From: Ben Hutchings <ben@decadent.org.uk>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: akpm@linux-foundation.org,
"Martin Schwidefsky" <schwidefsky@de.ibm.com>,
"Stefan Liebler" <stli@linux.vnet.ibm.com>
Subject: [PATCH 3.2 079/107] s390/compat: correct uc_sigmask of the compat signal frame
Date: Fri, 09 Oct 2015 01:12:28 +0100 [thread overview]
Message-ID: <lsq.1444349548.719981330@decadent.org.uk> (raw)
In-Reply-To: <lsq.1444349547.316291576@decadent.org.uk>
3.2.72-rc1 review patch. If anyone has any objections, please let me know.
------------------
From: Martin Schwidefsky <schwidefsky@de.ibm.com>
commit 8d4bd0ed0439dfc780aab801a085961925ed6838 upstream.
The uc_sigmask in the ucontext structure is an array of words to keep
the 64 signal bits (or 1024 if you ask glibc but the kernel sigset_t
only has 64 bits).
For 64 bit the sigset_t contains a single 8 byte word, but for 31 bit
there are two 4 byte words. The compat signal handler code uses a
simple copy of the 64 bit sigset_t to the 31 bit compat_sigset_t.
As s390 is a big-endian architecture this is incorrect, the two words
in the 31 bit sigset_t array need to be swapped.
Reported-by: Stefan Liebler <stli@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
[bwh: Backported to 3.2:
- Introduce local compat_sigset_t in setup_frame32()
- Adjust context]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
arch/s390/kernel/compat_signal.c | 27 +++++++++++++++++++++++----
1 file changed, 23 insertions(+), 4 deletions(-)
--- a/arch/s390/kernel/compat_signal.c
+++ b/arch/s390/kernel/compat_signal.c
@@ -52,6 +52,19 @@ typedef struct
__u32 gprs_high[NUM_GPRS];
} rt_sigframe32;
+static inline void sigset_to_sigset32(unsigned long *set64,
+ compat_sigset_word *set32)
+{
+ set32[0] = (compat_sigset_word) set64[0];
+ set32[1] = (compat_sigset_word)(set64[0] >> 32);
+}
+
+static inline void sigset32_to_sigset(compat_sigset_word *set32,
+ unsigned long *set64)
+{
+ set64[0] = (unsigned long) set32[0] | ((unsigned long) set32[1] << 32);
+}
+
int copy_siginfo_to_user32(compat_siginfo_t __user *to, siginfo_t *from)
{
int err;
@@ -361,12 +374,14 @@ asmlinkage long sys32_sigreturn(void)
{
struct pt_regs *regs = task_pt_regs(current);
sigframe32 __user *frame = (sigframe32 __user *)regs->gprs[15];
+ compat_sigset_t cset;
sigset_t set;
if (!access_ok(VERIFY_READ, frame, sizeof(*frame)))
goto badframe;
- if (__copy_from_user(&set.sig, &frame->sc.oldmask, _SIGMASK_COPY_SIZE32))
+ if (__copy_from_user(&cset.sig, &frame->sc.oldmask, _SIGMASK_COPY_SIZE32))
goto badframe;
+ sigset32_to_sigset(cset.sig, set.sig);
sigdelsetmask(&set, ~_BLOCKABLE);
set_current_blocked(&set);
if (restore_sigregs32(regs, &frame->sregs))
@@ -383,6 +398,7 @@ asmlinkage long sys32_rt_sigreturn(void)
{
struct pt_regs *regs = task_pt_regs(current);
rt_sigframe32 __user *frame = (rt_sigframe32 __user *)regs->gprs[15];
+ compat_sigset_t cset;
sigset_t set;
stack_t st;
__u32 ss_sp;
@@ -391,8 +407,9 @@ asmlinkage long sys32_rt_sigreturn(void)
if (!access_ok(VERIFY_READ, frame, sizeof(*frame)))
goto badframe;
- if (__copy_from_user(&set, &frame->uc.uc_sigmask, sizeof(set)))
+ if (__copy_from_user(&cset, &frame->uc.uc_sigmask, sizeof(cset)))
goto badframe;
+ sigset32_to_sigset(cset.sig, set.sig);
sigdelsetmask(&set, ~_BLOCKABLE);
set_current_blocked(&set);
if (restore_sigregs32(regs, &frame->uc.uc_mcontext))
@@ -464,13 +481,16 @@ static int setup_frame32(int sig, struct
sigset_t *set, struct pt_regs * regs)
{
sigframe32 __user *frame = get_sigframe(ka, regs, sizeof(sigframe32));
+ compat_sigset_t cset;
+
if (!access_ok(VERIFY_WRITE, frame, sizeof(sigframe32)))
goto give_sigsegv;
if (frame == (void __user *) -1UL)
goto give_sigsegv;
- if (__copy_to_user(&frame->sc.oldmask, &set->sig, _SIGMASK_COPY_SIZE32))
+ sigset_to_sigset32(set->sig, cset.sig);
+ if (__copy_to_user(&frame->sc.oldmask, &cset.sig, _SIGMASK_COPY_SIZE32))
goto give_sigsegv;
if (save_sigregs32(regs, &frame->sregs))
@@ -524,6 +544,7 @@ give_sigsegv:
static int setup_rt_frame32(int sig, struct k_sigaction *ka, siginfo_t *info,
sigset_t *set, struct pt_regs * regs)
{
+ compat_sigset_t cset;
int err = 0;
rt_sigframe32 __user *frame = get_sigframe(ka, regs, sizeof(rt_sigframe32));
if (!access_ok(VERIFY_WRITE, frame, sizeof(rt_sigframe32)))
@@ -536,6 +557,7 @@ static int setup_rt_frame32(int sig, str
goto give_sigsegv;
/* Create the ucontext. */
+ sigset_to_sigset32(set->sig, cset.sig);
err |= __put_user(UC_EXTENDED, &frame->uc.uc_flags);
