diff options
| author |   Mauro Carvalho Chehab <mchehab@s-opensource.com> | 2016-07-08 18:14:03 -0300 |
|---|---|---|
| committer | Mauro Carvalho Chehab <mchehab@s-opensource.com> | 2016-07-08 18:14:03 -0300 |
| commit | fb810cb5eda8c47e3afbb45ea6b9676841d29e8d (patch) | |
| tree | 618af9a957c6744e59d0183619a2e6cbbf685233 /arch/sparc/kernel/signal_64.c | |
| parent | [media] media: rc: nuvoton: remove two unused elements in struct nvt_dev (diff) | |
| parent | Linux 4.7-rc6 (diff) | |
| download | linux-dev-fb810cb5eda8c47e3afbb45ea6b9676841d29e8d.tar.xz linux-dev-fb810cb5eda8c47e3afbb45ea6b9676841d29e8d.zip | |
Merge tag 'v4.7-rc6' into patchwork
Linux 4.7-rc6
* tag 'v4.7-rc6': (1245 commits)
Linux 4.7-rc6
ovl: warn instead of error if d_type is not supported
MIPS: Fix possible corruption of cache mode by mprotect.
locks: use file_inode()
usb: dwc3: st: Use explicit reset_control_get_exclusive() API
phy: phy-stih407-usb: Use explicit reset_control_get_exclusive() API
phy: miphy28lp: Inform the reset framework that our reset line may be shared
namespace: update event counter when umounting a deleted dentry
9p: use file_dentry()
lockd: unregister notifier blocks if the service fails to come up completely
ACPI,PCI,IRQ: correct operator precedence
fuse: serialize dirops by default
drm/i915: Fix missing unlock on error in i915_ppgtt_info()
powerpc: Initialise pci_io_base as early as possible
mfd: da9053: Fix compiler warning message for uninitialised variable
mfd: max77620: Fix FPS switch statements
phy: phy-stih407-usb: Inform the reset framework that our reset line may be shared
usb: dwc3: st: Inform the reset framework that our reset line may be shared
usb: host: ehci-st: Inform the reset framework that our reset line may be shared
usb: host: ohci-st: Inform the reset framework that our reset line may be shared
...
Diffstat (limited to 'arch/sparc/kernel/signal_64.c')
| -rw-r--r-- | arch/sparc/kernel/signal_64.c | 31 |
1 files changed, 20 insertions, 11 deletions
diff --git a/arch/sparc/kernel/signal_64.c b/arch/sparc/kernel/signal_64.c index 39aaec173f66..5ee930c48f4c 100644 --- a/arch/sparc/kernel/signal_64.c +++ b/arch/sparc/kernel/signal_64.c @@ -234,6 +234,17 @@ do_sigsegv: goto out; } +/* Checks if the fp is valid. We always build rt signal frames which + * are 16-byte aligned, therefore we can always enforce that the + * restore frame has that property as well. + */ +static bool invalid_frame_pointer(void __user *fp) +{ + if (((unsigned long) fp) & 15) + return true; + return false; +} + struct rt_signal_frame { struct sparc_stackf ss; siginfo_t info; @@ -246,8 +257,8 @@ struct rt_signal_frame { void do_rt_sigreturn(struct pt_regs *regs) { + unsigned long tpc, tnpc, tstate, ufp; struct rt_signal_frame __user *sf; - unsigned long tpc, tnpc, tstate; __siginfo_fpu_t __user *fpu_save; __siginfo_rwin_t __user *rwin_save; sigset_t set; @@ -261,10 +272,16 @@ void do_rt_sigreturn(struct pt_regs *regs) (regs->u_regs [UREG_FP] + STACK_BIAS); /* 1. Make sure we are not getting garbage from the user */ - if (((unsigned long) sf) & 3) + if (invalid_frame_pointer(sf)) + goto segv; + + if (get_user(ufp, &sf->regs.u_regs[UREG_FP])) goto segv; - err = get_user(tpc, &sf->regs.tpc); + if ((ufp + STACK_BIAS) & 0x7) + goto segv; + + err = __get_user(tpc, &sf->regs.tpc); err |= __get_user(tnpc, &sf->regs.tnpc); if (test_thread_flag(TIF_32BIT)) { tpc &= 0xffffffff; @@ -308,14 +325,6 @@ segv: force_sig(SIGSEGV, current); } -/* Checks if the fp is valid */ -static int invalid_frame_pointer(void __user *fp) -{ - if (((unsigned long) fp) & 15) - return 1; - return 0; -} - static inline void __user *get_sigframe(struct ksignal *ksig, struct pt_regs *regs, unsigned long framesize) { unsigned long sp = regs->u_regs[UREG_FP] + STACK_BIAS; |