This fixes a couple of copy-user problems spotted by Al Viro.
copy_sc_from_user_tt was doing a copy_from_user to do an in-kernel
assignment. I commented this, at the request of Chris Wedgewood.
sys_ipc had a void *__user ptr which should have been void __user *ptr.
Finally, there were a couple of bogus __user annotations on unsigned longs,
which were never going to be passed into copy_user.
Signed-off-by: Jeff Dike <[EMAIL PROTECTED]>
Index: linux-2.6.11/arch/um/sys-i386/signal.c
===================================================================
--- linux-2.6.11.orig/arch/um/sys-i386/signal.c 2005-03-05 12:07:34.000000000
-0500
+++ linux-2.6.11/arch/um/sys-i386/signal.c 2005-03-05 12:10:27.000000000
-0500
@@ -108,6 +108,15 @@
#endif
#ifdef CONFIG_MODE_TT
+
+/* These copy a sigcontext to/from userspace. They copy the fpstate pointer,
+ * blowing away the old, good one. So, that value is saved, and then restored
+ * after the sigcontext copy. In copy_from, the variable holding the saved
+ * fpstate pointer, and the sigcontext that it should be restored to are both
+ * in the kernel, so we can just restore using an assignment. In copy_to, the
+ * saved pointer is in the kernel, but the sigcontext is in userspace, so we
+ * copy_to_user it.
+ */
int copy_sc_from_user_tt(struct sigcontext *to, struct sigcontext *from,
int fpsize)
{
@@ -120,11 +129,9 @@
sigs = to->oldmask;
err = copy_from_user(to, from, sizeof(*to));
to->oldmask = sigs;
- if(to_fp != NULL){
- err |= copy_from_user(&to->fpstate, &to_fp,
- sizeof(to->fpstate));
+ to->fpstate = to_fp;
+ if(to_fp != NULL)
err |= copy_from_user(to_fp, from_fp, fpsize);
- }
return(err);
}
@@ -138,8 +145,7 @@
from_fp = from->fpstate;
err = copy_to_user(to, from, sizeof(*to));
if(from_fp != NULL){
- err |= copy_to_user(&to->fpstate, &to_fp,
- sizeof(to->fpstate));
+ err |= copy_to_user(&to->fpstate, &to_fp, sizeof(to->fpstate));
err |= copy_to_user(to_fp, from_fp, fpsize);
}
return(err);
@@ -303,7 +309,7 @@
long sys_sigreturn(struct pt_regs regs)
{
- unsigned long __user sp = PT_REGS_SP(¤t->thread.regs);
+ unsigned long sp = PT_REGS_SP(¤t->thread.regs);
struct sigframe __user *frame = (struct sigframe *)(sp - 8);
sigset_t set;
struct sigcontext __user *sc = &frame->sc;
Index: linux-2.6.11/arch/um/sys-i386/syscalls.c
===================================================================
--- linux-2.6.11.orig/arch/um/sys-i386/syscalls.c 2005-03-05
12:07:31.000000000 -0500
+++ linux-2.6.11/arch/um/sys-i386/syscalls.c 2005-03-05 12:10:27.000000000
-0500
@@ -88,7 +88,7 @@
* This is really horribly ugly.
*/
long sys_ipc (uint call, int first, int second,
- int third, void *__user ptr, long fifth)
+ int third, void __user *ptr, long fifth)
{
int version, ret;
Index: linux-2.6.11/arch/um/sys-x86_64/signal.c
===================================================================
--- linux-2.6.11.orig/arch/um/sys-x86_64/signal.c 2005-03-05
12:07:34.000000000 -0500
+++ linux-2.6.11/arch/um/sys-x86_64/signal.c 2005-03-05 12:10:27.000000000
-0500
@@ -237,7 +237,7 @@
long sys_rt_sigreturn(struct pt_regs *regs)
{
- unsigned long __user sp = PT_REGS_SP(¤t->thread.regs);
+ unsigned long sp = PT_REGS_SP(¤t->thread.regs);
struct rt_sigframe __user *frame =
(struct rt_sigframe __user *)(sp - 8);
struct ucontext __user *uc = &frame->uc;
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
