From: Eric Biggers <ebigg...@google.com> Tighten the checks in xstateregs_set().
Signed-off-by: Eric Biggers <ebigg...@google.com> Cc: Andy Lutomirski <l...@kernel.org> Cc: Dave Hansen <dave.han...@linux.intel.com> Cc: Dmitry Vyukov <dvyu...@google.com> Cc: Fenghua Yu <fenghua...@intel.com> Cc: Kees Cook <keesc...@chromium.org> Cc: Kevin Hao <haoke...@gmail.com> Cc: Linus Torvalds <torva...@linux-foundation.org> Cc: Michael Halcrow <mhalc...@google.com> Cc: Oleg Nesterov <o...@redhat.com> Cc: Peter Zijlstra <pet...@infradead.org> Cc: Rik van Riel <r...@redhat.com> Cc: Thomas Gleixner <t...@linutronix.de> Cc: Wanpeng Li <wanpeng...@hotmail.com> Cc: Yu-cheng Yu <yu-cheng...@intel.com> Cc: kernel-harden...@lists.openwall.com Signed-off-by: Ingo Molnar <mi...@kernel.org> --- arch/x86/kernel/fpu/regset.c | 19 ++++++------------- 1 file changed, 6 insertions(+), 13 deletions(-) diff --git a/arch/x86/kernel/fpu/regset.c b/arch/x86/kernel/fpu/regset.c index ee8d2f049818..b831d5b9de99 100644 --- a/arch/x86/kernel/fpu/regset.c +++ b/arch/x86/kernel/fpu/regset.c @@ -141,27 +141,20 @@ int xstateregs_set(struct task_struct *target, const struct user_regset *regset, ret = copy_user_to_xstate(xsave, ubuf); } else { ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, xsave, 0, -1); - - /* xcomp_bv must be 0 when using uncompacted format */ - if (!ret && xsave->header.xcomp_bv) - ret = -EINVAL; + if (!ret) + ret = validate_xstate_header(&xsave->header); } /* - * In case of failure, mark all states as init: - */ - if (ret) - fpstate_init(&fpu->state); - - /* * mxcsr reserved bits must be masked to zero for security reasons. */ xsave->i387.mxcsr &= mxcsr_feature_mask; - xsave->header.xfeatures &= xfeatures_mask; + /* - * These bits must be zero. + * In case of failure, mark all states as init: */ - memset(&xsave->header.reserved, 0, 48); + if (ret) + fpstate_init(&fpu->state); return ret; } -- 2.11.0