Thanks for catching that, Suresh.
The fix needed a few nits different from your patch.
Thanks,
Roland
---
This fixes the bug introduced recently during the revamp of the code.
fpregs_set() needs to use convert_to_fxsr() rather than copying into the
fxsave struct directly.
Reported-by: Suresh Siddha <[EMAIL PROTECTED]>
Signed-off-by: Roland McGrath <[EMAIL PROTECTED]>
---
arch/x86/kernel/i387.c | 12 ++++++------
1 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/arch/x86/kernel/i387.c b/arch/x86/kernel/i387.c
index 7e354a3..26719bd 100644
--- a/arch/x86/kernel/i387.c
+++ b/arch/x86/kernel/i387.c
@@ -326,6 +326,7 @@ int fpregs_set(struct task_struct *target, const struct
user_regset *regset,
unsigned int pos, unsigned int count,
const void *kbuf, const void __user *ubuf)
{
+ struct user_i387_ia32_struct env;
int ret;
if (!HAVE_HWFP)
@@ -338,13 +339,12 @@ int fpregs_set(struct task_struct *target, const struct
user_regset *regset,
return user_regset_copyin(&pos, &count, &kbuf, &ubuf,
&target->thread.i387.fsave, 0, -1);
- ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf,
- &target->thread.i387.fxsave, 0, -1);
+ if (pos > 0 || count < sizeof(env))
+ convert_from_fxsr(&env, target);
- /*
- * mxcsr reserved bits must be masked to zero for security reasons.
- */
- target->thread.i387.fxsave.mxcsr &= mxcsr_feature_mask;
+ ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &env, 0, -1);
+ if (!ret)
+ convert_to_fxsr(target, &env);
return ret;
}
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
