Skip to content

Commit

Permalink
x86/fpu: Limit xstate copy size in xstateregs_set()
Browse files Browse the repository at this point in the history 
If the count argument is larger than the xstate size, this will happily
copy beyond the end of xstate.

Fixes: 91c3dba ("x86/fpu/xstate: Fix PTRACE frames for XSAVES")
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Andy Lutomirski <luto@kernel.org>
Reviewed-by: Borislav Petkov <bp@suse.de>
Link: https://lkml.kernel.org/r/20210623121452.120741557@linutronix.de
  • Loading branch information
Thomas Gleixner authored and Borislav Petkov committed Jun 23, 2021
1 parent e685244 commit 07d6688
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion arch/x86/kernel/fpu/regset.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,7 +117,7 @@ int xstateregs_set(struct task_struct *target, const struct user_regset *regset,
/*
* A whole standard-format XSAVE buffer is needed:
*/
if ((pos != 0) || (count < fpu_user_xstate_size))
if (pos != 0 || count != fpu_user_xstate_size)
return -EFAULT;

xsave = &fpu->state.xsave;
Expand Down

0 comments on commit 07d6688

Please sign in to comment.