Re: [patch V3 03/66] x86/fpu: Fix copy_xstate_to_kernel() gap handling

[Borislav Petkov]

On Fri, Jun 18, 2021 at 04:18:26PM +0200, Thomas Gleixner wrote:
> The gap handling in copy_xstate_to_kernel() is wrong when XSAVES is in use.
> 
> Using init_fpstate for copying the init state of features which are
> not set in the xstate header is only correct for the legacy area, but
> not for the extended features area because when XSAVES is in use then
> init_fpstate is in compacted form which means the xstate offsets which
> are used to copy from init_fpstate are not valid.
> 
> Fortunately this is not a real problem today because all extended
> features in use have an all zeros init state, but it is wrong
> nevertheless and with a potentially dynamically sized init_fpstate
> this would result in access outside of the init_fpstate.
> 
> Fix this by keeping track of the last copied state in the target buffer and
> explicitly zero it when there is a feature or alignment gap.
> 
> Use the compacted offset when accessing the extended feature space in
> init_fpstate.
> 
> As this is not a functional issue on older kernels this is intentionally
> not tagged for stable.
> 
> Fixes: b8be15d58806 ("x86/fpu/xstate: Re-enable XSAVES")
> Signed-off-by: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
> ---
> V3: Remove the AVX/SEE thinko
>     Fix comments (Boris)
> V2: New patch
> ---
>  arch/x86/kernel/fpu/xstate.c |  105 ++++++++++++++++++++++++-------------------
>  1 file changed, 61 insertions(+), 44 deletions(-)

Reviewed-by: Borislav Petkov <bp@xxxxxxx>

-- 
Regards/Gruss,
    Boris.

SUSE Software Solutions Germany GmbH, GF: Felix Imendörffer, HRB 36809, AG Nürnberg