From patchwork Mon Sep 20 16:42:25 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "gregkh@linuxfoundation.org" X-Patchwork-Id: 514369 Delivered-To: patch@linaro.org Received: by 2002:a02:c816:0:0:0:0:0 with SMTP id p22csp2331863jao; Mon, 20 Sep 2021 11:40:04 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyc3h5FidZSH1zWoM5m+TRd/H91Gu3EoG0ULebOeEek9RdM86d0wY/6y1St6P1HxwZGNxru X-Received: by 2002:a05:6e02:1c2c:: with SMTP id m12mr15348634ilh.114.1632163204316; Mon, 20 Sep 2021 11:40:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1632163204; cv=none; d=google.com; s=arc-20160816; b=DyZnkc1PHfId2MOS8SWJ7vJ4eeoXxup0YdwgF1GR8wxKyxe7UDvSEG4ihPv7jXQXMG QN7CPHhtUw9W6VobxvzxpiRR6HArOeE5YICkUv40CYcVKrm/mY8W/yz3TLNm0V2T6l5p qdLMD4UYREs/gS3Bh/h3iUA0swa0rQJ5E1rTHVFBJ0vmBAzv9ofUsyxLtb5aUSZA61+o /XtyVDkJ7WgOcYwYEZrHTkFJarEXpiuBet//IqQQiKi63t4EDT0Od0PNJFwzWz62JGZd KBgXMHdoYyC6xC6fhDwFN6GcLcAU98b9HsdqLOWR+JAhyTsMOKdXtMC/zMWjTWG829me AdLg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=XpHvNzPmVh6zrA0PBaNnbPrNdLb6bxaq5NTWrEXUO0A=; b=ubOxMpFDGoX+xroqfc2C6PGoHoEx2FnaI4oJCXhMjpqQ2N97Wp5hwcDFepbq3TgY7e a7Vwb9u3Oa17vn5BE/HHx6XrYZ0m5MNYgl/bxIAjTt4Q23axLmqnuf98JXT9xwtOL9Lj xB2EWe41tg/QA4ryG1H7DaHJS9AqU8l9J7UUhJbB/4+kXtj2MYtIKxOLhTYAT+1ckMGU l0zllksv5aCeXp0y/24vcMZPw9qDpbFcLNoZLWMZ+xvgiXKd3q+sZb3tmCynVJaHCvZ5 yODnORkGxDnuv8t9miC8vgBLy/FfVZts9SJyS6fZ4bxf29FxVJM6InLHo3+QFJDyecvy noeg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=ZqexsyE0; spf=pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y18si1268829iow.31.2021.09.20.11.40.03; Mon, 20 Sep 2021 11:40:04 -0700 (PDT) Received-SPF: pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=ZqexsyE0; spf=pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1353607AbhITSlR (ORCPT + 11 others); Mon, 20 Sep 2021 14:41:17 -0400 Received: from mail.kernel.org ([198.145.29.99]:53066 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1381484AbhITSiW (ORCPT ); Mon, 20 Sep 2021 14:38:22 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 14AD26331D; Mon, 20 Sep 2021 17:29:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1632158998; bh=YUVk19KBBd5oNKIWdem0ilUR52CnlfnPNYdNYsXsA3Y=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ZqexsyE01t5IOVNHUKxl2V4KQmpQosetVEBDxO0NW1Ln+TMP84XFON4sONFEajPAx 40KDuBlFHIBg1IDZZG7Ft/j0nv0gKRdR6xubPTq7luBFWv+twS6wHxVMI4veeZwugK 4rJPfWhXMfAv7BbY3M5V2ZQTrnI8v2KQpG97fJEI= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Mark Brown , Catalin Marinas Subject: [PATCH 5.14 007/168] arm64/sve: Use correct size when reinitialising SVE state Date: Mon, 20 Sep 2021 18:42:25 +0200 Message-Id: <20210920163921.888344722@linuxfoundation.org> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20210920163921.633181900@linuxfoundation.org> References: <20210920163921.633181900@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Mark Brown commit e35ac9d0b56e9efefaeeb84b635ea26c2839ea86 upstream. When we need a buffer for SVE register state we call sve_alloc() to make sure that one is there. In order to avoid repeated allocations and frees we keep the buffer around unless we change vector length and just memset() it to ensure a clean register state. The function that deals with this takes the task to operate on as an argument, however in the case where we do a memset() we initialise using the SVE state size for the current task rather than the task passed as an argument. This is only an issue in the case where we are setting the register state for a task via ptrace and the task being configured has a different vector length to the task tracing it. In the case where the buffer is larger in the traced process we will leak old state from the traced process to itself, in the case where the buffer is smaller in the traced process we will overflow the buffer and corrupt memory. Fixes: bc0ee4760364 ("arm64/sve: Core task context handling") Cc: # 4.15.x Signed-off-by: Mark Brown Link: https://lore.kernel.org/r/20210909165356.10675-1-broonie@kernel.org Signed-off-by: Catalin Marinas Signed-off-by: Greg Kroah-Hartman --- arch/arm64/kernel/fpsimd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/arch/arm64/kernel/fpsimd.c +++ b/arch/arm64/kernel/fpsimd.c @@ -511,7 +511,7 @@ size_t sve_state_size(struct task_struct void sve_alloc(struct task_struct *task) { if (task->thread.sve_state) { - memset(task->thread.sve_state, 0, sve_state_size(current)); + memset(task->thread.sve_state, 0, sve_state_size(task)); return; }