err |= __put_user(0, &frame->uc.uc_link);
err |= __put_user(current->sas_ss_sp, &frame->uc.uc_stack.ss_sp);
@@ -544,7 +566,7 @@ static int setup_rt_frame32(int sig, str
err |= __put_user(current->sas_ss_size, &frame->uc.uc_stack.ss_size);
err |= save_sigregs32(regs, &frame->uc.uc_mcontext);
err |= save_sigregs_gprs_high(regs, frame->gprs_high);
- err |= __copy_to_user(&frame->uc.uc_sigmask, set, sizeof(*set));
+ err |= __copy_to_user(&frame->uc.uc_sigmask, &cset, sizeof(cset));
if (err)
goto give_sigsegv;
next prev parent reply other threads:[~2015-10-09 0:12 UTC|newest]
Thread overview: 114+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-09 0:12 [PATCH 3.2 000/107] 3.2.72-rc1 review Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 037/107] usb: gadget: m66592-udc: forever loop in set_feature() Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 013/107] perf: Fix fasync handling on inherited events Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 019/107] x86/ldt: Correct LDT access in single stepping logic Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 031/107] vfs: Test for and handle paths that are unreachable from their mnt_root Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 001/107] ipv6: Fix build failure when CONFIG_INET disabled Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 027/107] net: Fix RCU splat in af_key Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 008/107] md/raid1: extend spinlock to protect raid1_end_read_request against inconsistencies Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 034/107] mac80211: enable assoc check for mesh interfaces Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 038/107] KVM: MMU: fix validation of mmio page fault Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 033/107] PCI: Fix TI816X class code quirk Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 015/107] ocfs2: fix BUG in ocfs2_downconvert_thread_do_work() Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 006/107] USB: sierra: add 1199:68AB device ID Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 039/107] auxdisplay: ks0108: fix refcount Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 012/107] rds: fix an integer overflow test in rds_info_getsockopt() Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 007/107] target/iscsi: Fix double free of a TUR followed by a solicited NOPOUT Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 017/107] net: Fix skb_set_peeked use-after-free bug Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 016/107] net: Clone skb before setting peeked flag Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 025/107] ipc,sem: fix use after free on IPC_RMID after a task using same semaphore set exits Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 011/107] xhci: fix off by one error in TRB DMA address boundary check Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 026/107] x86/ldt: Further fix FPU emulation Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 020/107] x86/ldt: Correct FPU emulation access to LDT Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 024/107] libfc: Fix fc_fcp_cleanup_each_cmd() Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 030/107] dcache: Handle escaped paths in prepend_path Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 028/107] sctp: donot reset the overall_error_count in SHUTDOWN_RECEIVE state Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 022/107] dm btree: add ref counting ops for the leaves of top level btrees Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 023/107] libiscsi: Fix host busy blocking during connection teardown Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 035/107] PCI: Add dev_flags bit to access VPD through function 0 Ben Hutchings
2015-10-09 0:26 ` Rustad, Mark D
2015-10-09 1:22 ` Ben Hutchings
2015-10-09 17:02 ` Rustad, Mark D
