From nobody Tue Apr 14 16:19:08 2026
Return-Path: <linux-kernel-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id AE6BBC3DA7D
	for <linux-kernel@archiver.kernel.org>; Tue,  3 Jan 2023 20:25:59 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231313AbjACUZ5 (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Tue, 3 Jan 2023 15:25:57 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52366 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S238278AbjACUZl (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 3 Jan 2023 15:25:41 -0500
Received: from ams.source.kernel.org (ams.source.kernel.org
 [IPv6:2604:1380:4601:e00::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 320E9140F3
        for <linux-kernel@vger.kernel.org>;
 Tue,  3 Jan 2023 12:25:39 -0800 (PST)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by ams.source.kernel.org (Postfix) with ESMTPS id C359BB810FD
        for <linux-kernel@vger.kernel.org>;
 Tue,  3 Jan 2023 20:25:37 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 88A5CC433B0;
        Tue,  3 Jan 2023 20:25:35 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1672777536;
        bh=zFC31q+ex+1Dl3BDwtcnroCVfROJ0aqVLE555+t4k/s=;
        h=From:Date:Subject:References:In-Reply-To:To:Cc:From;
        b=R/L1HV0Dq6n53aNNnFFlg83TGKpPpHSMTjNvh4z6pems6ig10W/eGh7lAatJddfHl
         TFnhMs2ecWcMKwUq9Z6Tv+w4TiPy9AvABwZzIeVe+RcBdB6m7ncgm27hN/HjFym86E
         rPWUXZiFeeIAwW7RbOL6naMf9wBqXrVAFrh08DxFAoapBzoTWr5vX2lcUifx+/ojS5
         iluVczswqBEXcreZLxHxJTqbrUWzKozXsmUy/7sxqhw2jBlYiNwnJ/F7TdM46DIH6z
         K58g2basDaMccxTc84UkTKmvWCfKZc57PVlQI6CbqYwovWR75k6RxDznRTdpLOc9hn
         kcM+3wzAC/TvA==
From: Mark Brown <broonie@kernel.org>
Date: Tue, 03 Jan 2023 20:25:15 +0000
Subject: [PATCH v2 1/6] arm64/signal: Don't redundantly verify FPSIMD magic
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <20221212-arm64-signal-cleanup-v2-1-14a8f3e088b7@kernel.org>
References: <20221212-arm64-signal-cleanup-v2-0-14a8f3e088b7@kernel.org>
In-Reply-To: <20221212-arm64-signal-cleanup-v2-0-14a8f3e088b7@kernel.org>
To: Catalin Marinas <catalin.marinas@arm.com>,
        Will Deacon <will@kernel.org>
Cc: linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org,
        Mark Brown <broonie@kernel.org>
X-Mailer: b4 0.12-dev-214b3
X-Developer-Signature: v=1; a=openpgp-sha256; l=1247; i=broonie@kernel.org;
 h=from:subject:message-id; bh=zFC31q+ex+1Dl3BDwtcnroCVfROJ0aqVLE555+t4k/s=;
 b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBjtI85VdbUmWZx8pESGvVVzybsGVa/FrGZIdhgibbe
 LHcz2syJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCY7SPOQAKCRAk1otyXVSH0Fk1B/
 9OGuQiovaH9EVYAhVRVZPIrfWq046KVBbZSCyKVgx3wFdkm3xfcwW10T2edp6UKYr0qCHOKC/85dlQ
 dYzOrCdNmYTbqaLKDeYvcqFCCBnAB2fNjCoqFv9VkvFQ/e6BwntCCM+ASUFN51g6dpZ5cnBQywl4Zh
 hSCas1IPotkR2yiefDL78cn/xdnJZhCsT6HHqJxxxWGRrgm1F3vPhmAmiG5jkgDZQQHUZIa/c/XAZu
 ud6Vy0+N27bA89FJBsU5cPjdW6ICvjDmiz1yIieVveJ+dsoIEOa+pvXGKE8+LKJ2Xjmk3MPZ7Isht2
 YvHD7vKZcnmuUvL/XPTNZh3CrYLG09
X-Developer-Key: i=broonie@kernel.org; a=openpgp;
 fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

We validate that the magic in the struct fpsimd_context is correct in
restore_fpsimd_context() but this is redundant since parse_user_sigframe()
uses this magic to decide to call the function in the first place. Remove
the extra validation.

Signed-off-by: Mark Brown <broonie@kernel.org>
---
 arch/arm64/kernel/signal.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c
index e0d09bf5b01b..9d3d10269da7 100644
--- a/arch/arm64/kernel/signal.c
+++ b/arch/arm64/kernel/signal.c
@@ -189,15 +189,14 @@ static int preserve_fpsimd_context(struct fpsimd_cont=
ext __user *ctx)
 static int restore_fpsimd_context(struct fpsimd_context __user *ctx)
 {
 	struct user_fpsimd_state fpsimd;
-	__u32 magic, size;
+	__u32 size;
 	int err =3D 0;
=20
-	/* check the magic/size information */
-	__get_user_error(magic, &ctx->head.magic, err);
+	/* check the size information */
 	__get_user_error(size, &ctx->head.size, err);
 	if (err)
 		return -EFAULT;
-	if (magic !=3D FPSIMD_MAGIC || size !=3D sizeof(struct fpsimd_context))
+	if (size !=3D sizeof(struct fpsimd_context))
 		return -EINVAL;
=20
 	/* copy the FP and status/control registers */

