Re: [PATCH 05/10] x86/fpu: Fix potential underflow in xstate_calculate_size()
From: Chang S. Bae
Date: Tue Jun 30 2026 - 15:29:15 EST
On 6/15/2026 12:37 PM, Andrei Vagin wrote:
xstate_calculate_size() calculates the size required for a given set of
xfeatures. It determines the topmost feature by finding the most
significant bit in xfeatures using fls64(xfeatures) - 1.
If xfeatures is 0, fls64(0) returns 0, and topmost becomes -1.
Previously, topmost was unsigned int, so -1 underflowed to UINT_MAX.
This caused the subsequent check `topmost <= XFEATURE_SSE` to fail, and
the code proceeded to access xstate arrays using topmost (UINT_MAX) as
an index, leading to an out-of-bounds access.
Fix this by checking if xfeatures only contains legacy features (FP/SSE)
or is empty (xfeatures <= XFEATURE_MASK_FPSSE) before calculating
topmost.
Just a nit: this appears to prepare for the changes in patch7. If so, it may make sense to move it just before that?