Re: [syzbot] [hardening?] [mm?] BUG: bad usercopy in fpa_set

From: Tetsuo Handa
Date: Fri Apr 05 2024 - 07:43:21 EST


#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master

diff --git a/arch/arm/include/asm/processor.h b/arch/arm/include/asm/processor.h
index 326864f79d18..0f70a68d730a 100644
--- a/arch/arm/include/asm/processor.h
+++ b/arch/arm/include/asm/processor.h
@@ -37,14 +37,11 @@ struct thread_struct {
struct debug_info debug;
};

-/*
- * Everything usercopied to/from thread_struct is statically-sized, so
- * no hardened usercopy whitelist is needed.
- */
static inline void arch_thread_struct_whitelist(unsigned long *offset,
unsigned long *size)
{
- *offset = *size = 0;
+ *offset = offsetof(struct task_struct, thread_info);
+ *size = sizeof(struct thread_info);
}

#define INIT_THREAD { }