--=20
2.30.2
From nobody Tue Apr 14 16:19:08 2026
Return-Path: <linux-kernel-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 584F0C3DA7D
	for <linux-kernel@archiver.kernel.org>; Tue,  3 Jan 2023 20:25:54 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S238209AbjACUZu (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Tue, 3 Jan 2023 15:25:50 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52328 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S238270AbjACUZl (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 3 Jan 2023 15:25:41 -0500
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 321AD140F4
        for <linux-kernel@vger.kernel.org>;
 Tue,  3 Jan 2023 12:25:39 -0800 (PST)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by dfw.source.kernel.org (Postfix) with ESMTPS id B77E46150C
        for <linux-kernel@vger.kernel.org>;
 Tue,  3 Jan 2023 20:25:38 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0FA21C433EF;
        Tue,  3 Jan 2023 20:25:36 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1672777538;
        bh=x+GcchtGQYQlLai5+CmXMMkSiw5EhNLH81SImALJnoU=;
        h=From:Date:Subject:References:In-Reply-To:To:Cc:From;
        b=atZioraLtfipKzb/gvK5yhLPjflghimV3TvgC2ZebNAsQJy8DfVaq+O7rnYfidsMU
         jpAQ8PP+THbR0IeKguJoQR45bdRhiztILjS4GmXO9iVNQNYKnvR/tf8dNxtB0Iu+Q2
         WCb1f2YRz0tYxhaDRuN0oxv9Ty93NL8Rttb8aGzeN3TXWIP0soiZMUcgwFnwQVBD0f
         7853MFNggpNdn/6MVCG+Ebnnqyps5iCLcGpaIO1SQ4KcDg/I8KqCWTGQ4tvlwreQY8
         fS7vDh5f3FApODEM9Bsf3Dmq4lVWxUO2ec+psA1OWMlgm/nsLGvc41FTiIOAjfEvm0
         YQrAiEBYj8e9w==
From: Mark Brown <broonie@kernel.org>
Date: Tue, 03 Jan 2023 20:25:16 +0000
Subject: [PATCH v2 2/6] arm64/signal: Remove redundant size validation from
 parse_user_sigframe()
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <20221212-arm64-signal-cleanup-v2-2-14a8f3e088b7@kernel.org>
References: <20221212-arm64-signal-cleanup-v2-0-14a8f3e088b7@kernel.org>
In-Reply-To: <20221212-arm64-signal-cleanup-v2-0-14a8f3e088b7@kernel.org>
To: Catalin Marinas <catalin.marinas@arm.com>,
        Will Deacon <will@kernel.org>
Cc: linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org,
        Mark Brown <broonie@kernel.org>
X-Mailer: b4 0.12-dev-214b3
X-Developer-Signature: v=1; a=openpgp-sha256; l=2702; i=broonie@kernel.org;
 h=from:subject:message-id; bh=x+GcchtGQYQlLai5+CmXMMkSiw5EhNLH81SImALJnoU=;
 b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBjtI85bDh+bOarIH4knGB/z8JxY1l40IEwpTz1YryH
 ifnKvo+JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCY7SPOQAKCRAk1otyXVSH0Eq0B/
 9JVDlOxCNJR3j7nZcG2xkBNML//sZkZxAKPdNhA8Nco5iJy60qjGNl55augVclshngRMKjyy6IvM2e
 PLurtzrwQKV4CH0qc7dqRYPXo9zMN4wuwW4sJ1FK4Qm/lqXME6uOIWoGgBje4ZfwdfbvoG0up9pIwn
 2mbZ/p+9HfXqll9G5RbRQT9phdCckO8qh+UqxGV8+Ewgq625I95pShkfb5q3/0SYTF5Xpg8dT0UK4t
 FTjjTEVnJDesKhYLxvLND/rhSlOulgiu6T0hCAmZAajtwYO40Y345Qy48mRjaWzJ5UieSK1AJaRZOy
 7Vc1gJnhpBczsW/F/Pemi9/B4YuCBW
X-Developer-Key: i=broonie@kernel.org; a=openpgp;
 fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

There is some minimal size validation in parse_user_sigframe() however
all of the individual parsing functions perform frame specific validation
of the sizing information, remove the frame specific size checks in the
core so that there isn't any confusion about what we validate for size.

Since the checks in the SVE and ZA parsing are after we have read the
relevant context and since they won't report an error if the frame is
undersized they are adjusted to check for this before doing anything else.

