -794,6 +794,11 @@ npxdna(void)
 	PCPU_SET(fpcurthread, curthread);
 	pcb = PCPU_GET(curpcb);
 
+#ifdef CPU_ENABLE_SSE
+	if (cpu_fxsr)
+		fpu_clean_state();
+#endif
+
 	if ((pcb->pcb_flags & PCB_NPXINITDONE) == 0) {
 		/*
 		 * This is the first time this thread has used the FPU or
@@ -976,10 +981,10 @@ fpusave(addr)
  * In order to avoid leaking this information across processes, we clean
  * these values by performing a dummy load before executing fxrstor().
  */
-static	double	dummy_variable = 0.0;
 static void
 fpu_clean_state(void)
 {
+	static float dummy_variable = 0.0;
 	u_short status;
 
 	/*
@@ -1005,10 +1010,9 @@ fpurstor(addr)
 {
 
 #ifdef CPU_ENABLE_SSE
-	if (cpu_fxsr) {
-		fpu_clean_state();
+	if (cpu_fxsr)
 		fxrstor(addr);
-	} else
+	else
 #endif
 		frstor(addr);
 }
