github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-05-13 00:28:54 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
master
linux/arch/arm64/kernel
History
Breno Leitao 5cbb61bf41 arm64/fpsimd: ptrace: zero target's fpsimd_state, not the tracer's 
sve_set_common() is the backend for PTRACE_SETREGSET(NT_ARM_SVE) and
PTRACE_SETREGSET(NT_ARM_SSVE). Every write in the function operates on
the tracee (target) - except a single memset that uses current instead,
zeroing the tracer's saved V0-V31 / FPSR / FPCR shadow on every ptrace
SETREGSET call.

The memset is meant to give the tracee a defined zero register image
before the user-supplied payload is copied in (for partial writes,
header-only writes, and FPSIMD<->SVE format switches). Aiming it at
current both denies the tracee that clean slate and silently corrupts
the tracer.

The corruption of the tracer's saved FPSIMD state is not always
observable. Where the tracer's state is live on a CPU, this may be
reused without loading the corrupted state from memory, and will
eventually be written back over the corrupted state. Where the tracer's
state is saved in SVE_PT_REGS_SVE format, only the FPSR and FPCR are
clobbered, and the effective copy of the vectors is in the task's
sve_state.

Reproducible on an arm64 kernel with SVE: a single-threaded tracer that
loads a known pattern into V0-V31, issues PTRACE_SETREGSET(NT_ARM_SVE)
on a child, and reads V0-V31 back observes them all zeroed within tens
of thousands of iterations when a sibling thread keeps stealing the
FPSIMD CPU binding.

Fixes: 316283f276 ("arm64/fpsimd: ptrace: Consistently handle partial writes to NT_ARM_(S)SVE")
Cc: <stable@vger.kernel.org>
Signed-off-by: Breno Leitao <leitao@debian.org>
Acked-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
2026-05-06 12:11:49 +01:00
..
pi arm64/scs: Fix potential sign extension issue of advance_loc4 2026-04-27 12:16:26 +01:00
probes Performance events changes for v7.0: 2026-02-10 12:00:46 -08:00
vdso stackleak: Split KSTACK_ERASE_CFLAGS from GCC_PLUGINS_CFLAGS 2025-07-21 21:40:57 -07:00
vdso32 kbuild: Consolidate C dialect options 2026-03-12 12:52:37 +01:00
.gitignore
acpi_numa.c arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to NUMA_NO_NODE 2024-08-14 17:51:39 +01:00
acpi_parking_protocol.c
acpi.c arm64: acpi: Add acpi_get_cpu_uid() for unified ACPI CPU UID retrieval 2026-04-06 16:55:15 +02:00
alternative.c arm64: Reject modules with internal alternative callbacks 2025-11-07 15:00:14 +00:00
armv8_deprecated.c arm64: armv8_deprecated: Disable swp emulation when FEAT_LSUI present 2026-03-27 17:29:10 +00:00
asm-offsets.c arch: Add the macro COMPILE_OFFSETS to all the asm-offsets.c 2025-09-25 09:57:15 +02:00
cacheinfo.c arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array 2025-02-07 09:57:56 +00:00
compat_alignment.c arm64: Don't call NULL in do_compat_alignment_fixup() 2025-04-01 14:13:11 +01:00
cpu_errata.c arm64: errata: Work around early CME DVMSync acknowledgement 2026-04-10 19:46:14 +01:00
cpu_ops.c
cpu-reset.S
cpufeature.c Arm: 2026-04-17 07:18:03 -07:00
cpuinfo.c arm64: Add support for FEAT_{LS64, LS64_V} 2026-01-22 13:24:49 +00:00
crash_dump.c
debug-monitors.c arm64 updates for 6.18 2025-09-29 18:48:39 -07:00
efi-header.S include: pe.h: Fix PE definitions 2025-05-21 16:46:37 +02:00
