Skip to content

Commit 0eb2372

Browse files
brooniectmarinas
broonie
authored and
ctmarinas
committed
arm64/signal: Remove redundant size validation from parse_user_sigframe()
There is some minimal size validation in parse_user_sigframe() however all of the individual parsing functions perform frame specific validation of the sizing information, remove the frame specific size checks in the core so that there isn't any confusion about what we validate for size. Since the checks in the SVE and ZA parsing are after we have read the relevant context and since they won't report an error if the frame is undersized they are adjusted to check for this before doing anything else. Signed-off-by: Mark Brown <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Catalin Marinas <[email protected]>
1 parent 92f1451 commit 0eb2372

File tree

1 file changed

+8
-11
lines changed

1 file changed

+8
-11
lines changed

arch/arm64/kernel/signal.c

Lines changed: 8 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -278,6 +278,9 @@ static int restore_sve_fpsimd_context(struct user_ctxs *user)
278278
if (__copy_from_user(&sve, user->sve, sizeof(sve)))
279279
return -EFAULT;
280280

281+
if (sve.head.size < sizeof(*user->sve))
282+
return -EINVAL;
283+
281284
if (sve.flags & SVE_SIG_FLAG_SM) {
282285
if (!system_supports_sme())
283286
return -EINVAL;
@@ -293,7 +296,7 @@ static int restore_sve_fpsimd_context(struct user_ctxs *user)
293296
if (sve.vl != vl)
294297
return -EINVAL;
295298

296-
if (sve.head.size <= sizeof(*user->sve)) {
299+
if (sve.head.size == sizeof(*user->sve)) {
297300
clear_thread_flag(TIF_SVE);
298301
current->thread.svcr &= ~SVCR_SM_MASK;
299302
current->thread.fp_type = FP_STATE_FPSIMD;
@@ -434,10 +437,13 @@ static int restore_za_context(struct user_ctxs *user)
434437
if (__copy_from_user(&za, user->za, sizeof(za)))
435438
return -EFAULT;
436439

440+
if (za.head.size < sizeof(*user->za))
441+
return -EINVAL;
442+
437443
if (za.vl != task_get_sme_vl(current))
438444
return -EINVAL;
439445

440-
if (za.head.size <= sizeof(*user->za)) {
446+
if (za.head.size == sizeof(*user->za)) {
441447
current->thread.svcr &= ~SVCR_ZA_MASK;
442448
return 0;
443449
}
@@ -614,9 +620,6 @@ static int parse_user_sigframe(struct user_ctxs *user,
614620
if (user->fpsimd)
615621
goto invalid;
616622

617-
if (size < sizeof(*user->fpsimd))
618-
goto invalid;
619-
620623
user->fpsimd = (struct fpsimd_context __user *)head;
621624
break;
622625

@@ -631,9 +634,6 @@ static int parse_user_sigframe(struct user_ctxs *user,
631634
if (user->sve)
632635
goto invalid;
633636

634-
if (size < sizeof(*user->sve))
635-
goto invalid;
636-
637637
user->sve = (struct sve_context __user *)head;
638638
break;
639639

@@ -657,9 +657,6 @@ static int parse_user_sigframe(struct user_ctxs *user,
657657
if (user->za)
658658
goto invalid;
659659

660-
if (size < sizeof(*user->za))
661-
goto invalid;
662-
663660
user->za = (struct za_context __user *)head;
664661
break;
665662

0 commit comments

Comments
 (0)