git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Kevin Brodsky <kevin.brodsky@arm.com>
	Mon, 27 Apr 2026 12:03:33 +0000 (13:03 +0100)
committer	Catalin Marinas <catalin.marinas@arm.com>
	Fri, 1 May 2026 16:44:25 +0000 (17:44 +0100)
commit	030e8a40fff65ca6ac1c04a4d3c08afe72438922
tree	0db4c2dbb9c334e55cee3670ebced4adac0932d7	tree \| snapshot
parent	4d8e74ad4585672489da6145b3328d415f50db82	commit \| diff

arm64: signal: Preserve POR_EL0 if poe_context is missing

Commit 2e8a1acea859 ("arm64: signal: Improve POR_EL0 handling to
avoid uaccess failures") delayed the write to POR_EL0 in
rt_sigreturn to avoid spurious uaccess failures. This change however
relies on the poe_context frame record being present: on a system
supporting POE, calling sigreturn without a poe_context record now
results in writing arbitrary data from the kernel stack into POR_EL0.

Fix this by adding a __valid_fields member to struct
user_access_state, and zeroing the struct on allocation.
restore_poe_context() then indicates that the por_el0 field is valid
by setting the corresponding bit in __valid_fields, and
restore_user_access_state() only touches POR_EL0 if there is a valid
value to set it to. This is in line with how POR_EL0 was originally
handled; all frame records are currently optional, except
fpsimd_context.

To ensure that __valid_fields is kept in sync, fields (currently
just por_el0) are now accessed via accessors and prefixed with __ to
discourage direct access.

Fixes: 2e8a1acea859 ("arm64: signal: Improve POR_EL0 handling to avoid uaccess failures")
Cc: <stable@vger.kernel.org>
Reported-by: Will Deacon <will@kernel.org>
Signed-off-by: Kevin Brodsky <kevin.brodsky@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>