Signed-off-by: Mark Brown <broonie@kernel.org>
---
 arch/arm64/kernel/signal.c | 19 ++++++++-----------
 1 file changed, 8 insertions(+), 11 deletions(-)

diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c
index 9d3d10269da7..a7b4bb584d17 100644
--- a/arch/arm64/kernel/signal.c
+++ b/arch/arm64/kernel/signal.c
@@ -274,6 +274,9 @@ static int restore_sve_fpsimd_context(struct user_ctxs =
*user)
 	if (__copy_from_user(&sve, user->sve, sizeof(sve)))
 		return -EFAULT;
=20
+	if (sve.head.size < sizeof(*user->sve))
+		return -EINVAL;
+
 	if (sve.flags & SVE_SIG_FLAG_SM) {
 		if (!system_supports_sme())
 			return -EINVAL;
@@ -289,7 +292,7 @@ static int restore_sve_fpsimd_context(struct user_ctxs =
*user)
 	if (sve.vl !=3D vl)
 		return -EINVAL;
=20
-	if (sve.head.size <=3D sizeof(*user->sve)) {
+	if (sve.head.size =3D=3D sizeof(*user->sve)) {
 		clear_thread_flag(TIF_SVE);
 		current->thread.svcr &=3D ~SVCR_SM_MASK;
 		current->thread.fp_type =3D FP_STATE_FPSIMD;
@@ -404,10 +407,13 @@ static int restore_za_context(struct user_ctxs *user)
 	if (__copy_from_user(&za, user->za, sizeof(za)))
 		return -EFAULT;
=20
+	if (za.head.size < sizeof(*user->za))
+		return -EINVAL;
+
 	if (za.vl !=3D task_get_sme_vl(current))
 		return -EINVAL;
=20
-	if (za.head.size <=3D sizeof(*user->za)) {
+	if (za.head.size =3D=3D sizeof(*user->za)) {
 		current->thread.svcr &=3D ~SVCR_ZA_MASK;
 		return 0;
 	}
@@ -510,9 +516,6 @@ static int parse_user_sigframe(struct user_ctxs *user,
 			if (user->fpsimd)
 				goto invalid;
=20
-			if (size < sizeof(*user->fpsimd))
-				goto invalid;
-
 			user->fpsimd =3D (struct fpsimd_context __user *)head;
 			break;
=20
@@ -527,9 +530,6 @@ static int parse_user_sigframe(struct user_ctxs *user,
 			if (user->sve)
 				goto invalid;
=20
-			if (size < sizeof(*user->sve))
-				goto invalid;
-
 			user->sve =3D (struct sve_context __user *)head;
 			break;
=20
@@ -540,9 +540,6 @@ static int parse_user_sigframe(struct user_ctxs *user,
 			if (user->za)
 				goto invalid;
=20
-			if (size < sizeof(*user->za))
-				goto invalid;
-
 			user->za =3D (struct za_context __user *)head;
 			break;
=20

--=20
2.30.2
From nobody Tue Apr 14 16:19:08 2026
Return-Path: <linux-kernel-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 97582C3DA7D
	for <linux-kernel@archiver.kernel.org>; Tue,  3 Jan 2023 20:26:05 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S238416AbjACU0C (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Tue, 3 Jan 2023 15:26:02 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52350 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S238336AbjACUZm (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 3 Jan 2023 15:25:42 -0500
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 967C0140C4
        for <linux-kernel@vger.kernel.org>;
 Tue,  3 Jan 2023 12:25:40 -0800 (PST)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by dfw.source.kernel.org (Postfix) with ESMTPS id 2FABD61505
        for <linux-kernel@vger.kernel.org>;
 Tue,  3 Jan 2023 20:25:40 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8BE24C433D2;
        Tue,  3 Jan 2023 20:25:38 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1672777539;
        bh=m/i01gOUfGyH1isH9K2Vdw5gOTY2fsfv2BhXcFDefdw=;
        h=From:Date:Subject:References:In-Reply-To:To:Cc:From;
        b=GQHtas3Q10YUpJ1JIhQT+4m0IWcorj3gxw/dRyZvENJ+oMLG22cm629b3Tl+Ukq3V
         stoEO46Kpel+EyY0ETyMONc8cCxLwcZ5oG76Z7VGL2ird2CATT9z1zBWbFmQECJT+R
         L0OmMrQEhxA1h2XTlvOdTb8tl0Qj8x7Y0fK3LXGom6+l4VTfGq2/em5ZsclN39FKxS
         a38Pqag8lioq2nKwl/QCB7XP4gRjBtRp01a4Orqexe8TkXnH/0BQduTcIv4ZIZ9/vt
         mDSbIrUh1Iqf9em4z+opqF4zJ+6iTdhVfEEd6w70WUD+mT/2QaZLihtOoy4PrrQExl
         zjHaZr3VnvlsQ==
From: Mark Brown <broonie@kernel.org>
Date: Tue, 03 Jan 2023 20:25:17 +0000
Subject: [PATCH v2 3/6] arm64/signal: Make interface for
 restore_fpsimd_context() consistent
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <20221212-arm64-signal-cleanup-v2-3-14a8f3e088b7@kernel.org>
References: <20221212-arm64-signal-cleanup-v2-0-14a8f3e088b7@kernel.org>
In-Reply-To: <20221212-arm64-signal-cleanup-v2-0-14a8f3e088b7@kernel.org>
To: Catalin Marinas <catalin.marinas@arm.com>,
        Will Deacon <will@kernel.org>
Cc: linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org,
        Mark Brown <broonie@kernel.org>
X-Mailer: b4 0.12-dev-214b3
X-Developer-Signature: v=1; a=openpgp-sha256; l=2830; i=broonie@kernel.org;
 h=from:subject:message-id; bh=m/i01gOUfGyH1isH9K2Vdw5gOTY2fsfv2BhXcFDefdw=;
 b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBjtI860ynH1NRfkt0zjncUSHTijMZP7XY9Q6c0kfBo
 H1rE2WaJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCY7SPOgAKCRAk1otyXVSH0GwWB/
 sEpN5A1l4gTcIxiZ9ARTdx4xO6CDsVEzVFHIvD1DCps3muwtLfwF2IMXpNXvlNdIo5OQVPMO4Z/EXt
 ak1Wx+e8zqNLKK/vr4IUjSzmYqNSB3Yw5JbKrAJM7ca+imSGdqRvAvVYHV/CE4nN87FeKhDKqWBW2s
 IMQHMJzUvnz8Sx13F9RK01k3pUR7b8WdKbusvn3RaDiojRYSDYkuJsQoDsh+t/01uBAKQo4MXCf5b5
 RJ9Lni1o+y4uHwSPHzU0jihGEo4iEPtx6CX/GMaB/ZBnY/RJGRLnPF16MM/1Y81h4VlJwSCLOCOU2D
 URFwleBalMV9NscCMJvFteHr2kguzA
X-Developer-Key: i=broonie@kernel.org; a=openpgp;
 fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Instead of taking a pointer to struct user_ctxs like the other two
restore_blah_context() functions the FPSIMD function takes a pointer to the
user struct it should read. Change it to be consistent with the rest, both
for consistency and to prepare for changes which avoid rereading data that
has already been read by the core parsing code.

There should be no functional change from this patch.

Signed-off-by: Mark Brown <broonie@kernel.org>
---
 arch/arm64/kernel/signal.c | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c
index a7b4bb584d17..e9c6ffc1ebba 100644
--- a/arch/arm64/kernel/signal.c
+++ b/arch/arm64/kernel/signal.c
@@ -168,6 +168,12 @@ static void __user *apply_user_offset(
 	return base + offset;
 }
=20
+struct user_ctxs {
+	struct fpsimd_context __user *fpsimd;
+	struct sve_context __user *sve;
+	struct za_context __user *za;
+};
+
 static int preserve_fpsimd_context(struct fpsimd_context __user *ctx)
 {
 	struct user_fpsimd_state const *fpsimd =3D
@@ -186,24 +192,24 @@ static int preserve_fpsimd_context(struct fpsimd_cont=
ext __user *ctx)
 	return err ? -EFAULT : 0;
 }
=20
-static int restore_fpsimd_context(struct fpsimd_context __user *ctx)
+static int restore_fpsimd_context(struct user_ctxs *user)
 {
 	struct user_fpsimd_state fpsimd;
 	__u32 size;
 	int err =3D 0;
=20
 	/* check the size information */
-	__get_user_error(size, &ctx->head.size, err);
+	__get_user_error(size, &user->fpsimd->head.size, err);
 	if (err)
 		return -EFAULT;
 	if (size !=3D sizeof(struct fpsimd_context))
 		return -EINVAL;
=20
 	/* copy the FP and status/control registers */
-	err =3D __copy_from_user(fpsimd.vregs, ctx->vregs,
+	err =3D __copy_from_user(fpsimd.vregs, &(user->fpsimd->vregs),
 			       sizeof(fpsimd.vregs));
-	__get_user_error(fpsimd.fpsr, &ctx->fpsr, err);
-	__get_user_error(fpsimd.fpcr, &ctx->fpcr, err);
+	__get_user_error(fpsimd.fpsr, &(user->fpsimd->fpsr), err);
+	__get_user_error(fpsimd.fpcr, &(user->fpsimd->fpcr), err);
=20
 	clear_thread_flag(TIF_SVE);
 	current->thread.fp_type =3D FP_STATE_FPSIMD;
@@ -216,12 +222,6 @@ static int restore_fpsimd_context(struct fpsimd_contex=
t __user *ctx)
 }
=20
=20
-struct user_ctxs {
-	struct fpsimd_context __user *fpsimd;
-	struct sve_context __user *sve;
-	struct za_context __user *za;
-};
-
 #ifdef CONFIG_ARM64_SVE
=20
 static int preserve_sve_context(struct sve_context __user *ctx)
@@ -659,7 +659,7 @@ static int restore_sigframe(struct pt_regs *regs,
 		if (user.sve)
 			err =3D restore_sve_fpsimd_context(&user);
 		else
-			err =3D restore_fpsimd_context(user.fpsimd);
+			err =3D restore_fpsimd_context(&user);
 	}
=20
 	if (err =3D=3D 0 && system_supports_sme() && user.za)

