x86/xstate: Fix latent bugs in expand_xsave_states()
Without checking the size input, the memcpy() for the uncompressed path might
read off the end of the vcpu's xsave_area. Both callers pass the approprite
size, so hold them to it with a BUG_ON().
The compressed path is currently dead code, but its attempt to avoid leaking
uninitalised data was incomplete. Work around this by zeroing the whole rest
of the buffer before decompression.
The loop skips all bits which aren't set in xstate_bv, meaning that the
memset() was dead code. The logic is more obvious with get_xsave_addr()
expanded inline, allowing for quite a lot of simplification, including all the
NULL pointer logic.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <JBeulich@suse.com>
projects / xen.git / commit