Merge master.kernel.org:/pub/scm/linux/kernel/git/jejb/scsi-misc-2.6

[linux-2.6-omap-h63xx.git] / arch / powerpc / kernel / signal_32.c

diff --git a/arch/powerpc/kernel/signal_32.c b/arch/powerpc/kernel/signal_32.c
index bd837b5dbf06cd5992ca4129bead41135f13b040..8fdeca2d4597c35295271ff9ea844a91ea856a4d 100644 (file)
--- a/arch/powerpc/kernel/signal_32.c
+++ b/arch/powerpc/kernel/signal_32.c
@@ -42,6 +42,7 @@
 
 #include <asm/uaccess.h>
 #include <asm/cacheflush.h>
+#include <asm/syscalls.h>
 #include <asm/sigcontext.h>
 #include <asm/vdso.h>
 #ifdef CONFIG_PPC64
@@ -151,10 +152,7 @@ static inline int save_general_regs(struct pt_regs *regs,
        elf_greg_t64 *gregs = (elf_greg_t64 *)regs;
        int i;
 
-       if (!FULL_REGS(regs)) {
-               set_thread_flag(TIF_SAVE_NVGPRS);
-               current_thread_info()->nvgprs_frame = frame->mc_gregs;
-       }
+       WARN_ON(!FULL_REGS(regs));
 
        for (i = 0; i <= PT_RESULT; i ++) {
                if (i == 14 && !FULL_REGS(regs))
@@ -215,15 +213,7 @@ static inline int get_old_sigaction(struct k_sigaction *new_ka,
 static inline int save_general_regs(struct pt_regs *regs,
                struct mcontext __user *frame)
 {
-       if (!FULL_REGS(regs)) {
-               /* Zero out the unsaved GPRs to avoid information
-                  leak, and set TIF_SAVE_NVGPRS to ensure that the
-                  registers do actually get saved later. */
-               memset(&regs->gpr[14], 0, 18 * sizeof(unsigned long));
-               current_thread_info()->nvgprs_frame = &frame->mc_gregs;
-               set_thread_flag(TIF_SAVE_NVGPRS);
-       }
-
+       WARN_ON(!FULL_REGS(regs));
        return __copy_to_user(&frame->mc_gregs, regs, GP_REGS_SIZE);
 }
 
@@ -813,10 +803,13 @@ static int do_setcontext(struct ucontext __user *ucp, struct pt_regs *regs, int
                if (__get_user(cmcp, &ucp->uc_regs))
                        return -EFAULT;
                mcp = (struct mcontext __user *)(u64)cmcp;
+               /* no need to check access_ok(mcp), since mcp < 4GB */
        }
 #else
        if (__get_user(mcp, &ucp->uc_regs))
                return -EFAULT;
+       if (!access_ok(VERIFY_READ, mcp, sizeof(*mcp)))
+               return -EFAULT;
 #endif
        restore_sigmask(&set);
        if (restore_user_regs(regs, mcp, sig))
@@ -826,8 +819,8 @@ static int do_setcontext(struct ucontext __user *ucp, struct pt_regs *regs, int
 }
 
 long sys_swapcontext(struct ucontext __user *old_ctx,
-                      struct ucontext __user *new_ctx,
-                      int ctx_size, int r6, int r7, int r8, struct pt_regs *regs)
+                    struct ucontext __user *new_ctx,
+                    int ctx_size, int r6, int r7, int r8, struct pt_regs *regs)
 {
        unsigned char tmp;
 
@@ -918,13 +911,14 @@ int sys_debug_setcontext(struct ucontext __user *ctx,
 {
        struct sig_dbg_op op;
        int i;
+       unsigned char tmp;
        unsigned long new_msr = regs->msr;
 #if defined(CONFIG_4xx) || defined(CONFIG_BOOKE)
        unsigned long new_dbcr0 = current->thread.dbcr0;
 #endif
 
        for (i=0; i<ndbg; i++) {
-               if (__copy_from_user(&op, dbg, sizeof(op)))
+               if (copy_from_user(&op, dbg + i, sizeof(op)))
                        return -EFAULT;
                switch (op.dbg_type) {
                case SIG_DBG_SINGLE_STEPPING:
@@ -969,6 +963,11 @@ int sys_debug_setcontext(struct ucontext __user *ctx,
        current->thread.dbcr0 = new_dbcr0;
 #endif
 
+       if (!access_ok(VERIFY_READ, ctx, sizeof(*ctx))
+           || __get_user(tmp, (u8 __user *) ctx)
+           || __get_user(tmp, (u8 __user *) (ctx + 1) - 1))
+               return -EFAULT;
+
        /*
         * If we get a fault copying the context into the kernel's
         * image of the user's registers, we can't just return -EFAULT