Re: [tip:x86/urgent] x86/fpu: Set the xcomp_bv when we fake up a XSAVES area

From: Dave Hansen
Date: Tue Feb 14 2017 - 11:48:05 EST

Next message: Greg KH: "Re: [PATCH 1/3 staging-next] android: Collect statistics from lowmemorykiller"
Previous message: James Bottomley: "Re: [tpmdd-devel] [RFC] tpm2-space: add handling for global session exhaustion"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 01/23/2017 01:43 AM, tip-bot for Kevin Hao wrote:
> diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c
> index 1d77704..e287b90 100644
> --- a/arch/x86/kernel/fpu/xstate.c
> +++ b/arch/x86/kernel/fpu/xstate.c
> @@ -1070,6 +1070,7 @@ int copyin_to_xsaves(const void *kbuf, const void __user *ubuf,
> * Add back in the features that came in from userspace:
> */
> xsave->header.xfeatures |= xfeatures;
> + xsave->header.xcomp_bv = XCOMP_BV_COMPACTED_FORMAT | xsave->header.xfeatures;

FYI, this commit bit me today. If userspace happens to have bits clear
in the 'xfeatures' field, this will *CLEAR* bits in xcomp_bv, changing
the format of the XSAVE buffer, and breaking anything that looks at the
buffer that doesn't use the instructions.

Yu-cheng's dffba9a31c commit removed this line and fixed it up, but this
might bite someone who is bisecting.

Next message: Greg KH: "Re: [PATCH 1/3 staging-next] android: Collect statistics from lowmemorykiller"
Previous message: James Bottomley: "Re: [tpmdd-devel] [RFC] tpm2-space: add handling for global session exhaustion"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]