From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752663AbdAZCFR (ORCPT <rfc822;w@1wt.eu>);
        Wed, 25 Jan 2017 21:05:17 -0500
Received: from shelob.surriel.com ([96.67.55.147]:42398 "EHLO
        shelob.surriel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1752424AbdAZCFQ (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 25 Jan 2017 21:05:16 -0500
From: riel@redhat.com
To: linux-kernel@vger.kernel.org
Cc: mingo@kernel.org, luto@kernel.org, yu-cheng.yu@intel.com,
        dave.hansen@linux.intel.com, bp@suse.de
Subject: [PATCH 0/2] x86/fpu: copyout_from_xsaves & copyin_to_xsaves fixes
Date: Wed, 25 Jan 2017 20:57:57 -0500
Message-Id: <20170126015759.25871-1-riel@redhat.com>
X-Mailer: git-send-email 2.9.3
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

There are two issues with copyout_from_xsaves and copyin_to_xsaves.

The first is a simple bounds checking issue, where the code could
potentially clobber memory outside of a userspace buffer before it
stops copying data.

The second is more subtle. SSE and YMM XRSTOR depend on two fields
inside the legacy FP area. However, if xfeatures XFEATURE_MASK_FP is
clear, those fields do not get copied around at all. Fix that.

Thanks to Dave Hansen for helping track down that second bug.