Re: [patch V2 08/52] x86/fpu: Sanitize xstateregs_set()

From: Thomas Gleixner
Date: Tue Jun 15 2021 - 17:32:20 EST

Next message: Eric Biggers: "Re: [PATCH v5] bpf: core: fix shift-out-of-bounds in ___bpf_prog_run"
Previous message: Rob Herring: "Re: [PATCH v3 4/4] arm64: dts: rockchip: Update PCI host bridge window to 32-bit address memory"
In reply to: Borislav Petkov: "Re: [patch V2 08/52] x86/fpu: Sanitize xstateregs_set()"
Next in thread: Thomas Gleixner: "[patch V2 09/52] x86/fpu: Reject invalid MXCSR values in copy_kernel_to_xstate()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jun 15 2021 at 19:40, Borislav Petkov wrote:
> On Mon, Jun 14, 2021 at 05:44:16PM +0200, Thomas Gleixner wrote:
>> @@ -108,10 +110,10 @@ int xstateregs_set(struct task_struct *t
>> const void *kbuf, const void __user *ubuf)
>> {
>> struct fpu *fpu = &target->thread.fpu;
>> - struct xregs_state *xsave;
>> + struct xregs_state *tmpbuf = NULL;
>> int ret;
>>
>> - if (!boot_cpu_has(X86_FEATURE_XSAVE))
>> + if (!static_cpu_has(X86_FEATURE_XSAVE))
>
> cpu_feature_enabled() - we're going to use only that thing from now on
> for simplicity.

Sure, I just run sed over the set.

>> + fpu__prepare_write(fpu);
>
> Yikes, why isn't this function called
>
> fpu_invalidate_state(fpu)

Because...

>> + /* mxcsr reserved bits must be masked to zero for historical reasons. */
>
> Wasn't that comment supposed to get some love?

See the next patch ...

Next message: Eric Biggers: "Re: [PATCH v5] bpf: core: fix shift-out-of-bounds in ___bpf_prog_run"
Previous message: Rob Herring: "Re: [PATCH v3 4/4] arm64: dts: rockchip: Update PCI host bridge window to 32-bit address memory"
In reply to: Borislav Petkov: "Re: [patch V2 08/52] x86/fpu: Sanitize xstateregs_set()"
Next in thread: Thomas Gleixner: "[patch V2 09/52] x86/fpu: Reject invalid MXCSR values in copy_kernel_to_xstate()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]