From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 32AEE2D12ED for ; Sat, 2 May 2026 03:14:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777691656; cv=none; b=NbF04wlzINrdqEsgZM8qWS4tIdfVD64NH4sRivYq2DFJYfJ9rmcKP7Ud6Lu6k7pinX9eHyOgbtT9YJn0T0UM3hlbKEa7HUSJfUvdy8Mn9bKGlyXxNmd4lFtERXMcxu9W3ay3evUEBAFbrFIfjDdufO6ytWXEPoocNngubHSIDEs= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777691656; c=relaxed/simple; bh=jNw8JNIXe2xdou3EX61eGTSqNhbO8AU8Riw7XMyOufk=; h=Date:From:To:cc:Subject:In-Reply-To:Message-ID:References: MIME-Version:Content-Type; b=DVAtlrVxEl2mDeMUsM8ytq2Vh+of+PttFH1bBH4bIVWpOcKEACTe10ElWDBRSmFQEkszaUA4Vg6RkC7fomBAhtHhRRb4Q0DB5h6/jI5wwu1OHLx1BfcbSWa4x2uCZRvqayxBaLRxHbx3WET23v70njcXStdv6HVpYp/Yhpt7Cqw= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=ZCtkENZo; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="ZCtkENZo" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5DC20C2BCB7; Sat, 2 May 2026 03:14:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777691655; bh=jNw8JNIXe2xdou3EX61eGTSqNhbO8AU8Riw7XMyOufk=; h=Date:From:To:cc:Subject:In-Reply-To:References:From; b=ZCtkENZo3ulznzI5S28ZcBL1/0/koV48WhJQudH4NJ9F05t1M9EXDzkvgBBsygjE/ DcTKcejPtQyBczdMixqCEra58zCbJDkk7SexATvtPzviarLUlHalp3hM3aeB7XGbI2 pknWw0VyOWJVJrOCYz+Y9kd8xce1FCBl0LtqNMhS+Kq4SdbDcrlu32YFzVZx2McCrI +1fujReaxegwkIyS31ZdMB4Aa7vt6JhKPed3atlWhsJMYDLi4kIzJuq/+HO3PVrqq3 5/2Zts4E7bTEfKr6mgmT18+N0Qfo+B/QV0yo8fAnJNiXvcuiqKhh/W/slk8BMIf/my Sr15KwPBEaOzQ== Date: Fri, 1 May 2026 21:14:11 -0600 (MDT) From: Paul Walmsley To: Michael Neuling cc: pjw@kernel.org, ajones@ventanamicro.com, akpm@linux-foundation.org, aleksa.paunovic@htecgroup.com, alex@ghiti.fr, aou@eecs.berkeley.edu, arikalo@gmail.com, arnd@arndb.de, bjorn@rivosinc.com, david@redhat.com, djordje.todorovic@htecgroup.com, guoren@kernel.org, junhui.liu@pigmoral.tech, kevin.brodsky@arm.com, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, ljs@kernel.org, namcao@linutronix.de, oleg@redhat.com, osalvador@suse.de, palmer@dabbelt.com, panqinglin2020@iscas.ac.cn, rppt@kernel.org, rvishwanathan@mips.com, vishal.moola@gmail.com Subject: Re: [PATCH v2] riscv: Fix register corruption from uninitialized cregs on error In-Reply-To: <20260501062320.2339562-1-mikey@neuling.org> Message-ID: References: <78b4e931-9ec7-14b6-1487-906652a65ce8@kernel.org> <20260501062320.2339562-1-mikey@neuling.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII On Fri, 1 May 2026, Michael Neuling wrote: > compat_riscv_gpr_set() calls cregs_to_regs() unconditionally, even when > user_regset_copyin() fails. Since cregs is an uninitialized stack > variable, a copyin failure causes uninitialized stack data to be written > into the target task's pt_regs, corrupting its register state and > potentially leaking kernel stack contents. > > compat_restore_sigcontext() has the same issue: it calls cregs_to_regs() > even when __copy_from_user() fails, leading to the same corruption of > the signal-returning task's register state on error. > > Only call cregs_to_regs() when the user copy succeeds. > > Fixes: 4608c159594f ("riscv: compat: ptrace: Add compat_arch_ptrace implement") > Fixes: 7383ee05314b ("riscv: compat: signal: Add rt_frame implementation") > Signed-off-by: Michael Neuling > Assisted-by: Cursor:claude-4.6-opus-high-thinking Thanks very much; queued for v7.1-rc. - Paul