On Tue, 21 Jul 2020 10:59:07 +0200 Florian Weimer <f...@deneb.enyo.de> wrote:
> * Kevin Buettner: > > > This commit fixes a regression encountered while running the > > gdb.base/corefile.exp test in GDB's test suite. > > > > In my testing, the typo prevented the sw_reserved field of struct > > fxregs_state from being output to the kernel XSAVES area. Thus the > > correct mask corresponding to XCR0 was not present in the core file > > for GDB to interrogate, resulting in the following behavior: > > > > [kev@f32-1 gdb]$ ./gdb -q testsuite/outputs/gdb.base/corefile/corefile > > testsuite/outputs/gdb.base/corefile/corefile.core > > Reading symbols from testsuite/outputs/gdb.base/corefile/corefile... > > [New LWP 232880] > > > > warning: Unexpected size of section `.reg-xstate/232880' in core file. > > > > With the typo fixed, the test works again as expected. > > > > Signed-off-by: Kevin Buettner <kev...@redhat.com> > > --- > > arch/x86/kernel/fpu/xstate.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c > > index 6a54e83d5589..9cf40a7ff7ae 100644 > > --- a/arch/x86/kernel/fpu/xstate.c > > +++ b/arch/x86/kernel/fpu/xstate.c > > @@ -1022,7 +1022,7 @@ int copy_xstate_to_kernel(void *kbuf, struct > > xregs_state *xsave, unsigned int of > > copy_part(offsetof(struct fxregs_state, st_space), 128, > > &xsave->i387.st_space, &kbuf, &offset_start, &count); > > if (header.xfeatures & XFEATURE_MASK_SSE) > > - copy_part(xstate_offsets[XFEATURE_MASK_SSE], 256, > > + copy_part(xstate_offsets[XFEATURE_SSE], 256, > > &xsave->i387.xmm_space, &kbuf, &offset_start, &count); > > /* > > * Fill xsave->i387.sw_reserved value for ptrace frame: > > Does this read out-of-bounds, potentially disclosing kernel memory? > Not if the system supports AVX, I assume. An overlarge offset (first parameter) passed to copy_part() will cause fill_gap() to be called which will copy data out of &init_fpstate.xsave. Care is taken in both fill_gap and copy_part to not copy more data than the remaining count. So, I think the answer is "no". Kevin