An off-by-one error in auxv setup for RISC-V

[Ivan Komarov]

Hi,

Currently, the maximum size of the auxiliary vector is bounded (in
include/linux/mm_types.h) by the sum of the maximum size of
architecture-independent entries (AT_VECTOR_SIZE_BASE) and
architecture-specific ones (AT_VECTOR_SIZE_ARCH).

Commit e92f469b0771 added a new RISC-V-specific auxv entry to indicate
the signal frame size to userspace, but unfortunately didn't bump
AT_VECTOR_SIZE_ARCH, which can result in writing past the end of
mm->saved_auxv in create_elf_tables() from fs/binfmt_elf.c.

In practice, this is mostly harmless:
  * not all architecture-independent entires are actually used on RISC-V,
    so we still have plenty of space left in mm->saved_auxv even with
    the off-by-one
  * even if the overflow happened, kernels compiled with
    CONFIG_HARDENED_USERCOPY would detect it when copying auxv entries
    to userspace

Still, it might be good to fix this. My friend had already tried to send a
patch for this
(see https://lore.kernel.org/all/73883406.20231215232720@torrio.net/),
which had some process issues. This time, we're trying to do things properly,
including a Closes: tag that references a bug report (this e-mail).