2015-10-09 0:12 ` [PATCH 3.2 002/107] pktgen: Require CONFIG_INET due to use of IPv4 checksum function Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 005/107] crypto: ixp4xx - Remove bogus BUG_ON on scattered dst buffer Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 004/107] xen/gntdevt: Fix race condition in gntdev_release() Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 029/107] sparc64: Fix userspace FPU register corruptions Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 014/107] MIPS: Make set_pte() SMP safe Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 009/107] target: REPORT LUNS should return LUN 0 even for dynamic ACLs Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 010/107] MIPS: Fix sched_getaffinity with MT FPAFF enabled Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 003/107] jbd2: protect all log tail updates with j_checkpoint_mutex Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 032/107] [media] rc-core: fix remove uevent generation Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 018/107] x86/ldt: Make modify_ldt synchronous Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 021/107] localmodconfig: Use Kbuild files too Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 036/107] PCI: Add VPD function 0 quirk for Intel Ethernet devices Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 046/107] USB: ftdi_sio: Added custom PID for CustomWare products Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 042/107] NFSv4: don't set SETATTR for O_RDONLY|O_EXCL Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 092/107] RDS: verify the underlying transport exists before creating a connection Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 065/107] fs: create and use seq_show_option for escaping Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 049/107] DRM - radeon: Don't link train DisplayPort on HPD until we get the dpcd Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 084/107] xhci: change xhci 1.0 only restrictions to support xhci 1.1 Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 055/107] IB/qib: Change lkey table allocation to support more MRs Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 071/107] perf header: Fixup reading of HEADER_NRCPUS feature Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 063/107] Input: evdev - do not report errors form flush() Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 073/107] Btrfs: fix read corruption of compressed and shared extents Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 069/107] hfs,hfsplus: cache pages correctly between bnode_create and bnode_free Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 062/107] IB/uverbs: reject invalid or unknown opcodes Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 087/107] ocfs2/dlm: fix deadlock when dispatch assert master Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 097/107] net: Fix skb csum races when peeking Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 056/107] SUNRPC: xs_reset_transport must mark the connection as disconnected Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 048/107] xfs: Fix xfs_attr_leafblock definition Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 070/107] hfs: fix B-tree corruption after insertion at position 0 Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 090/107] ipv6: addrconf: validate new MTU before applying it Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 107/107] Revert "sctp: Fix race between OOTB responce and route removal" Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 091/107] virtio-net: drop NETIF_F_FRAGLIST Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 064/107] crypto: ghash-clmulni: specify context size for ghash async algorithm Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 101/107] fib_rules: fix fib rule dumps across multiple skbs Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 053/107] drivercore: Fix unregistration path of platform devices Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 083/107] usb: xhci: Clear XHCI_STATE_DYING on start Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 104/107] ipv6: update ip6_rt_last_gc every time GC is run Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 094/107] Initialize msg/shm IPC objects before doing ipc_addid() Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 096/107] net: pktgen: fix race between pktgen_thread_worker() and kthread_stop() Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 059/107] spi: spi-pxa2xx: Check status register to determine if SSSR_TINT is disabled Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 045/107] usb: host: ehci-sys: delete useless bus_to_hcd conversion Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 103/107] ipv6: prevent fib6_run_gc() contention Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 068/107] powerpc/MSI: Fix race condition in tearing down MSI interrupts Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 095/107] net/tipc: initialize security state for new connection socket Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 057/107] IB/mlx4: Use correct SL on AH query under RoCE Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 085/107] cifs: use server timestamp for ntlmv2 authentication Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 106/107] jbd2: avoid infinite loop when destroying aborted journal Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 072/107] USB: option: add ZTE PIDs Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 051/107] rtlwifi: rtl8192cu: Add new device ID Ben Hutchings
