[PATCH] i386/x86-64: Fix x87 information leak between processes AMD K7/K8 CPUs only save/restore the FOP/FIP/FDP x87 registers in FXSAVE when an exception is pending. This means the value leak through context switches and allow processes to observe some x87 instruction state of other processes. This was actually documented by AMD, but nobody recognized it as being different from Intel before. The fix first adds an optimization: instead of unconditionally calling FNCLEX after each FXSAVE test if ES is pending and skip it when not needed. Then do a dummy x87 load to clear FOP/FIP/FDP. This means other processes always will only see a constant value defined by the kernel. Then it does a ffree st(7) ; fild This is executed unconditionally on FXSAVE capable systems, but has been benchmarked on Intel systems to be reasonably fast. I also had to move unlazy_fpu for 64bit to make sure the code always executes with the data segment of the new process to prevent leaking the old one. Patch for both i386/x86-64. The problem was discovered originally by Jan Beulich. Richard Brunner provided the basic code for the workarounds with contributions from Jan. This is CVE-2006-1056 Signed-off-by: Andi Kleen arch/i386/kernel/i387.c arch/x86_64/kernel/process.c include/asm-x86_64/i387.h
Created attachment 128306 [details] Patch for CVE-2006-1056
*** This bug has been marked as a duplicate of 200034 ***