--=20
2.30.2
From nobody Tue Apr 14 16:19:08 2026
Return-Path: <linux-kernel-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 3A0DBC4708E
	for <linux-kernel@archiver.kernel.org>; Tue,  3 Jan 2023 20:26:17 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S238621AbjACU0K (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Tue, 3 Jan 2023 15:26:10 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52352 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S233937AbjACUZn (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 3 Jan 2023 15:25:43 -0500
Received: from dfw.source.kernel.org (dfw.source.kernel.org
 [IPv6:2604:1380:4641:c500::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1E4AB11472
        for <linux-kernel@vger.kernel.org>;
 Tue,  3 Jan 2023 12:25:42 -0800 (PST)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by dfw.source.kernel.org (Postfix) with ESMTPS id A259D614FE
        for <linux-kernel@vger.kernel.org>;
 Tue,  3 Jan 2023 20:25:41 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 104F0C433F2;
        Tue,  3 Jan 2023 20:25:39 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1672777541;
        bh=tm7z3a7e1dpUp7BcDdm5psXlFys9Y+jlcThdQocuGaE=;
        h=From:Date:Subject:References:In-Reply-To:To:Cc:From;
        b=GdDp/KIBN0qrkw2lYv5TQueXUnahj+WhE4Ml+XDglEKFX1Gie4jRQ00fKMmz/GRcW
         aT4Zs88w98JpYOFstEl7tpWsQsxjwGLH8YrElaO4yJ6rumjIX24ooshqfEzR4ZOssA
         ttiEJmoe+BaRh0VD4nqYdD2VX8zdfpHM2qfWWn4rVriW1SU72Ex1aSnrNXI4cZd2RQ
         1Z4hxBNHrcFQRPDbFwF2YFQ2FiQwC6nCiYSyxXeJIPld1pBLJ9EkmatiDJs6A7sYVb
         7p88MYUpj7SI9jHzD7Aje90S3jEu/ugp3/PpSMEbu4IHJ8ZThwvTXN9mlLbrtBMqXf
         kDXIKKtSnI5Cg==
From: Mark Brown <broonie@kernel.org>
Date: Tue, 03 Jan 2023 20:25:18 +0000
Subject: [PATCH v2 4/6] arm64/signal: Avoid rereading context frame sizes
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <20221212-arm64-signal-cleanup-v2-4-14a8f3e088b7@kernel.org>
References: <20221212-arm64-signal-cleanup-v2-0-14a8f3e088b7@kernel.org>
In-Reply-To: <20221212-arm64-signal-cleanup-v2-0-14a8f3e088b7@kernel.org>
To: Catalin Marinas <catalin.marinas@arm.com>,
        Will Deacon <will@kernel.org>
Cc: linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org,
        Mark Brown <broonie@kernel.org>
X-Mailer: b4 0.12-dev-214b3
X-Developer-Signature: v=1; a=openpgp-sha256; l=4225; i=broonie@kernel.org;
 h=from:subject:message-id; bh=tm7z3a7e1dpUp7BcDdm5psXlFys9Y+jlcThdQocuGaE=;
 b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBjtI87xKgAdFEn5VkiKiBgPouDLRE9SqfWc8ILuuPT
 EuE12aCJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCY7SPOwAKCRAk1otyXVSH0FGlB/
 9Sbh85w0Zd93xBgkXHw7aoF2+e44NyDjC17RXGbyfiYDs/tDa+pNhkPcD4R9tJ6SA3/tHRsth+wSKx
 Apc0G2h+08XKWnPjaUIhIF8sypbJB5kUh1cJ9TVRhlU/7O5NIPFkhpxuRt4CG20onl0sFJZwUqsP3s
 jVblAE+fXSR/p+3V3CPue6wXlRf/5M0X3EC1yw2EYKouuoD6UP2AbOFI5nivJyb2JlaEA2r5y49SUD
 NSyD5ViY6e5m7dFn9E7dyJSJcUBOMMLvPxJfZsHVVfp9Et+BqXiIL0OZnqscylVlbKKw1rbWwlIZDK
 v2FNKL7gCW/fv6dgS3Pxnno5ANwtUX
X-Developer-Key: i=broonie@kernel.org; a=openpgp;
 fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

We need to read the sizes of the signal context frames as part of parsing
the overall signal context in parse_user_sigframe(). In the cases where we
defer frame specific parsing to other functions those functions always
reread the size and validate the version they read, opening the possibility
that the value may change. Avoid this possibility by passing the size read
in parse_user_sigframe() through user_ctxs and referring to that.

Note that for SVE and ZA contexts we still read the size again but after
this change we no longer use the value, further changes will avoid the
read.

Signed-off-by: Mark Brown <broonie@kernel.org>
---
 arch/arm64/kernel/signal.c | 32 +++++++++++++++++---------------
 1 file changed, 17 insertions(+), 15 deletions(-)

diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c
index e9c6ffc1ebba..82a89b0852ee 100644
--- a/arch/arm64/kernel/signal.c
+++ b/arch/arm64/kernel/signal.c
@@ -170,8 +170,11 @@ static void __user *apply_user_offset(
=20
 struct user_ctxs {
 	struct fpsimd_context __user *fpsimd;
+	u32 fpsimd_size;
 	struct sve_context __user *sve;
+	u32 sve_size;
 	struct za_context __user *za;
+	u32 za_size;
 };
=20
 static int preserve_fpsimd_context(struct fpsimd_context __user *ctx)
@@ -195,14 +198,10 @@ static int preserve_fpsimd_context(struct fpsimd_cont=
ext __user *ctx)
 static int restore_fpsimd_context(struct user_ctxs *user)
 {
 	struct user_fpsimd_state fpsimd;
-	__u32 size;
 	int err =3D 0;
=20
 	/* check the size information */
-	__get_user_error(size, &user->fpsimd->head.size, err);
-	if (err)
-		return -EFAULT;
-	if (size !=3D sizeof(struct fpsimd_context))
+	if (user->fpsimd_size !=3D sizeof(struct fpsimd_context))
 		return -EINVAL;
=20
 	/* copy the FP and status/control registers */
@@ -271,12 +270,12 @@ static int restore_sve_fpsimd_context(struct user_ctx=
s *user)
 	struct user_fpsimd_state fpsimd;
 	struct sve_context sve;
=20
+	if (user->sve_size < sizeof(*user->sve))
+		return -EINVAL;
+
 	if (__copy_from_user(&sve, user->sve, sizeof(sve)))
 		return -EFAULT;
=20
-	if (sve.head.size < sizeof(*user->sve))
-		return -EINVAL;
-
 	if (sve.flags & SVE_SIG_FLAG_SM) {
 		if (!system_supports_sme())
 			return -EINVAL;
@@ -292,7 +291,7 @@ static int restore_sve_fpsimd_context(struct user_ctxs =
*user)
 	if (sve.vl !=3D vl)
 		return -EINVAL;
=20
-	if (sve.head.size =3D=3D sizeof(*user->sve)) {
+	if (user->sve_size =3D=3D sizeof(*user->sve)) {
 		clear_thread_flag(TIF_SVE);
 		current->thread.svcr &=3D ~SVCR_SM_MASK;
 		current->thread.fp_type =3D FP_STATE_FPSIMD;
@@ -301,7 +300,7 @@ static int restore_sve_fpsimd_context(struct user_ctxs =
*user)
=20
 	vq =3D sve_vq_from_vl(sve.vl);
=20
-	if (sve.head.size < SVE_SIG_CONTEXT_SIZE(vq))
+	if (user->sve_size < SVE_SIG_CONTEXT_SIZE(vq))
 		return -EINVAL;
=20
 	/*
@@ -404,23 +403,23 @@ static int restore_za_context(struct user_ctxs *user)
 	unsigned int vq;
 	struct za_context za;
=20
+	if (user->za_size < sizeof(*user->za))
+		return -EINVAL;
+
 	if (__copy_from_user(&za, user->za, sizeof(za)))
 		return -EFAULT;
=20
-	if (za.head.size < sizeof(*user->za))
-		return -EINVAL;
-
 	if (za.vl !=3D task_get_sme_vl(current))
 		return -EINVAL;
=20
-	if (za.head.size =3D=3D sizeof(*user->za)) {
+	if (user->za_size =3D=3D sizeof(*user->za)) {
 		current->thread.svcr &=3D ~SVCR_ZA_MASK;
 		return 0;
 	}
=20
 	vq =3D sve_vq_from_vl(za.vl);
=20
-	if (za.head.size < ZA_SIG_CONTEXT_SIZE(vq))
+	if (user->za_size < ZA_SIG_CONTEXT_SIZE(vq))
 		return -EINVAL;
=20
 	/*
@@ -517,6 +516,7 @@ static int parse_user_sigframe(struct user_ctxs *user,
 				goto invalid;
=20
 			user->fpsimd =3D (struct fpsimd_context __user *)head;
+			user->fpsimd_size =3D size;
 			break;
=20
 		case ESR_MAGIC:
@@ -531,6 +531,7 @@ static int parse_user_sigframe(struct user_ctxs *user,
 				goto invalid;
=20
 			user->sve =3D (struct sve_context __user *)head;
+			user->sve_size =3D size;
 			break;
=20
 		case ZA_MAGIC:
@@ -541,6 +542,7 @@ static int parse_user_sigframe(struct user_ctxs *user,
 				goto invalid;
=20
 			user->za =3D (struct za_context __user *)head;
+			user->za_size =3D size;
 			break;
=20
 		case EXTRA_MAGIC:

--=20
2.30.2
From nobody Tue Apr 14 16:19:08 2026
Return-Path: <linux-kernel-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 6800EC54EBC
	for <linux-kernel@archiver.kernel.org>; Tue,  3 Jan 2023 20:26:17 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S238668AbjACU0P (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Tue, 3 Jan 2023 15:26:15 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52354 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S238245AbjACUZs (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 3 Jan 2023 15:25:48 -0500
Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 17DBF140A3
        for <linux-kernel@vger.kernel.org>;
 Tue,  3 Jan 2023 12:25:45 -0800 (PST)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by ams.source.kernel.org (Postfix) with ESMTPS id C1E7DB810FE
        for <linux-kernel@vger.kernel.org>;
 Tue,  3 Jan 2023 20:25:43 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8304EC433EF;
        Tue,  3 Jan 2023 20:25:41 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1672777542;
        bh=QLG+un43OSJkuZgSGfNUjwhIH30UO3Hbr7mdGNV8oRY=;
        h=From:Date:Subject:References:In-Reply-To:To:Cc:From;
        b=fvbEzG+u/5WihFXfooAH3R485gxI6LI1JKV1BiglRWQR0lBXi2ODHKtY/O6gj227n
         IoVbQXQK+l/wmJX0PvbZ62c2kYqCl/Cg7hwPg1G5WAW5rlNDsIa6Ito3MwYIhffBBM
         X+2SMHPuzL+eheMukTd8owRhAhuo/D9ZlDhI2ID/P4elLwKXgzhtjI2wZ7fdrZ7JvH
         9kSFgadN/J9GL1w8bYkNgKfXFbl2/IiVQhPc0IifjDFivyeK4ETr6Z7yVGbDJ3Eian
         DIWK2Rqct+2gGNT8zOHaEAA0JncTzD7xNtcCqlhgPNy+TZ5C2+nssaDtaQQGyh8P2Q
         /3ATCBHMxj2aQ==
From: Mark Brown <broonie@kernel.org>
Date: Tue, 03 Jan 2023 20:25:19 +0000
Subject: [PATCH v2 5/6] arm64/signal: Only read new data when parsing the SVE
 context
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <20221212-arm64-signal-cleanup-v2-5-14a8f3e088b7@kernel.org>
References: <20221212-arm64-signal-cleanup-v2-0-14a8f3e088b7@kernel.org>
In-Reply-To: <20221212-arm64-signal-cleanup-v2-0-14a8f3e088b7@kernel.org>
To: Catalin Marinas <catalin.marinas@arm.com>,
        Will Deacon <will@kernel.org>
Cc: linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org,
        Mark Brown <broonie@kernel.org>
X-Mailer: b4 0.12-dev-214b3
X-Developer-Signature: v=1; a=openpgp-sha256; l=2160; i=broonie@kernel.org;
 h=from:subject:message-id; bh=QLG+un43OSJkuZgSGfNUjwhIH30UO3Hbr7mdGNV8oRY=;
 b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBjtI88DMxlllW4ILPHh2dr2Kaoqe5Lgf9TJ8pFyIGJ
 5N+t1ziJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCY7SPPAAKCRAk1otyXVSH0LIHB/
 0ZFpu1JxRbiEULqJ51l6GuED4UNoQjywLG32hX8RXSv86WSjL0dbOFm2KjUC36Ftbp3dGJOPHZc5nL
 b42Ei7nQVz0hUuH5Jd0UaoJMFwifv973ZNiDeGI1xCD7s7JP+ea+jn/xJbFYjFPngtCjIxM7BhmRcw
 0MXL+bfybD9R4oITe/F1Bp5fzxZ1/xltCDXyBeh8RqEtMtLI4E1OyejyiKnRsTm0sfV0nGQ5DvanF1
 VJO0b52a/3st8a/lvtS9H2o/QTva0QQvM7PSVIdeq/vmf6ggX5i37DRRZbH8sQn+pPuSHdzK2wsjRE
 ImN0Xrj9xK9QiAzvY6a8WYft2ie9Rf
X-Developer-Key: i=broonie@kernel.org; a=openpgp;
 fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

