selftests/mm: Fix resv_sz when parsing arm64 signal frame

get_header() wants the size of the reserved area in struct
sigcontext, but instead we pass it the size of the entire struct.
This could in theory result in an out-of-bounds read (if the signal
frame is malformed).

Fix this using one of the existing macros from
tools/testing/selftests/arm64/signal/testcases/testcases.h.

This issue was reported by Sashiko on a patch that copied this
portion of the code.

Link: https://sashiko.dev/#/patchset/20260421144252.1440365-1-kevin.brodsky%40arm.com
Fixes: f5b5ea51f78f ("selftests: mm: make protection_keys test work on arm64")
Signed-off-by: Kevin Brodsky <kevin.brodsky@arm.com>
Reviewed-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Will Deacon <will@kernel.org>

diff --git a/tools/testing/selftests/mm/pkey-arm64.h b/tools/testing/selftests/mm/pkey-arm64.h
index 8e9685e03c441a364c511e51aa1da0b0f0d0f78a..c5a78a2f211d52175dd74887869ce5134611cb03 100644 (file)
--- a/tools/testing/selftests/mm/pkey-arm64.h
+++ b/tools/testing/selftests/mm/pkey-arm64.h
@@ -130,9 +130,10 @@ static inline u64 get_pkey_bits(u64 reg, int pkey)
 static inline void aarch64_write_signal_pkey(ucontext_t *uctxt, u64 pkey)
 {
        struct _aarch64_ctx *ctx = GET_UC_RESV_HEAD(uctxt);
+       size_t resv_size = GET_UCP_RESV_SIZE(uctxt);
        struct poe_context *poe_ctx =
                (struct poe_context *) get_header(ctx, POE_MAGIC,
-                                               sizeof(uctxt->uc_mcontext), NULL);
+                                                 resv_size, NULL);
        if (poe_ctx)
                poe_ctx->por_el0 = pkey;
 }