Commit a13bfa4f authored by Keir Fraser's avatar Keir Fraser Committed by Catalin Marinas
Browse files

arm64: mops: Do not dereference src reg for a set operation 



The source register is not used for SET* and reading it can result in
a UBSAN out-of-bounds array access error, specifically when the MOPS
exception is taken from a SET* sequence with XZR (reg 31) as the
source. Architecturally this is the only case where a src/dst/size
field in the ESR can be reported as 31.

Prior to 2de451a3 the code in do_el0_mops() was benign as the
use of pt_regs_read_reg() prevented the out-of-bounds access.

Fixes: 2de451a3 ("KVM: arm64: Add handler for MOPS exceptions")
Cc: <stable@vger.kernel.org> # 6.12.x
Cc: Kristina Martsenko <kristina.martsenko@arm.com>
Cc: Will Deacon <will@kernel.org>
Cc: stable@vger.kernel.org
Reviewed-by: default avatarMarc Zyngier <maz@kernel.org>
Signed-off-by: default avatarKeir Fraser <keirf@google.com>
Reviewed-by: default avatarKristina Martšenko <kristina.martsenko@arm.com>
Acked-by: default avatarMark Rutland <mark.rutland@arm.com>
Link: https://lore.kernel.org/r/20250326110448.3792396-1-keirf@google.com


Signed-off-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
parent 89f43e1c
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment