rseq: Fix rseq registration with CONFIG_DEBUG_RSEQ

With CONFIG_DEBUG_RSEQ=y, at rseq registration the read-only fields are
copied from user-space, if this copy fails the syscall returns -EFAULT
and the registration should not be activated - but it erroneously is.

Move the activation of the registration after the copy of the fields to
fix this bug.

Fixes: 7d5265ffcd8b ("rseq: Validate read-only fields under DEBUG_RSEQ config")
Signed-off-by: Michael Jeanson <mjeanson@efficios.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Reviewed-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Link: https://lore.kernel.org/r/20250219205330.324770-1-mjeanson@efficios.com

diff --git a/kernel/rseq.c b/kernel/rseq.c
index 442aba29bc4cf094405e1b267a868b2b495cc5f6..2cb16091ec0ae40198c9b3a101485b40992b512f 100644 (file)
--- a/kernel/rseq.c
+++ b/kernel/rseq.c
@@ -507,9 +507,6 @@ SYSCALL_DEFINE4(rseq, struct rseq __user *, rseq, u32, rseq_len,
                return -EINVAL;
        if (!access_ok(rseq, rseq_len))
                return -EFAULT;
-       current->rseq = rseq;
-       current->rseq_len = rseq_len;
-       current->rseq_sig = sig;
 #ifdef CONFIG_DEBUG_RSEQ
        /*
         * Initialize the in-kernel rseq fields copy for validation of
@@ -521,6 +518,14 @@ SYSCALL_DEFINE4(rseq, struct rseq __user *, rseq, u32, rseq_len,
            get_user(rseq_kernel_fields(current)->mm_cid, &rseq->mm_cid))
                return -EFAULT;
 #endif
+       /*
+        * Activate the registration by setting the rseq area address, length
+        * and signature in the task struct.
+        */
+       current->rseq = rseq;
+       current->rseq_len = rseq_len;
+       current->rseq_sig = sig;
+
        /*
         * If rseq was previously inactive, and has just been
         * registered, ensure the cpu_id_start and cpu_id fields