On Wed, Nov 07, 2018 at 08:48:37PM +0100, Sebastian Andrzej Siewior wrote: > This is a preparation for the removal of the ->initialized member in the > fpu struct. > __fpu__restore_sig() is deactivating the FPU via fpu__drop() and then > setting manually ->initialized followed by fpu__restore(). The result is > that it is possible to manipulate fpu->state and the state of registers > won't be saved/restore on a context switch which would overwrite state. restored > > Don't access the fpu->state while the content is read from user space > and examined / sanitized. Use a temporary buffer kmalloc() buffer for one "buffer" too many. More importantly, what I'm missing here is more detailed explanation about how that manipulation can happen. Especially since the comment over fpu__drop() you're removing below is claiming the exact opposite. AFAICT. Yeah, FPU code has always been nasty and tricky to follow so I think we'd need to have this stuff explained in much more detail. Thx. -- Regards/Gruss, Boris. Good mailing practices for 400: avoid top-posting and trim the reply.