efi-rt-wrapper.S
efi.c arm64/efi: Call EFI runtime services without disabling preemption 2025-11-11 18:59:22 +00:00
elfcore.c fs: avoid mmap sem relocks when coredumping with many missing pages 2025-02-21 10:25:32 +01:00
entry-common.c Merge branch 'for-next/c1-pro-erratum-4193714' into for-next/core 2026-04-20 13:12:35 +01:00
entry-fpsimd.S
entry-ftrace.S arm64: Fix double word in comments 2025-11-12 17:07:59 +00:00
entry.S Merge branches 'for-next/misc', 'for-next/tlbflush', 'for-next/ttbr-macros-cleanup', 'for-next/kselftest', 'for-next/feat_lsui', 'for-next/mpam', 'for-next/hotplug-batched-tlbi', 'for-next/bbml2-fixes', 'for-next/sysreg', 'for-next/generic-entry' and 'for-next/acpi', remote-tracking branches 'arm64/for-next/perf' and 'arm64/for-next/read-once' into for-next/core 2026-04-10 14:22:24 +01:00
fpsimd.c arm64: errata: Work around early CME DVMSync acknowledgement 2026-04-10 19:46:14 +01:00
ftrace.c arm64: Fix typos and spelling errors in comments 2025-11-12 17:06:21 +00:00
head.S KVM: arm64: Trap MTE access and discovery when MTE is disabled 2026-01-23 11:28:48 +00:00
hibernate-asm.S
hibernate.c arm64: Set __nocfi on swsusp_arch_resume() 2026-01-23 18:13:07 +00:00
hw_breakpoint.c arm64: debug: split hardware watchpoint exception entry 2025-07-08 13:27:42 +01:00
hyp-stub.S KVM: arm64: Remove extra ISBs when using msr_hcr_el2 2026-03-23 11:03:53 +00:00
idle.c
image-vars.h KVM: arm64: Add event support to the nVHE/pKVM hyp and trace remote 2026-03-11 08:51:17 +00:00
image.h
io.c arm64: Use new fallback IO memcpy/memset 2024-10-28 21:44:29 +00:00
irq.c arm64: use SOFTIRQ_ON_OWN_STACK for enabling softirq stack 2025-11-07 19:55:52 +00:00
jump_label.c asm-generic: introduce text-patching.h 2024-11-07 14:25:15 -08:00
kaslr.c arm64/mm: Remove randomization of the linear map 2025-04-29 13:21:49 +01:00
kexec_image.c arm64: kernel: initialize missing kexec_buf->random field 2026-01-05 21:27:43 +00:00
kgdb.c arm64: debug: call step handlers statically 2025-07-08 13:27:41 +01:00
kuser32.S
machine_kexec_file.c arm64,ppc64le/kdump: pass dm-crypt keys to kdump kernel 2026-04-02 23:36:24 -07:00
machine_kexec.c arm64: kexec: Remove duplicate allocation for trans_pgd 2026-04-08 17:49:08 +01:00
Makefile arm64 updates for 7.1: 2026-04-14 16:48:56 -07:00
Makefile.syscalls syscalls: fix syscall macros for newfstat/newfstatat 2024-08-02 15:20:47 +02:00
module-plts.c arm64: ftrace: fix unreachable PLT for ftrace_caller in init_module with CONFIG_DYNAMIC_FTRACE 2025-09-05 16:56:20 +01:00
module.c arm64: Reject modules with internal alternative callbacks 2025-11-07 15:00:14 +00:00
mpam.c arm64: mpam: Initialise and context switch the MPAMSM_EL1 register 2026-03-27 15:29:02 +00:00
mte.c Merge branches 'for-next/misc', 'for-next/tlbflush', 'for-next/ttbr-macros-cleanup', 'for-next/kselftest', 'for-next/feat_lsui', 'for-next/mpam', 'for-next/hotplug-batched-tlbi', 'for-next/bbml2-fixes', 'for-next/sysreg', 'for-next/generic-entry' and 'for-next/acpi', remote-tracking branches 'arm64/for-next/perf' and 'arm64/for-next/read-once' into for-next/core 2026-04-10 14:22:24 +01:00
paravirt.c arm64/paravirt: Use common code for paravirt_steal_clock() 2026-01-12 16:30:00 +01:00
patching.c arm64: patching: avoid early page_to_phys() 2024-12-03 18:05:42 +00:00
