From: Linus Torvalds <torvalds@linux-foundation.org>
To: "H. Peter Anvin" <hpa@zytor.com>
Cc: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Andy Lutomirski <luto@amacapital.net>,
Ingo Molnar <mingo@kernel.org>,
Thomas Gleixner <tglx@linutronix.de>,
"linux-tip-commits@vger.kernel.org"
<linux-tip-commits@vger.kernel.org>
Subject: Re: [tip:x86/urgent] x86/tls: Don't validate lm in set_thread_area() after all
Date: Thu, 18 Dec 2014 11:03:33 -0800 [thread overview]
Message-ID: <CA+55aFwULSs-xiyQbpUezx3ebJOfRHz4uBE3Vw7S0dXVWbfEhQ@mail.gmail.com> (raw)
In-Reply-To: <549307F0.7090009@zytor.com>
On Thu, Dec 18, 2014 at 8:59 AM, H. Peter Anvin <hpa@zytor.com> wrote:
>>
>> will leave .lm uninitialized. This means that anything in the
>> kernel that reads user_desc.lm for 32-bit tasks is unreliable.
>
> No, it won't. However, if you initialize this dynamically field by
> field rather than as an initializer, then you are correct.
Actually, even with a full initializer, unnamed parts of a structure
(so padding bytes between things, but for bitfields also unnamed
alignment fields etc) are basically "all bets are off". They are *not*
guaranteed to be initialized to zero.
So if you have a structure like
struct {
unsigned int a:5;
unsigned int b;
} x = { .a = 0, .b = 0 };
afaik the compiler is not guaranteed to initialize the left-over bits
in the first word. Because they simply don't "exist" as far as the C
language is concerned.
On the other hand, if you do
struct {
unsigned int a:5, unused:27;
unsigned int b;
} x = { .a = 0, .b = 0 };
then the 'unused' bits are guaranteed to be initialized to zero.
(Static allocations in the BSS are obviously zeroed for other reasons,
so there are no "left-over" bits there to worry about,. So in practice
the above is only about dynamic initializers).
Linus
prev parent reply other threads:[~2014-12-18 19:03 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-12-17 22:48 [PATCH resend] x86, tls: Don't validate lm in set_thread_area " Andy Lutomirski
2014-12-18 11:16 ` [tip:x86/urgent] x86/tls: Don't validate lm in set_thread_area() " tip-bot for Andy Lutomirski
2014-12-18 16:59 ` H. Peter Anvin
2014-12-18 18:26 ` Andy Lutomirski
2014-12-18 19:03 ` Linus Torvalds [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CA+55aFwULSs-xiyQbpUezx3ebJOfRHz4uBE3Vw7S0dXVWbfEhQ@mail.gmail.com \
--to=torvalds@linux-foundation.org \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-tip-commits@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=mingo@kernel.org \
--cc=tglx@linutronix.de \
--subject='Re: [tip:x86/urgent] x86/tls: Don'\''t validate lm in set_thread_area() after all' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.