From 41d4cce0fd9d52cf8f50db25f30b62bee7cdbe09 Mon Sep 17 00:00:00 2001
From: Andy Lutomirski <luto@kernel.org>
Date: Wed, 23 Jun 2021 14:01:40 +0200
Subject: [PATCH] x86/fpu: Fail ptrace() requests that try to set invalid MXCSR
 values

mainline inclusion
from mainline-v5.14-rc1
commit 145e9e0d8c6fada4a40f9fc65b34658077874d9c
category: feature
bugzilla: https://gitee.com/openeuler/intel-kernel/issues/I590ZC
CVE: NA

Intel-SIG: commit 145e9e0d8c6f x86/fpu: Fail ptrace() requests that try to set invalid MXCSR values.

--------------------------------

There is no benefit from accepting and silently changing an invalid MXCSR
value supplied via ptrace().  Instead, return -EINVAL on invalid input.

Signed-off-by: Andy Lutomirski <luto@kernel.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lkml.kernel.org/r/20210623121452.613614842@linutronix.de
Signed-off-by: Lin Wang <lin.x.wang@intel.com>
---
 arch/x86/kernel/fpu/regset.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kernel/fpu/regset.c b/arch/x86/kernel/fpu/regset.c
index f24ce873bfc2..5610f77cacad 100644
--- a/arch/x86/kernel/fpu/regset.c
+++ b/arch/x86/kernel/fpu/regset.c
@@ -63,8 +63,9 @@ int xfpregs_set(struct task_struct *target, const struct user_regset *regset,
 	if (ret)
 		return ret;
 
-	/* Mask invalid MXCSR bits (for historical reasons). */
-	newstate.mxcsr &= mxcsr_feature_mask;
+	/* Do not allow an invalid MXCSR value. */
+	if (newstate.mxcsr & ~mxcsr_feature_mask)
+		return -EINVAL;
 
 	fpu__prepare_write(fpu);
 
-- 
GitLab