]>
Commit | Line | Data |
---|---|---|
2cb7cef9 BS |
1 | From: schwab@suse.de |
2 | Subject: Fix msr check in compat_sys_swapcontext | |
3 | References: 441498 | |
4 | ||
5 | The new context may not be 16-byte aligned, so the real address of the | |
6 | mcontext structure should be read from the uc_regs pointer instead of | |
7 | directly using the (unaligned) uc_mcontext field. | |
8 | ||
9 | Signed-off-by: Andreas Schwab <schwab@suse.de> | |
10 | ||
11 | --- | |
12 | --- | |
13 | arch/powerpc/kernel/signal_32.c | 14 +++++++++++--- | |
14 | 1 file changed, 11 insertions(+), 3 deletions(-) | |
15 | ||
16 | --- a/arch/powerpc/kernel/signal_32.c | |
17 | +++ b/arch/powerpc/kernel/signal_32.c | |
18 | @@ -941,9 +941,17 @@ long sys_swapcontext(struct ucontext __u | |
19 | #ifdef CONFIG_PPC64 | |
20 | unsigned long new_msr = 0; | |
21 | ||
22 | - if (new_ctx && | |
23 | - get_user(new_msr, &new_ctx->uc_mcontext.mc_gregs[PT_MSR])) | |
24 | - return -EFAULT; | |
25 | + if (new_ctx) { | |
26 | + struct mcontext __user *mcp; | |
27 | + u32 cmcp; | |
28 | + | |
29 | + /* Get pointer to the real mcontext. */ | |
30 | + if (get_user(cmcp, &new_ctx->uc_regs)) | |
31 | + return -EFAULT; | |
32 | + mcp = (struct mcontext __user *)(u64)cmcp; | |
33 | + if (get_user(new_msr, &mcp->mc_gregs[PT_MSR])) | |
34 | + return -EFAULT; | |
35 | + } | |
36 | /* | |
37 | * Check that the context is not smaller than the original | |
38 | * size (with VMX but without VSX) |