Andreas Schwab writes:
> The new context may not be 16-byte aligned, so the real address of the
> mcontext structure should be read from the uc_regs pointer instead of
> directly using the (unaligned) uc_mcontext field.
Good catch, but...
> @@ -941,9 +941,17 @@ long sys_swapcontext(struct ucontext __user *old_ctx,
> #ifdef CONFIG_PPC64
> unsigned long new_msr = 0;
>
> - if (new_ctx &&
> - get_user(new_msr, &new_ctx->uc_mcontext.mc_gregs[PT_MSR]))
> - return -EFAULT;
> + if (new_ctx) {
> + struct mcontext __user *mcp;
> + u32 cmcp;
> +
> + /* Get pointer to the real mcontext. */
> + if (__get_user(cmcp, &new_ctx->uc_regs))
we need to use get_user, not __get_user, since we haven't done an
access_ok() check on the address.
> + return -EFAULT;
> + mcp = (struct mcontext __user *)(u64)cmcp;
> + if (__get_user(new_msr, &mcp->mc_gregs[PT_MSR]))
ditto here.
Paul.
_______________________________________________
Linuxppc-dev mailing list
Linuxppc-dev@ozlabs.org
https://ozlabs.org/mailman/listinfo/linuxppc-dev
