projects / ipfire-2.x.git / blame
| Commit | Line | Data |
|---|---|---|
| 2cb7cef9 BS |
1 | From: schwab@suse.de |
| 2 | Subject: Fix msr check in compat_sys_swapcontext | |
| 3 | References: 441498 | |
| 4 | ||
| 5 | The new context may not be 16-byte aligned, so the real address of the | |
| 6 | mcontext structure should be read from the uc_regs pointer instead of | |
| 7 | directly using the (unaligned) uc_mcontext field. | |
| 8 | ||
| 9 | Signed-off-by: Andreas Schwab <schwab@suse.de> | |
| 10 | ||
| 11 | --- | |
| 12 | --- | |
| 13 | arch/powerpc/kernel/signal_32.c | 14 +++++++++++--- | |
| 14 | 1 file changed, 11 insertions(+), 3 deletions(-) | |
| 15 | ||
| 16 | --- a/arch/powerpc/kernel/signal_32.c | |
| 17 | +++ b/arch/powerpc/kernel/signal_32.c | |
| 18 | @@ -941,9 +941,17 @@ long sys_swapcontext(struct ucontext __u | |
| 19 | #ifdef CONFIG_PPC64 | |
| 20 | unsigned long new_msr = 0; | |
| 21 | ||
| 22 | - if (new_ctx && | |
| 23 | - get_user(new_msr, &new_ctx->uc_mcontext.mc_gregs[PT_MSR])) | |
| 24 | - return -EFAULT; | |
| 25 | + if (new_ctx) { | |
| 26 | + struct mcontext __user *mcp; | |
| 27 | + u32 cmcp; | |
| 28 | + | |
| 29 | + /* Get pointer to the real mcontext. */ | |
| 30 | + if (get_user(cmcp, &new_ctx->uc_regs)) | |
| 31 | + return -EFAULT; | |
| 32 | + mcp = (struct mcontext __user *)(u64)cmcp; | |
| 33 | + if (get_user(new_msr, &mcp->mc_gregs[PT_MSR])) | |
| 34 | + return -EFAULT; | |
| 35 | + } | |
| 36 | /* | |
| 37 | * Check that the context is not smaller than the original | |
| 38 | * size (with VMX but without VSX) |