From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 8E638C3DA7D for ; Tue, 3 Jan 2023 20:28:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:In-Reply-To:References:Message-Id :MIME-Version:Subject:Date:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=/Az9ag7ie2n1KgsA5qZvPOj3M1fxihmYJW+Oqidyc38=; b=nkW3LJ0fbJnG/q 3Dn6a+uuRPG8TopLz+isX/0uN4DNNqKBOKpaEhxnWtIEV/6ROesLTAaPSSlXXFG6+27z4GzsrJ1Xz U3T5S4nVbvZDk+9chCxKtqh7mqT84A9Glp1SR/L/onJVzBhhvLPvjPSKxfgdAEGuqnndos/IXrrDM UTuGpmw2uVzSm7Vft5dL/5Y844r3nHKLPh8Eht00gk2ETSVICJIyjWo1gu/mKBYfFpWiK729nMeGQ cQINeFihW/1tEoDFL1PVAjG3FyBcMyHNchxVh9nExjzOGhx/vxm2RF14IiQnia2Dz6XqQCzJwuW5R dd0BYKn9jJ2zMuiwYYhw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1pCnsP-004jQp-7Y; Tue, 03 Jan 2023 20:27:13 +0000 Received: from dfw.source.kernel.org ([139.178.84.217]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1pCnqt-004j9Z-4v for linux-arm-kernel@lists.infradead.org; Tue, 03 Jan 2023 20:25:40 +0000 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id B31BB6150B; Tue, 3 Jan 2023 20:25:38 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0FA21C433EF; Tue, 3 Jan 2023 20:25:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1672777538; bh=x+GcchtGQYQlLai5+CmXMMkSiw5EhNLH81SImALJnoU=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=atZioraLtfipKzb/gvK5yhLPjflghimV3TvgC2ZebNAsQJy8DfVaq+O7rnYfidsMU jpAQ8PP+THbR0IeKguJoQR45bdRhiztILjS4GmXO9iVNQNYKnvR/tf8dNxtB0Iu+Q2 WCb1f2YRz0tYxhaDRuN0oxv9Ty93NL8Rttb8aGzeN3TXWIP0soiZMUcgwFnwQVBD0f 7853MFNggpNdn/6MVCG+Ebnnqyps5iCLcGpaIO1SQ4KcDg/I8KqCWTGQ4tvlwreQY8 fS7vDh5f3FApODEM9Bsf3Dmq4lVWxUO2ec+psA1OWMlgm/nsLGvc41FTiIOAjfEvm0 YQrAiEBYj8e9w== From: Mark Brown Date: Tue, 03 Jan 2023 20:25:16 +0000 Subject: [PATCH v2 2/6] arm64/signal: Remove redundant size validation from parse_user_sigframe() MIME-Version: 1.0 Message-Id: <20221212-arm64-signal-cleanup-v2-2-14a8f3e088b7@kernel.org> References: <20221212-arm64-signal-cleanup-v2-0-14a8f3e088b7@kernel.org> In-Reply-To: <20221212-arm64-signal-cleanup-v2-0-14a8f3e088b7@kernel.org> To: Catalin Marinas , Will Deacon Cc: linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, Mark Brown X-Mailer: b4 0.12-dev-214b3 X-Developer-Signature: v=1; a=openpgp-sha256; l=2702; i=broonie@kernel.org; h=from:subject:message-id; bh=x+GcchtGQYQlLai5+CmXMMkSiw5EhNLH81SImALJnoU=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBjtI85bDh+bOarIH4knGB/z8JxY1l40IEwpTz1YryH ifnKvo+JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCY7SPOQAKCRAk1otyXVSH0Eq0B/ 9JVDlOxCNJR3j7nZcG2xkBNML//sZkZxAKPdNhA8Nco5iJy60qjGNl55augVclshngRMKjyy6IvM2e PLurtzrwQKV4CH0qc7dqRYPXo9zMN4wuwW4sJ1FK4Qm/lqXME6uOIWoGgBje4ZfwdfbvoG0up9pIwn 2mbZ/p+9HfXqll9G5RbRQT9phdCckO8qh+UqxGV8+Ewgq625I95pShkfb5q3/0SYTF5Xpg8dT0UK4t FTjjTEVnJDesKhYLxvLND/rhSlOulgiu6T0hCAmZAajtwYO40Y345Qy48mRjaWzJ5UieSK1AJaRZOy 7Vc1gJnhpBczsW/F/Pemi9/B4YuCBW X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230103_122539_418911_EA292A1D X-CRM114-Status: GOOD ( 16.70 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org There is some minimal size validation in parse_user_sigframe() however all of the individual parsing functions perform frame specific validation of the sizing information, remove the frame specific size checks in the core so that there isn't any confusion about what we validate for size. Since the checks in the SVE and ZA parsing are after we have read the relevant context and since they won't report an error if the frame is undersized they are adjusted to check for this before doing anything else. Signed-off-by: Mark Brown --- arch/arm64/kernel/signal.c | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c index 9d3d10269da7..a7b4bb584d17 100644 --- a/arch/arm64/kernel/signal.c +++ b/arch/arm64/kernel/signal.c @@ -274,6 +274,9 @@ static int restore_sve_fpsimd_context(struct user_ctxs *user) if (__copy_from_user(&sve, user->sve, sizeof(sve))) return -EFAULT; + if (sve.head.size < sizeof(*user->sve)) + return -EINVAL; + if (sve.flags & SVE_SIG_FLAG_SM) { if (!system_supports_sme()) return -EINVAL; @@ -289,7 +292,7 @@ static int restore_sve_fpsimd_context(struct user_ctxs *user) if (sve.vl != vl) return -EINVAL; - if (sve.head.size <= sizeof(*user->sve)) { + if (sve.head.size == sizeof(*user->sve)) { clear_thread_flag(TIF_SVE); current->thread.svcr &= ~SVCR_SM_MASK; current->thread.fp_type = FP_STATE_FPSIMD; @@ -404,10 +407,13 @@ static int restore_za_context(struct user_ctxs *user) if (__copy_from_user(&za, user->za, sizeof(za))) return -EFAULT; + if (za.head.size < sizeof(*user->za)) + return -EINVAL; + if (za.vl != task_get_sme_vl(current)) return -EINVAL; - if (za.head.size <= sizeof(*user->za)) { + if (za.head.size == sizeof(*user->za)) { current->thread.svcr &= ~SVCR_ZA_MASK; return 0; } @@ -510,9 +516,6 @@ static int parse_user_sigframe(struct user_ctxs *user, if (user->fpsimd) goto invalid; - if (size < sizeof(*user->fpsimd)) - goto invalid; - user->fpsimd = (struct fpsimd_context __user *)head; break; @@ -527,9 +530,6 @@ static int parse_user_sigframe(struct user_ctxs *user, if (user->sve) goto invalid; - if (size < sizeof(*user->sve)) - goto invalid; - user->sve = (struct sve_context __user *)head; break; @@ -540,9 +540,6 @@ static int parse_user_sigframe(struct user_ctxs *user, if (user->za) goto invalid; - if (size < sizeof(*user->za)) - goto invalid; - user->za = (struct za_context __user *)head; break; -- 2.30.2 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel