[PATCH 0/2] x86/fpu: copyout_from_xsaves & copyin_to_xsaves fixes

From: riel
Date: Wed Jan 25 2017 - 21:05:44 EST

Next message: Masami Hiramatsu: "Re: [v3 PATCH 04/10] x86/insn-kernel: Add a function to obtain register offset in ModRM"
Previous message: riel: "[PATCH 1/2] x86/fpu: move copyout_from_xsaves bounds check before the copy"
Next in thread: riel: "[PATCH 2/2] x86/fpu: copy MXCSR & MXCSR_FLAGS with SSE/YMM state"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

There are two issues with copyout_from_xsaves and copyin_to_xsaves.

The first is a simple bounds checking issue, where the code could
potentially clobber memory outside of a userspace buffer before it
stops copying data.

The second is more subtle. SSE and YMM XRSTOR depend on two fields
inside the legacy FP area. However, if xfeatures XFEATURE_MASK_FP is
clear, those fields do not get copied around at all. Fix that.

Thanks to Dave Hansen for helping track down that second bug.

Next message: Masami Hiramatsu: "Re: [v3 PATCH 04/10] x86/insn-kernel: Add a function to obtain register offset in ModRM"
Previous message: riel: "[PATCH 1/2] x86/fpu: move copyout_from_xsaves bounds check before the copy"
Next in thread: riel: "[PATCH 2/2] x86/fpu: copy MXCSR & MXCSR_FLAGS with SSE/YMM state"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]