diff options
| author | Michael Neuling <mikey@neuling.org> | 2026-05-01 06:23:20 +0000 |
|---|---|---|
| committer | Paul Walmsley <pjw@kernel.org> | 2026-05-01 21:11:31 -0600 |
| commit | 6ebcbb53fc9bc30843054ed99fd60b8e542628f4 (patch) | |
| tree | 7230035a509bdbf56c236dcb74207f735d051508 /tools/perf/scripts/python | |
| parent | 4d2b03699460b8fd5df34408a03a84a1a7ff8aa1 (diff) | |
| download | linux-6ebcbb53fc9bc30843054ed99fd60b8e542628f4.tar.gz linux-6ebcbb53fc9bc30843054ed99fd60b8e542628f4.zip | |
riscv: Fix register corruption from uninitialized cregs on error
compat_riscv_gpr_set() calls cregs_to_regs() unconditionally, even when
user_regset_copyin() fails. Since cregs is an uninitialized stack
variable, a copyin failure causes uninitialized stack data to be written
into the target task's pt_regs, corrupting its register state and
potentially leaking kernel stack contents.
compat_restore_sigcontext() has the same issue: it calls cregs_to_regs()
even when __copy_from_user() fails, leading to the same corruption of
the signal-returning task's register state on error.
Only call cregs_to_regs() when the user copy succeeds.
Fixes: 4608c159594f ("riscv: compat: ptrace: Add compat_arch_ptrace implement")
Fixes: 7383ee05314b ("riscv: compat: signal: Add rt_frame implementation")
Signed-off-by: Michael Neuling <mikey@neuling.org>
Assisted-by: Cursor:claude-4.6-opus-high-thinking
Link: https://patch.msgid.link/20260501062320.2339562-1-mikey@neuling.org
Signed-off-by: Paul Walmsley <pjw@kernel.org>
Diffstat (limited to 'tools/perf/scripts/python')
0 files changed, 0 insertions, 0 deletions