[PATCH 2/5] riscv: ptrace: Fix register corruption in compat_riscv_gpr_set on error
Paul Walmsley
pjw at kernel.org
Thu Apr 30 19:05:23 PDT 2026
Hi Mikey,
On Thu, 9 Apr 2026, Michael Neuling wrote:
> compat_riscv_gpr_set() calls cregs_to_regs() unconditionally, even when
> user_regset_copyin() fails. Since cregs is an uninitialized stack
> variable, a copyin failure causes uninitialized stack data to be written
> into the target task's pt_regs, corrupting its register state and
> potentially leaking kernel stack contents.
>
> Only call cregs_to_regs() when user_regset_copyin() succeeds.
>
> Fixes: 4608c15959 ("riscv: compat: ptrace: Add compat_arch_ptrace implement")
> Signed-off-by: Michael Neuling <mikey at neuling.org>
> Assisted-by: Cursor:claude-4.6-opus-high-thinking
Thanks. I'm wondering if we have the same issue in
compat_restore_sigcontext(). Care to add that to your patch if you agree?
- Paul
More information about the linux-riscv
mailing list