From 7c3cce978e4f933ac13758ec5d2554fc8d0927d2 Mon Sep 17 00:00:00 2001
From: "David S. Miller" <davem@davemloft.net>
Date: Thu, 3 Apr 2008 15:07:24 -0700
Subject: [SPARC64]: Fix FPU saving in 64-bit signal handling.
The calculation of the FPU reg save area pointer
was wrong.
Based upon an OOPS report from Tom Callaway.
Signed-off-by: David S. Miller <davem@davemloft.net>
---
arch/sparc64/kernel/signal.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
(limited to 'arch')
diff --git a/arch/sparc64/kernel/signal.c b/arch/sparc64/kernel/signal.c
index 94a9d64..9d51956 100644
--- a/arch/sparc64/kernel/signal.c
+++ b/arch/sparc64/kernel/signal.c
@@ -357,7 +357,7 @@ static int invalid_frame_pointer(void __user *fp, int fplen)
static inline int
save_fpu_state(struct pt_regs *regs, __siginfo_fpu_t __user *fpu)
{
- unsigned long *fpregs = (unsigned long *)(regs+1);
+ unsigned long *fpregs = current_thread_info()->fpregs;
unsigned long fprs;
int err = 0;
--
cgit v1.1
From ad4f95764040077f16ebf24559d5a06f8fb133bc Mon Sep 17 00:00:00 2001
From: "David S. Miller" <davem@davemloft.net>
Date: Thu, 3 Apr 2008 16:55:14 -0700
Subject: [SPARC64]: Fix user accesses in regset code.
If target is not current we need to use access_process_vm().
Noticed by Roland McGrath.
Signed-off-by: David S. Miller <davem@davemloft.net>
---
arch/sparc64/kernel/ptrace.c | 136 ++++++++++++++++++++++++++++++++++++-------
1 file changed, 115 insertions(+), 21 deletions(-)
(limited to 'arch')
diff --git a/arch/sparc64/kernel/ptrace.c b/arch/sparc64/kernel/ptrace.c
index aaae865..7963595 100644
--- a/arch/sparc64/kernel/ptrace.c
+++ b/arch/sparc64/kernel/ptrace.c
@@ -138,8 +138,17 @@ static int genregs64_get(struct task_struct *target,
(regs->u_regs[UREG_I6] + STACK_BIAS);
unsigned long window[16];
- if (copy_from_user(window, reg_window, sizeof(window)))
- return -EFAULT;
+ if (target == current) {
+ if (copy_from_user(window, reg_window, sizeof(window)))
+ return -EFAULT;
+ } else {
+ if (access_process_vm(target,
+ (unsigned long) reg_window,
+ window,
+ sizeof(window), 0) !=
+ sizeof(window))
+ return -EFAULT;
+ }
ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf,
window,
@@ -190,16 +199,37 @@ static int genregs64_set(struct task_struct *target,
(regs->u_regs[UREG_I6] + STACK_BIAS);
unsigned long window[16];
- if (copy_from_user(window, reg_window, sizeof(window)))
- return -EFAULT;
+ if (target == current) {
+ if (copy_from_user(window, reg_window, sizeof(window)))
+ return -EFAULT;
+ } else {
+ if (access_process_vm(target,
+ (unsigned long) reg_window,
+ window,
+ sizeof(window), 0) !=
+ sizeof(window))
+ return -EFAULT;
+ }
ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf,
window,
16 * sizeof(u64),
32 * sizeof(u64));
- if (!ret &&
- copy_to_user(reg_window, window, sizeof(window)))
- return -EFAULT;
+ if (!ret) {
+ if (target == current) {
+ if (copy_to_user(reg_window, window,
+ sizeof(window)))
+ return -EFAULT;
+ } else {
