On Mon, Aug 23, 2021 at 03:35:51PM +0000, Christophe Leroy wrote:
> Access the function descriptor of the handler within a
> user access block.
>
> Signed-off-by: Christophe Leroy <christophe.le...@csgroup.eu>
> ---
> arch/powerpc/kernel/signal_64.c | 14 ++++++++++++--
> 1 file changed, 12 insertions(+), 2 deletions(-)
>
> diff --git a/arch/powerpc/kernel/signal_64.c b/arch/powerpc/kernel/signal_64.c
> index 1831bba0582e..790c450c2de8 100644
> --- a/arch/powerpc/kernel/signal_64.c
> +++ b/arch/powerpc/kernel/signal_64.c
> @@ -936,8 +936,18 @@ int handle_rt_signal64(struct ksignal *ksig, sigset_t
> *set,
> func_descr_t __user *funct_desc_ptr =
> (func_descr_t __user *) ksig->ka.sa.sa_handler;
>
> - err |= get_user(regs->ctr, &funct_desc_ptr->entry);
> - err |= get_user(regs->gpr[2], &funct_desc_ptr->toc);
> + if (user_read_access_begin(funct_desc_ptr,
> sizeof(func_descr_t))) {
> + unsafe_get_user(regs->ctr, &funct_desc_ptr->entry,
> bad_funct_desc_block);
> + unsafe_get_user(regs->gpr[2], &funct_desc_ptr->toc,
> bad_funct_desc_block);
> + } else {
> + goto bad_funct_desc;
> +bad_funct_desc_block:
> + user_read_access_end();
> +bad_funct_desc:
> + signal_fault(current, regs, __func__, funct_desc_ptr);
> + return 1;
> + }
> + user_read_access_end();
Having a goto after an ele block, an then labels jumping into it is just
weird.
To make this somewhat readable just split it into a helper function:
static inline bool put_func_descr(func_descr_t __user *funct_desc_ptr,
struct pt_regs *regs)
{
if (!user_read_access_begin(funct_desc_ptr, sizeof(func_descr_t)))
goto fault;
unsafe_get_user(regs->ctr, &funct_desc_ptr->entry, uaccess_end);
unsafe_get_user(regs->gpr[2], &funct_desc_ptr->toc, uaccess_end);
user_read_access_end();
return false;
uaccess_end:
user_read_access_end();
fault:
signal_fault(current, regs, __func__, funct_desc_ptr);
return true;
}
