Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753105AbcD2UZj (ORCPT <rfc822;w@1wt.eu>);
	Fri, 29 Apr 2016 16:25:39 -0400
Received: from mga04.intel.com ([192.55.52.120]:63179 "EHLO mga04.intel.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1752909AbcD2UZh (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Fri, 29 Apr 2016 16:25:37 -0400
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.24,553,1455004800"; 
   d="scan'208";a="965626760"
Subject: Re: [PATCH v4 07/10] x86/xsaves: Fix PTRACE frames for XSAVES
To: Yu-cheng Yu <yu-cheng.yu@intel.com>, x86@kernel.org,
        "H. Peter Anvin" <hpa@zytor.com>, Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>, linux-kernel@vger.kernel.org
References: <cover.1457038929.git.yu-cheng.yu@intel.com>
 <46ff4951eef7e9ad30b25df401fa536a5bc9100b.1457038929.git.yu-cheng.yu@intel.com>
Cc: Andy Lutomirski <luto@kernel.org>, Borislav Petkov <bp@suse.de>,
        Sai Praneeth Prakhya <sai.praneeth.prakhya@intel.com>,
        "Ravi V. Shankar" <ravi.v.shankar@intel.com>,
        Fenghua Yu <fenghua.yu@intel.com>
From: Dave Hansen <dave.hansen@linux.intel.com>
Message-ID: <5723C33E.1020303@linux.intel.com>
Date: Fri, 29 Apr 2016 13:25:34 -0700
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <46ff4951eef7e9ad30b25df401fa536a5bc9100b.1457038929.git.yu-cheng.yu@intel.com>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1507
Lines: 52

On 03/04/2016 10:12 AM, Yu-cheng Yu wrote:
> +	for (i = 0; i < XFEATURE_MAX; i++) {
> +		/*
> +		 * Copy only in-use xstates.
> +		 */
> +		if (((header.xfeatures >> i) & 1) && xfeature_enabled(i)) {
> +			void *src = get_xsave_addr_no_check(xsave, i);

How could a bit in header.xfeatures get set if it is not set in
xfeature_enabled() aka xfeatures_mask aka XCR0?

...
> +int copyin_to_xsaves(const void *kbuf, const void __user *ubuf,
> +		     struct xregs_state *xsave)
> +{
> +	unsigned int offset, size;
> +	int i;
> +	u64 xfeatures;
> +
> +	offset = offsetof(struct xregs_state, header);
> +	size = sizeof(xfeatures);
> +
> +	if (kbuf)
> +		memcpy(&xfeatures, kbuf + offset, size);
> +	else if (__copy_from_user(&xfeatures, ubuf + offset, size))
> +		return -EFAULT;
> +
> +	/*
> +	 * Reject if the user tries to set any supervisor xstates.
> +	 */
> +	if (xfeatures & XFEATURE_MASK_SUPERVISOR)
> +		return -EINVAL;
> +
> +	for (i = 0; i < XFEATURE_MAX; i++) {
> +		u64 mask = ((u64)1 << i);
> +
> +		if ((xfeatures & mask) && xfeature_enabled(i)) {
> +			void *dst = get_xsave_addr_no_check(xsave, i);
> +
> +			offset = xstate_offsets[i];
> +			size = xstate_sizes[i];
> +
> +			if (kbuf)
> +				memcpy(dst, kbuf + offset, size);
> +			else if (__copy_from_user(dst, ubuf + offset, size))
> +				return -EFAULT;
> +		}
> +	}

If a caller tries to pass a non-enabled xfeature in, we appear to just
silently drop it and return success.  Is that really what we want to do
or do we want to error out?