When we parse the SVE signal context we read the entire context from
userspace, including the generic signal context header which was already
read by parse_user_sigframe() and padding bytes that we ignore. Avoid the
possibility of relying on the second read of the data read twice by only
reading the data which we are actually going to use.

Signed-off-by: Mark Brown <broonie@kernel.org>
---
 arch/arm64/kernel/signal.c | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c
index 82a89b0852ee..26192ab56de4 100644
--- a/arch/arm64/kernel/signal.c
+++ b/arch/arm64/kernel/signal.c
@@ -265,18 +265,20 @@ static int preserve_sve_context(struct sve_context __=
user *ctx)
=20
 static int restore_sve_fpsimd_context(struct user_ctxs *user)
 {
-	int err;
+	int err =3D 0;
 	unsigned int vl, vq;
 	struct user_fpsimd_state fpsimd;
-	struct sve_context sve;
+	u16 user_vl, flags;
=20
 	if (user->sve_size < sizeof(*user->sve))
 		return -EINVAL;
=20
-	if (__copy_from_user(&sve, user->sve, sizeof(sve)))
-		return -EFAULT;
+	__get_user_error(user_vl, &(user->sve->vl), err);
+	__get_user_error(flags, &(user->sve->flags), err);
+	if (err)
+		return err;
=20
-	if (sve.flags & SVE_SIG_FLAG_SM) {
+	if (flags & SVE_SIG_FLAG_SM) {
 		if (!system_supports_sme())
 			return -EINVAL;
=20
@@ -288,7 +290,7 @@ static int restore_sve_fpsimd_context(struct user_ctxs =
*user)
 		vl =3D task_get_sve_vl(current);
 	}
=20
-	if (sve.vl !=3D vl)
+	if (user_vl !=3D vl)
 		return -EINVAL;
=20
 	if (user->sve_size =3D=3D sizeof(*user->sve)) {
@@ -298,7 +300,7 @@ static int restore_sve_fpsimd_context(struct user_ctxs =
*user)
 		goto fpsimd_only;
 	}
=20
-	vq =3D sve_vq_from_vl(sve.vl);
+	vq =3D sve_vq_from_vl(vl);
=20
 	if (user->sve_size < SVE_SIG_CONTEXT_SIZE(vq))
 		return -EINVAL;
@@ -326,7 +328,7 @@ static int restore_sve_fpsimd_context(struct user_ctxs =
*user)
 	if (err)
 		return -EFAULT;
=20
-	if (sve.flags & SVE_SIG_FLAG_SM)
+	if (flags & SVE_SIG_FLAG_SM)
 		current->thread.svcr |=3D SVCR_SM_MASK;
 	else
 		set_thread_flag(TIF_SVE);

