Access the function descriptor of the handler within a scoped user access block.
Signed-off-by: Christophe Leroy (CS GROUP) <[email protected]> --- arch/powerpc/kernel/signal_64.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/arch/powerpc/kernel/signal_64.c b/arch/powerpc/kernel/signal_64.c index ee8166fd83dc..bf7fc579d572 100644 --- a/arch/powerpc/kernel/signal_64.c +++ b/arch/powerpc/kernel/signal_64.c @@ -928,8 +928,10 @@ int handle_rt_signal64(struct ksignal *ksig, sigset_t *set, struct func_desc __user *ptr = (struct func_desc __user *)ksig->ka.sa.sa_handler; - err |= get_user(regs->ctr, &ptr->addr); - err |= get_user(regs->gpr[2], &ptr->toc); + scoped_user_read_access(ptr, badfunc) { + unsafe_get_user(regs->ctr, &ptr->addr, badfunc); + unsafe_get_user(regs->gpr[2], &ptr->toc, badfunc); + } } /* enter the signal handler in native-endian mode */ @@ -952,5 +954,10 @@ int handle_rt_signal64(struct ksignal *ksig, sigset_t *set, badframe: signal_fault(current, regs, "handle_rt_signal64", frame); + return 1; + +badfunc: + signal_fault(current, regs, __func__, (void __user *)ksig->ka.sa.sa_handler); + return 1; } -- 2.54.0