2015-10-09 0:12 ` Ben Hutchings [this message]
2015-10-09 0:12 ` [PATCH 3.2 086/107] x86/paravirt: Replace the paravirt nop with a bona fide empty function Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 100/107] net/ipv6: Correct PIM6 mrt_lock handling Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 074/107] btrfs: skip waiting on ordered range for special files Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 093/107] ipc/sem.c: fully initialize sem_array before making it visible Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 080/107] KVM: x86: trap AMD MSRs for the TSeg base and mask Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 067/107] pagemap: hide physical addresses from non-privileged users Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 044/107] serial: 8250: bind to ALi Fast Infrared Controller (ALI5123) Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 041/107] windfarm: decrement client count when unregistering Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 050/107] rtlwifi: rtl8192cu: Add new device ID Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 078/107] ASoC: fix broken pxa SoC support Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 052/107] of/address: Don't loop forever in of_find_matching_node_by_address() Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 102/107] perf tools: Fix build with perl 5.18 Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 060/107] drm/i915: Always mark the object as dirty when used by the GPU Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 061/107] Add radeon suspend/resume quirk for HP Compaq dc5750 Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 088/107] USB: whiteheat: fix potential null-deref at probe Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 089/107] md: use kzalloc() when bitmap is disabled Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 047/107] eCryptfs: Invalidate dcache entries when lower i_nlink is zero Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 105/107] parisc: Filter out spurious interrupts in PA-RISC irq handler Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 077/107] x86/platform: Fix Geode LX timekeeping in the generic x86 build Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 098/107] ipv6: lock socket in ip6_datagram_connect() Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 066/107] ARM: 8429/1: disable GCC SRA optimization Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 082/107] xhci: give command abortion one more chance before killing xhci Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 058/107] IB/uverbs: Fix race between ib_uverbs_open and remove_one Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 043/107] drivers: usb: fsl: Workaround for USB erratum-A005275 Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 075/107] ARM: 7880/1: Clear the IT state independent of the Thumb-2 mode Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 054/107] xfs: return errors from partial I/O failures to files Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 099/107] bonding: correct the MAC address for "follow" fail_over_mac policy Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 076/107] ARM: fix Thumb2 signal handling when ARMv6 is enabled Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 081/107] usb: Use the USB_SS_MULT() macro to get the burst multiplier Ben Hutchings
2015-10-09 0:12 ` [PATCH 3.2 040/107] devres: fix devres_get() Ben Hutchings
2015-10-09 0:56 ` [PATCH 3.2 000/107] 3.2.72-rc1 review Guenter Roeck
2015-10-09 1:17 ` Ben Hutchings
2015-10-09 1:17 ` Ben Hutchings
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=lsq.1444349548.719981330@decadent.org.uk \
--to=ben@decadent.org.uk \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=schwidefsky@de.ibm.com \
--cc=stable@vger.kernel.org \
--cc=stli@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox