RISC-V: KVM: fix stack overrun when loading vlenb

The userspace load can put up to 2048 bits into an xlen bit stack
buffer.  We want only xlen bits, so check the size beforehand.

Fixes: 2fa2903 ("RISC-V: KVM: add 'vlenb' Vector CSR")
Cc: [email protected]
Signed-off-by: Radim Krčmář <[email protected]>
Reviewed-by: Nutty Liu <[email protected]>
Reviewed-by: Daniel Henrique Barboza <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Anup Patel <[email protected]>

Author: radimkrcmar

arch/riscv/kvm/vcpu_vector.c

@@ -182,6 +182,8 @@ int kvm_riscv_vcpu_set_reg_vector(struct kvm_vcpu *vcpu,
 		struct kvm_cpu_context *cntx = &vcpu->arch.guest_context;
 		unsigned long reg_val;
 
+		if (reg_size != sizeof(reg_val))
+			return -EINVAL;
 		if (copy_from_user(&reg_val, uaddr, reg_size))
 			return -EFAULT;
 		if (reg_val != cntx->vector.vlenb)