[PATCH v1] arm64: poe: fix stale POR_EL0 values for ptrace
Joey Gouly
joey.gouly at arm.com
Wed Jan 21 05:56:39 PST 2026
If a process wrote to POR_EL0 and then crashed before a context switch
happened, the coredump would contain an incorrect value for POR_EL0.
The value read in poe_get() would be a stale value left in thread.por_el0. Fix
this by reading the value from the system register, if the target thread is the
current thread.
This matches what gcs/fpsimd do.
Fixes: 175198199262 ("arm64/ptrace: add support for FEAT_POE")
Reported-by: David Spickett <david.spickett at arm.com>
Cc: stable at vger.kernel.org
Signed-off-by: Joey Gouly <joey.gouly at arm.com>
Cc: Kevin Brodsky <kevin.brodsky at arm.com>
Cc: Mark Rutland <mark.rutland at arm.com>
---
arch/arm64/include/asm/por.h | 2 ++
arch/arm64/kernel/process.c | 7 ++++++-
arch/arm64/kernel/ptrace.c | 5 +++++
3 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/include/asm/por.h b/arch/arm64/include/asm/por.h
index d913d5b529e4..46f1356837e2 100644
--- a/arch/arm64/include/asm/por.h
+++ b/arch/arm64/include/asm/por.h
@@ -31,4 +31,6 @@ static inline bool por_elx_allows_exec(u64 por, u8 pkey)
return perm & POE_X;
}
+void poe_preserve_current_state(void);
+
#endif /* _ASM_ARM64_POR_H */
diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c
index 489554931231..400182099784 100644
--- a/arch/arm64/kernel/process.c
+++ b/arch/arm64/kernel/process.c
@@ -665,12 +665,17 @@ static int do_set_tsc_mode(unsigned int val)
return 0;
}
+void poe_preserve_current_state(void)
+{
+ current->thread.por_el0 = read_sysreg_s(SYS_POR_EL0);
+}
+
static void permission_overlay_switch(struct task_struct *next)
{
if (!system_supports_poe())
return;
- current->thread.por_el0 = read_sysreg_s(SYS_POR_EL0);
+ poe_preserve_current_state();
if (current->thread.por_el0 != next->thread.por_el0) {
write_sysreg_s(next->thread.por_el0, SYS_POR_EL0);
/*
diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c
index b9bdd83fbbca..276d8ee630cd 100644
--- a/arch/arm64/kernel/ptrace.c
+++ b/arch/arm64/kernel/ptrace.c
@@ -37,6 +37,7 @@
#include <asm/gcs.h>
#include <asm/mte.h>
#include <asm/pointer_auth.h>
+#include <asm/por.h>
#include <asm/stacktrace.h>
#include <asm/syscall.h>
#include <asm/traps.h>
@@ -1486,6 +1487,10 @@ static int poe_get(struct task_struct *target,
if (!system_supports_poe())
return -EINVAL;
+ if (target == current) {
+ poe_preserve_current_state();
+ }
+
return membuf_write(&to, &target->thread.por_el0,
sizeof(target->thread.por_el0));
}
--
2.25.1
More information about the linux-arm-kernel
mailing list