All of
 help / color / mirror / Atom feed
From: Linus Torvalds <>
To: "H. Peter Anvin" <>
Cc: Linux Kernel Mailing List <>,
	Andy Lutomirski <>,
	Ingo Molnar <>,
	Thomas Gleixner <>,
Subject: Re: [tip:x86/urgent] x86/tls: Don't validate lm in set_thread_area() after all
Date: Thu, 18 Dec 2014 11:03:33 -0800	[thread overview]
Message-ID: <> (raw)
In-Reply-To: <>

On Thu, Dec 18, 2014 at 8:59 AM, H. Peter Anvin <> wrote:
>> will leave .lm uninitialized.  This means that anything in the
>> kernel that reads user_desc.lm for 32-bit tasks is unreliable.
> No, it won't.  However, if you initialize this dynamically field by
> field rather than as an initializer, then you are correct.

Actually, even with a full initializer, unnamed parts of a structure
(so padding bytes between things, but for bitfields also unnamed
alignment fields etc) are basically "all bets are off". They are *not*
guaranteed to be initialized to zero.

So if you have a structure like

   struct {
       unsigned int a:5;
       unsigned int b;
   } x = { .a = 0, .b = 0 };

afaik the compiler is not guaranteed to initialize the left-over bits
in the first word. Because they simply don't "exist" as far as the C
language is concerned.

On the other hand, if you do

   struct {
        unsigned int a:5, unused:27;
        unsigned int b;
   } x = { .a = 0, .b = 0 };

then the 'unused' bits are guaranteed to be initialized to zero.

(Static allocations in the BSS are obviously zeroed for other reasons,
so there are no "left-over" bits there to worry about,. So in practice
the above is only about dynamic initializers).


      parent reply	other threads:[~2014-12-18 19:03 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-12-17 22:48 [PATCH resend] x86, tls: Don't validate lm in set_thread_area " Andy Lutomirski
2014-12-18 11:16 ` [tip:x86/urgent] x86/tls: Don't validate lm in set_thread_area() " tip-bot for Andy Lutomirski
2014-12-18 16:59   ` H. Peter Anvin
2014-12-18 18:26     ` Andy Lutomirski
2014-12-18 19:03     ` Linus Torvalds [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \ \ \ \ \ \
    --subject='Re: [tip:x86/urgent] x86/tls: Don'\''t validate lm in set_thread_area() after all' \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.