pci.c arm64: PCI: Migrate ACPI related functions to pci-acpi.c 2024-08-27 15:48:34 +02:00
perf_callchain.c perf/core: Correct perf sampling with guest VMs 2024-11-14 10:40:01 +01:00
perf_regs.c
pointer_auth.c
process.c Merge branch 'for-next/c1-pro-erratum-4193714' into for-next/core 2026-04-20 13:12:35 +01:00
proton-pack.c arm64: Add support for TSV110 Spectre-BHB mitigation 2026-01-05 21:07:49 +00:00
psci.c arm64: psci: Ignore DENIED CPUs 2024-06-28 18:38:31 +01:00
ptrace.c arm64/fpsimd: ptrace: zero target's fpsimd_state, not the tracer's 2026-05-06 12:11:49 +01:00
reloc_test_core.c ARM64: reloc_test: add missing MODULE_DESCRIPTION() macro 2024-06-13 10:23:54 +01:00
reloc_test_syms.S
relocate_kernel.S arm64: Provide dcache_by_myline_op_nosync helper 2026-03-13 23:46:32 +01:00
return_address.c
rsi.c arm64 updates for 7.1: 2026-04-14 16:48:56 -07:00
sdei.c Merge branches 'for-next/misc', 'for-next/kselftest', 'for-next/efi-preempt', 'for-next/assembler-macro', 'for-next/typos', 'for-next/sme-ptrace-disable', 'for-next/local-tlbi-page-reused', 'for-next/mpam', 'for-next/acpi' and 'for-next/documentation', remote-tracking branch 'arm64/for-next/perf' into for-next/core 2025-11-28 15:47:12 +00:00
setup.c arm64: map [_text, _stext) virtual address range non-executable+read-only 2025-09-22 11:58:17 +01:00
signal.c arm64: signal: Preserve POR_EL0 if poe_context is missing 2026-05-01 17:44:25 +01:00
signal32.c arm64/fpsimd: signal32: Always save+flush state early 2025-04-09 18:06:31 +01:00
sigreturn32.S arm64: rework compat syscall macros 2024-07-10 14:23:38 +02:00
sleep.S
smccc-call.S arm64: smccc: Remove broken support for SMCCCv1.3 SVE discard hint 2024-11-07 11:18:52 +00:00
smp_spin_table.c
smp.c arm64 updates for 6.19: 2025-12-02 17:03:55 -08:00
stacktrace.c Merge branches 'for-next/livepatch', 'for-next/user-contig-bbml2', 'for-next/misc', 'for-next/acpi', 'for-next/debug-entry', 'for-next/feat_mte_tagged_far', 'for-next/kselftest', 'for-next/mdscr-cleanup' and 'for-next/vmap-stack', remote-tracking branch 'arm64/for-next/perf' into for-next/core 2025-07-24 16:01:22 +01:00
static_call.c arm64: Use static call trampolines when kCFI is enabled 2026-04-01 15:29:59 +01:00
suspend.c
sys_compat.c Merge branch 'for-next/c1-pro-erratum-4193714' into for-next/core 2026-04-20 13:12:35 +01:00
sys.c arm64: generate 64-bit syscall.tbl 2024-07-10 14:23:38 +02:00
sys32.c fs: fix archiecture-specific compat_ftruncate64 2026-03-23 12:41:57 +01:00
syscall.c randomize_kstack: Unify random source across arches 2026-03-24 21:12:03 -07:00
time.c
topology.c arm64: topology: Fix false warning in counters_read_on_cpu() for same-CPU reads 2026-02-26 18:27:15 +00:00
trace-events-emulation.h tracing/treewide: Remove second parameter of __assign_str() 2024-05-22 20:14:47 -04:00
traps.c arm64: Fix typos and spelling errors in comments 2025-11-12 17:06:21 +00:00
vdso-wrap.S
vdso.c Convert more 'alloc_obj' cases to default GFP_KERNEL arguments 2026-02-21 20:03:00 -08:00
vdso32-wrap.S
vmcore_info.c arm64/sysreg: Replace TCR_EL1 field macros 2025-11-13 15:58:30 +00:00
vmlinux.lds.S KVM/arm64 updates for 7.1 2026-04-13 11:49:54 +02:00
watchdog_hld.c arm64/watchdog_hld: Add a cpufreq notifier for update watchdog thresh 2025-07-04 13:17:30 +01:00