From: Eric Biggers <ebigg...@google.com>
Tighten the checks in xstateregs_set().
Signed-off-by: Eric Biggers <ebigg...@google.com>
Cc: Andy Lutomirski <l...@kernel.org>
Cc: Dave Hansen <dave.han...@linux.intel.com>
Cc: Dmitry Vyukov <dvyu...@google.com>
Cc: Fenghua Yu <fenghua...@intel.com>
Cc: Kees Cook <keesc...@chromium.org>
Cc: Kevin Hao <haoke...@gmail.com>
Cc: Linus Torvalds <torva...@linux-foundation.org>
Cc: Michael Halcrow <mhalc...@google.com>
Cc: Oleg Nesterov <o...@redhat.com>
Cc: Peter Zijlstra <pet...@infradead.org>
Cc: Rik van Riel <r...@redhat.com>
Cc: Thomas Gleixner <t...@linutronix.de>
Cc: Wanpeng Li <wanpeng...@hotmail.com>
Cc: Yu-cheng Yu <yu-cheng...@intel.com>
Cc: kernel-harden...@lists.openwall.com
Signed-off-by: Ingo Molnar <mi...@kernel.org>
---
arch/x86/kernel/fpu/regset.c | 19 ++++++-------------
1 file changed, 6 insertions(+), 13 deletions(-)
diff --git a/arch/x86/kernel/fpu/regset.c b/arch/x86/kernel/fpu/regset.c
index ee8d2f049818..b831d5b9de99 100644
--- a/arch/x86/kernel/fpu/regset.c
+++ b/arch/x86/kernel/fpu/regset.c
@@ -141,27 +141,20 @@ int xstateregs_set(struct task_struct *target, const
struct user_regset *regset,
ret = copy_user_to_xstate(xsave, ubuf);
} else {
ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, xsave, 0,
-1);
-
- /* xcomp_bv must be 0 when using uncompacted format */
- if (!ret && xsave->header.xcomp_bv)
- ret = -EINVAL;
+ if (!ret)
+ ret = validate_xstate_header(&xsave->header);
}
/*
- * In case of failure, mark all states as init:
- */
- if (ret)
- fpstate_init(&fpu->state);
-
- /*
* mxcsr reserved bits must be masked to zero for security reasons.
*/
xsave->i387.mxcsr &= mxcsr_feature_mask;
- xsave->header.xfeatures &= xfeatures_mask;
+
/*
- * These bits must be zero.
+ * In case of failure, mark all states as init:
*/
- memset(&xsave->header.reserved, 0, 48);
+ if (ret)
+ fpstate_init(&fpu->state);
return ret;
}
--
2.11.0