--=20
2.30.2
From nobody Tue Apr 14 16:19:08 2026
Return-Path: <linux-kernel-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 28646C4708E
	for <linux-kernel@archiver.kernel.org>; Tue,  3 Jan 2023 20:26:21 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233549AbjACU0T (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Tue, 3 Jan 2023 15:26:19 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52366 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S238335AbjACUZs (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 3 Jan 2023 15:25:48 -0500
Received: from ams.source.kernel.org (ams.source.kernel.org
 [IPv6:2604:1380:4601:e00::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A650D13CF8
        for <linux-kernel@vger.kernel.org>;
 Tue,  3 Jan 2023 12:25:46 -0800 (PST)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by ams.source.kernel.org (Postfix) with ESMTPS id 5F713B81107
        for <linux-kernel@vger.kernel.org>;
 Tue,  3 Jan 2023 20:25:45 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 02C59C433F2;
        Tue,  3 Jan 2023 20:25:42 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1672777544;
        bh=R/W8mmKeaxpR93qWBCl3bp8iHKra8Il/mJ3al5xv2xs=;
        h=From:Date:Subject:References:In-Reply-To:To:Cc:From;
        b=I7qAR66ZRCypjHbZX5mvJtml3HXj5+Orkb/Q/6L+zYBGEQBpKFELl6bO+IG2dZ5Vv
         DSjhuSEI3WBV4Brcx0wvlPMAU9nDEblzXBXq47QmRHIpK7ZE5j/ywGeyuqagGrqAQ1
         pDFgtnzlQZy5Q6og7FHp1VwVKmNWypSFHQXr0WfEOd/AQubz6XoOoIF1s5ftdNH0li
         SVcPWftl/RHHbVgc443jP0iskPxQ13CwZboO9E0eqZhF+kg0qP7mQFCRbt+M5z8iEu
         BBGtnal37FdUqPVvw3114WgqcEaSGkTYBwUS63al8tFI+7eZqCwzGRhayTHmO1xGFK
         y2haoNBQPiXyA==
From: Mark Brown <broonie@kernel.org>
Date: Tue, 03 Jan 2023 20:25:20 +0000
Subject: [PATCH v2 6/6] arm64/signal: Only read new data when parsing the ZA
 context
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <20221212-arm64-signal-cleanup-v2-6-14a8f3e088b7@kernel.org>
References: <20221212-arm64-signal-cleanup-v2-0-14a8f3e088b7@kernel.org>
In-Reply-To: <20221212-arm64-signal-cleanup-v2-0-14a8f3e088b7@kernel.org>
To: Catalin Marinas <catalin.marinas@arm.com>,
        Will Deacon <will@kernel.org>
Cc: linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org,
        Mark Brown <broonie@kernel.org>
X-Mailer: b4 0.12-dev-214b3
X-Developer-Signature: v=1; a=openpgp-sha256; l=1541; i=broonie@kernel.org;
 h=from:subject:message-id; bh=R/W8mmKeaxpR93qWBCl3bp8iHKra8Il/mJ3al5xv2xs=;
 b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBjtI89bC1hF4Oqw8vOg9ajAIq4OrFhynOGKQtYhWvC
 s9O/wm+JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCY7SPPQAKCRAk1otyXVSH0HYZB/
 0a2p8lwqzzdweZpr3X+MR3f1Vwopfqc66IJXP/cGcepmIu3RaicP/UdoqD7/LN1i+TucQizeWEAF0X
 RXWaVWKXA+8qJoR3K3catNwHz/xLJhNfqzpMTmiY9B0fU3lacN3ATTv1teTEnVYtNrsxxsBz8Qa+CS
 SP8EofQ1qegyC5AUOCzsSi9Yh8nHN7HO7WutfvFP/E6+1eY2iUjQc2/4rso11w9z1IM6JQTY0EvJLo
 i/x0ekIYFppGh28mkN6KV3k1tlCCPAys5Nkxbhp1ntXJdXGhNVjIwe0ipVu3pf/0HaiDVwrpNHB2iW
 rqestOwUMVUyibcD5BrDYP7wu1bMuU
X-Developer-Key: i=broonie@kernel.org; a=openpgp;
 fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

When we parse the ZA signal context we read the entire context from
userspace, including the generic signal context header which was already
read by parse_user_sigframe() and padding bytes that we ignore. Avoid the
possibility of relying on the second read of the data read twice by only
reading the data which we are actually going to use.

Signed-off-by: Mark Brown <broonie@kernel.org>
---
 arch/arm64/kernel/signal.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c
index 26192ab56de4..bed27d4f8ce9 100644
--- a/arch/arm64/kernel/signal.c
+++ b/arch/arm64/kernel/signal.c
@@ -401,17 +401,18 @@ static int preserve_za_context(struct za_context __us=
er *ctx)
=20
 static int restore_za_context(struct user_ctxs *user)
 {
-	int err;
+	int err =3D 0;
 	unsigned int vq;
-	struct za_context za;
+	u16 user_vl;
=20
 	if (user->za_size < sizeof(*user->za))
 		return -EINVAL;
=20
-	if (__copy_from_user(&za, user->za, sizeof(za)))
-		return -EFAULT;
+	__get_user_error(user_vl, &(user->za->vl), err);
+	if (err)
+		return err;
=20
-	if (za.vl !=3D task_get_sme_vl(current))
+	if (user_vl !=3D task_get_sme_vl(current))
 		return -EINVAL;
=20
 	if (user->za_size =3D=3D sizeof(*user->za)) {
@@ -419,7 +420,7 @@ static int restore_za_context(struct user_ctxs *user)
 		return 0;
 	}
=20
-	vq =3D sve_vq_from_vl(za.vl);
+	vq =3D sve_vq_from_vl(user_vl);
=20
 	if (user->za_size < ZA_SIG_CONTEXT_SIZE(vq))
 		return -EINVAL;

--=20
2.30.2