CVE-2021-47226

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> x86/fpu: Invalidate FPU state after a failed XRSTOR from a user buffer<br /> <br /> Both Intel and AMD consider it to be architecturally valid for XRSTOR to<br /> fail with #PF but nonetheless change the register state. The actual<br /> conditions under which this might occur are unclear [1], but it seems<br /> plausible that this might be triggered if one sibling thread unmaps a page<br /> and invalidates the shared TLB while another sibling thread is executing<br /> XRSTOR on the page in question.<br /> <br /> __fpu__restore_sig() can execute XRSTOR while the hardware registers<br /> are preserved on behalf of a different victim task (using the<br /> fpu_fpregs_owner_ctx mechanism), and, in theory, XRSTOR could fail but<br /> modify the registers.<br /> <br /> If this happens, then there is a window in which __fpu__restore_sig()<br /> could schedule out and the victim task could schedule back in without<br /> reloading its own FPU registers. This would result in part of the FPU<br /> state that __fpu__restore_sig() was attempting to load leaking into the<br /> victim task&amp;#39;s user-visible state.<br /> <br /> Invalidate preserved FPU registers on XRSTOR failure to prevent this<br /> situation from corrupting any state.<br /> <br /> [1] Frequent readers of the errata lists might imagine "complex<br /> microarchitectural conditions".