From: "Jan Beulich" <JBeulich@suse.com>
To: Andrew Cooper <andrew.cooper3@citrix.com>
Cc: Xen-devel <xen-devel@lists.xen.org>
Subject: Re: [PATCH 1/6] x86/xstate: Fix array overrun on hardware with LWP
Date: Mon, 16 Jan 2017 09:26:20 -0700 [thread overview]
Message-ID: <587D023C020000780013099B@prv-mh.provo.novell.com> (raw)
In-Reply-To: <1484566830-13916-2-git-send-email-andrew.cooper3@citrix.com>
>>> On 16.01.17 at 12:40, <andrew.cooper3@citrix.com> wrote:
> c/s da62246e4c "x86/xsaves: enable xsaves/xrstors/xsavec in xen" introduced
> setup_xstate_features() to allocate and fill xstate_offsets[] and
> xstate_sizes[].
>
> However, fls() casts xfeature_mask to 32bits which truncates LWP out of the
> calculation. As a result, the arrays are allocated too short, and the cpuid
> infrastructure reads off the end of them when calculating xstate_size for the
> guest.
>
> On one test system, this results in 0x3fec83c0 being returned as the maximum
> size of an xsave area, which surprisingly appears not to bother Windows or
> Linux too much. I suspect they both use current size based on xcr0, which Xen
> forwards from real hardware.
>
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
next prev parent reply other threads:[~2017-01-16 16:26 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-16 11:40 [PATCH 0/6] Further CPUID improvements Andrew Cooper
2017-01-16 11:40 ` [PATCH 1/6] x86/xstate: Fix array overrun on hardware with LWP Andrew Cooper
2017-01-16 16:26 ` Jan Beulich [this message]
2017-01-16 11:40 ` [PATCH 2/6] x86/cpuid: Introduce recalculate_xstate() Andrew Cooper
2017-01-16 16:45 ` Jan Beulich
2017-01-16 17:02 ` Andrew Cooper
2017-01-16 17:09 ` Jan Beulich
2017-01-17 11:27 ` [PATCH v2 " Andrew Cooper
2017-01-17 12:52 ` Jan Beulich
2017-01-17 15:15 ` Andrew Cooper
2017-01-17 15:28 ` Jan Beulich
2017-01-17 15:30 ` Andrew Cooper
2017-01-16 11:40 ` [PATCH 3/6] x86/cpuid: Move all xstate leaf handling into guest_cpuid() Andrew Cooper
2017-01-16 16:58 ` Jan Beulich
2017-01-16 17:07 ` Andrew Cooper
2017-01-16 11:40 ` [PATCH 4/6] tools/libxc: Remove xsave calculations from libxc Andrew Cooper
2017-01-16 11:44 ` Wei Liu
2017-01-16 11:40 ` [PATCH 5/6] x86/cpuid: Don't offer HVM hypervisor leaves to PV guests Andrew Cooper
2017-01-16 17:02 ` Jan Beulich
2017-01-17 11:01 ` Andrew Cooper
2017-01-16 11:40 ` [PATCH 6/6] x86/cpuid: Offer ITSC to domains which are automatically non-migrateable Andrew Cooper
2017-01-16 17:07 ` Jan Beulich
2017-01-16 17:26 ` Andrew Cooper
2017-01-17 9:00 ` Jan Beulich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=587D023C020000780013099B@prv-mh.provo.novell.com \
--to=jbeulich@suse.com \
--cc=andrew.cooper3@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.