On 09/19/2017 05:44 PM, Eric Biggers wrote: > +static inline int validate_xstate_header(const struct xstate_header *hdr) > +{ > + /* No unknown or supervisor features may be set */ > + if (hdr->xfeatures & (~xfeatures_mask | XFEATURE_MASK_SUPERVISOR)) > + return -EINVAL; > + > + /* Userspace must use the uncompacted format */ > + if (hdr->xcomp_bv) > + return -EINVAL; > + > + /* No reserved bits may be set */ > + if (memchr_inv(hdr->reserved, 0, sizeof(hdr->reserved))) > + return -EINVAL; > + > + return 0; > +}
BTW, the whole series looks pretty sane to me. Tou're definitely leaving the code better than you found it. Feel free to add my acked-by on all 3 patches. One nit about this validate function, though. Let's say we go and change 'struct xstate_header' and shrink ->reserved because we add a new field. This validator will silently break. Could we add a BUILD_BUG_ON(sizeof(hdr->reserved) != 48); That way, the next hapless kernel developer can't miss updating this.