+ if (access_process_vm(target,
+ (unsigned long)
+ reg_window,
+ window,
+ sizeof(window), 1) !=
+ sizeof(window))
+ return -EFAULT;
+ }
+ }
}
if (!ret && count > 0) {
@@ -412,9 +442,22 @@ static int genregs32_get(struct task_struct *target,
*k++ = regs->u_regs[pos++];
reg_window = (compat_ulong_t __user *) regs->u_regs[UREG_I6];
- for (; count > 0 && pos < 32; count--) {
- if (get_user(*k++, ®_window[pos++]))
- return -EFAULT;
+ if (target == current) {
+ for (; count > 0 && pos < 32; count--) {
+ if (get_user(*k++, ®_window[pos++]))
+ return -EFAULT;
+ }
+ } else {
+ for (; count > 0 && pos < 32; count--) {
+ if (access_process_vm(target,
+ (unsigned long)
+ ®_window[pos],
+ k, sizeof(*k), 0)
+ != sizeof(*k))
+ return -EFAULT;
+ k++;
+ pos++;
+ }
}
} else {
for (; count > 0 && pos < 16; count--) {
@@ -423,10 +466,28 @@ static int genregs32_get(struct task_struct *target,
}
reg_window = (compat_ulong_t __user *) regs->u_regs[UREG_I6];
- for (; count > 0 && pos < 32; count--) {
- if (get_user(reg, ®_window[pos++]) ||
- put_user(reg, u++))
- return -EFAULT;
+ if (target == current) {
+ for (; count > 0 && pos < 32; count--) {
+ if (get_user(reg, ®_window[pos++]) ||
+ put_user(reg, u++))
+ return -EFAULT;
+ }
+ } else {
+ for (; count > 0 && pos < 32; count--) {
+ if (access_process_vm(target,
+ (unsigned long)
+ ®_window[pos],
+ ®, sizeof(reg), 0)
+ != sizeof(reg))
+ return -EFAULT;
+ if (access_process_vm(target,
+ (unsigned long) u,
+ ®, sizeof(reg), 1)
+ != sizeof(reg))
+ return -EFAULT;
+ pos++;
+ u++;
+ }
}
}
while (count > 0) {
@@ -488,9 +549,23 @@ static int genregs32_set(struct task_struct *target,
regs->u_regs[pos++] = *k++;
reg_window = (compat_ulong_t __user *) regs->u_regs[UREG_I6];
- for (; count > 0 && pos < 32; count--) {
- if (put_user(*k++, ®_window[pos++]))
- return -EFAULT;
+ if (target == current) {
+ for (; count > 0 && pos < 32; count--) {
+ if (put_user(*k++, ®_window[pos++]))
+ return -EFAULT;
+ }
+ } else {
+ for (; count > 0 && pos < 32; count--) {
+ if (access_process_vm(target,
+ (unsigned long)
+ ®_window[pos],
+ (void *) k,
+ sizeof(*k), 1)
+ != sizeof(*k))
+ return -EFAULT;
+ k++;
+ pos++;
+ }
}
} else {
for (; count > 0 && pos < 16; count--) {
@@ -500,10 +575,29 @@ static int genregs32_set(struct task_struct *target,
}
reg_window = (compat_ulong_t __user *) regs->u_regs[UREG_I6];
- for (; count > 0 && pos < 32; count--) {
- if (get_user(reg, u++) ||
- put_user(reg, ®_window[pos++]))
- return -EFAULT;
+ if (target == current) {
+ for (; count > 0 && pos < 32; count--) {
+ if (get_user(reg, u++) ||
+ put_user(reg, ®_window[pos++]))
+ return -EFAULT;
+ }
+ } else {
+ for (; count > 0 && pos < 32; count--) {
+ if (access_process_vm(target,
+ (unsigned long)
+ u,
+ ®, sizeof(reg), 0)
+ != sizeof(reg))
+ return -EFAULT;
+ if (access_process_vm(target,
+ (unsigned long)
+ ®_window[pos],
+ ®, sizeof(reg), 1)
+ != sizeof(reg))
+ return -EFAULT;
+ pos++;
+ u++;
+ }
}
}
while (count > 0) {
--
cgit v1.1