From: Uros Bizjak <ubizjak@gmail.com>
To: kvm@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org
Cc: Uros Bizjak <ubizjak@gmail.com>,
Sean Christopherson <seanjc@google.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Thomas Gleixner <tglx@kernel.org>, Ingo Molnar <mingo@kernel.org>,
Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
"H. Peter Anvin" <hpa@zytor.com>
Subject: [PATCH] KVM: x86: Fix incorrect memory constraint for FXSAVE in emulator
Date: Thu, 12 Feb 2026 11:27:59 +0100 [thread overview]
Message-ID: <20260212102854.15790-1-ubizjak@gmail.com> (raw)
The inline asm used to invoke FXSAVE in em_fxsave() and fxregs_fixup()
incorrectly specifies the memory operand as read-write ("+m"). FXSAVE
does not read from the destination operand; it only writes the current
FPU state to memory.
Using a read-write constraint is incorrect and misleading, as it tells
the compiler that the previous contents of the buffer are consumed by
the instruction. In both cases, the buffer passed to FXSAVE is
uninitialized, and marking it as read-write can therefore create a
false dependency on uninitialized memory.
Fix the constraint to write-only ("=m") to accurately describe the
instruction’s behavior and avoid implying that the buffer is read.
No functional change intended.
Signed-off-by: Uros Bizjak <ubizjak@gmail.com>
Cc: Sean Christopherson <seanjc@google.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Thomas Gleixner <tglx@kernel.org>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
---
arch/x86/kvm/emulate.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
index c8e292e9a24d..d60094080e3f 100644
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -3717,7 +3717,7 @@ static int em_fxsave(struct x86_emulate_ctxt *ctxt)
kvm_fpu_get();
- rc = asm_safe("fxsave %[fx]", , [fx] "+m"(fx_state));
+ rc = asm_safe("fxsave %[fx]", , [fx] "=m"(fx_state));
kvm_fpu_put();
@@ -3741,7 +3741,7 @@ static noinline int fxregs_fixup(struct fxregs_state *fx_state,
struct fxregs_state fx_tmp;
int rc;
- rc = asm_safe("fxsave %[fx]", , [fx] "+m"(fx_tmp));
+ rc = asm_safe("fxsave %[fx]", , [fx] "=m"(fx_tmp));
memcpy((void *)fx_state + used_size, (void *)&fx_tmp + used_size,
__fxstate_size(16) - used_size);
--
2.53.0
next reply other threads:[~2026-02-12 10:29 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-12 10:27 Uros Bizjak [this message]
2026-02-12 13:05 ` [PATCH] KVM: x86: Fix incorrect memory constraint for FXSAVE in emulator Paolo Bonzini
2026-02-12 13:39 ` Uros Bizjak
2026-02-12 18:06 ` Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260212102854.15790-1-ubizjak@gmail.com \
--to=ubizjak@gmail.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=pbonzini@redhat.com \
--cc=seanjc@google.com \
--cc=tglx@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox