On 01/11/2018 18:35, Marc Orr wrote: > Good question. Configuring the usercopy kmem cache to restrict access > beyond fpu_user_xstate_size bytes (rather than fpu_kernel_xstate_size > bytes) from the beginning of the state field seems intuitive to me, > but I'm honestly not familiar with what user space expects KVM to > return through the ioctls. Can someone familiar with this suggest what > to do? Otherwise, I can update the patch to use the non-usercopy > variant. Similar to signal context, KVM always converts to non-compacted format when copying out to userspace. KVM also needs to transmit supervisor states, but that is done through KVM_GET/SET_MSRS rather than KVM_GET/SET_XSAVE. In addition, the userspace areas that are pointed to by the argument of KVM_GET/SET_XSAVE and KVM_GET/SET_FPU are always accessed via copy_to_user and memdup_user, in order to avoid possible TOCTTOU races. Therefore, guest_fpu should not be usercopy at all. Paolo
