All of lore.kernel.org
 help / color / mirror / Atom feed
From: Linus Torvalds <torvalds@linux-foundation.org>
To: "H. Peter Anvin" <hpa@zytor.com>
Cc: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
	Andy Lutomirski <luto@amacapital.net>,
	Ingo Molnar <mingo@kernel.org>,
	Thomas Gleixner <tglx@linutronix.de>,
	"linux-tip-commits@vger.kernel.org" 
	<linux-tip-commits@vger.kernel.org>
Subject: Re: [tip:x86/urgent] x86/tls: Don't validate lm in set_thread_area() after all
Date: Thu, 18 Dec 2014 11:03:33 -0800	[thread overview]
Message-ID: <CA+55aFwULSs-xiyQbpUezx3ebJOfRHz4uBE3Vw7S0dXVWbfEhQ@mail.gmail.com> (raw)
In-Reply-To: <549307F0.7090009@zytor.com>

On Thu, Dec 18, 2014 at 8:59 AM, H. Peter Anvin <hpa@zytor.com> wrote:
>>
>> will leave .lm uninitialized.  This means that anything in the
>> kernel that reads user_desc.lm for 32-bit tasks is unreliable.
>
> No, it won't.  However, if you initialize this dynamically field by
> field rather than as an initializer, then you are correct.

Actually, even with a full initializer, unnamed parts of a structure
(so padding bytes between things, but for bitfields also unnamed
alignment fields etc) are basically "all bets are off". They are *not*
guaranteed to be initialized to zero.

So if you have a structure like

   struct {
       unsigned int a:5;
       unsigned int b;
   } x = { .a = 0, .b = 0 };

afaik the compiler is not guaranteed to initialize the left-over bits
in the first word. Because they simply don't "exist" as far as the C
language is concerned.

On the other hand, if you do

   struct {
        unsigned int a:5, unused:27;
        unsigned int b;
   } x = { .a = 0, .b = 0 };

then the 'unused' bits are guaranteed to be initialized to zero.

(Static allocations in the BSS are obviously zeroed for other reasons,
so there are no "left-over" bits there to worry about,. So in practice
the above is only about dynamic initializers).

                         Linus

      parent reply	other threads:[~2014-12-18 19:03 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-12-17 22:48 [PATCH resend] x86, tls: Don't validate lm in set_thread_area " Andy Lutomirski
2014-12-18 11:16 ` [tip:x86/urgent] x86/tls: Don't validate lm in set_thread_area() " tip-bot for Andy Lutomirski
2014-12-18 16:59   ` H. Peter Anvin
2014-12-18 18:26     ` Andy Lutomirski
2014-12-18 19:03     ` Linus Torvalds [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CA+55aFwULSs-xiyQbpUezx3ebJOfRHz4uBE3Vw7S0dXVWbfEhQ@mail.gmail.com \
    --to=torvalds@linux-foundation.org \
    --cc=hpa@zytor.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-tip-commits@vger.kernel.org \
    --cc=luto@amacapital.net \
    --cc=mingo@kernel.org \
    --cc=tglx@linutronix.de \
    --subject='Re: [tip:x86/urgent] x86/tls: Don'\''t validate lm in set_thread_area() after all' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.