From patchwork Wed Nov 5 12:30:57 2008 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Schwab X-Patchwork-Id: 7326 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from ozlabs.org (localhost [127.0.0.1]) by ozlabs.org (Postfix) with ESMTP id 30734DDEFB for ; Wed, 5 Nov 2008 23:32:21 +1100 (EST) X-Original-To: linuxppc-dev@ozlabs.org Delivered-To: linuxppc-dev@ozlabs.org Received: from mx2.suse.de (cantor2.suse.de [195.135.220.15]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "mx2.suse.de", Issuer "CAcert Class 3 Root" (verified OK)) by ozlabs.org (Postfix) with ESMTPS id BDF4DDDDF6 for ; Wed, 5 Nov 2008 23:31:05 +1100 (EST) Received: from Relay2.suse.de (relay-ext.suse.de [195.135.221.8]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx2.suse.de (Postfix) with ESMTP id 5296545E8C; Wed, 5 Nov 2008 13:30:57 +0100 (CET) From: Andreas Schwab To: linuxppc-dev@ozlabs.org Subject: [PATCH] Fix msr check in compat_sys_swapcontext X-Yow: Finally, Zippy drives his 1958 RAMBLER METROPOLITAN into the faculty dining room. Date: Wed, 05 Nov 2008 13:30:57 +0100 Message-ID: User-Agent: Gnus/5.110009 (No Gnus v0.9) Emacs/22.3 (gnu/linux) MIME-Version: 1.0 Cc: linux-kernel@vger.kernel.org X-BeenThere: linuxppc-dev@ozlabs.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@ozlabs.org Errors-To: linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@ozlabs.org The new context may not be 16-byte aligned, so the real address of the mcontext structure should be read from the uc_regs pointer instead of directly using the (unaligned) uc_mcontext field. Signed-off-by: Andreas Schwab diff --git a/arch/powerpc/kernel/signal_32.c b/arch/powerpc/kernel/signal_32.c index a6a4310..dc10720 100644 --- a/arch/powerpc/kernel/signal_32.c +++ b/arch/powerpc/kernel/signal_32.c @@ -941,9 +941,17 @@ long sys_swapcontext(struct ucontext __user *old_ctx, #ifdef CONFIG_PPC64 unsigned long new_msr = 0; - if (new_ctx && - get_user(new_msr, &new_ctx->uc_mcontext.mc_gregs[PT_MSR])) - return -EFAULT; + if (new_ctx) { + struct mcontext __user *mcp; + u32 cmcp; + + /* Get pointer to the real mcontext. */ + if (__get_user(cmcp, &new_ctx->uc_regs)) + return -EFAULT; + mcp = (struct mcontext __user *)(u64)cmcp; + if (__get_user(new_msr, &mcp->mc_gregs[PT_MSR])) + return -EFAULT; + } /* * Check that the context is not smaller than the original * size (with VMX but without VSX)