On 10/21/2009 09:40 AM, Chris Lalancette wrote:
The current implementation of get_user_desc() sign extends the return value because of integer promotion rules. For the most part, this doesn't matter, because the top bit of base2 is usually 0. If, however, that bit is 1, then the entire value will be 0xffff... which is probably not what the caller intended. This patch casts the entire thing to unsigned before returning, which generates almost the same assembly as the current code but replaces the final "cltq" (sign extend) with a "mov %eax %eax" (zero-extend). This fixes booting certain guests under KVM.
For the record, the reason why this wasn't noticed so far is that get_user_desc will be zero outside KVM except if used for FS and GS. KVM with the right guest will easily see a 0xC0000000 segment base, but you would need TLS data allocated above 2 GB to see the bug outside KVM. TLS data is in the same mmap-ed memory that hosts the thread stacks, so it will typically be below the 2 GB mark and have its most significant bit cleared.
I suppose you could see the bug if you used pthread_attr_setstack, plus of course all the right circumstances---which are rare because all but the most obscure users anyway cast the result to u32.
Paolo -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html