Re: [PATCH v2 2/3] x86/fpu: tighten validation of user-supplied xstate_header

[Dave Hansen]

On 09/19/2017 05:44 PM, Eric Biggers wrote:
> +static inline int validate_xstate_header(const struct xstate_header *hdr)
> +{
> +	/* No unknown or supervisor features may be set */
> +	if (hdr->xfeatures & (~xfeatures_mask | XFEATURE_MASK_SUPERVISOR))
> +		return -EINVAL;
> +
> +	/* Userspace must use the uncompacted format */
> +	if (hdr->xcomp_bv)
> +		return -EINVAL;
> +
> +	/* No reserved bits may be set */
> +	if (memchr_inv(hdr->reserved, 0, sizeof(hdr->reserved)))
> +		return -EINVAL;
> +
> +	return 0;
> +}

BTW, the whole series looks pretty sane to me.  Tou're definitely
leaving the code better than you found it.  Feel free to add my acked-by
on all 3 patches.

One nit about this validate function, though.  Let's say we go and
change 'struct xstate_header' and shrink ->reserved because we add a new
field.  This validator will silently break.

Could we add a

	BUILD_BUG_ON(sizeof(hdr->reserved) != 48);

That way, the next hapless kernel developer can't miss updating this.