* maximilian attems ([EMAIL PROTECTED]) wrote:
> as a future datapoint the problematic patch is from 2.6.18.1:
> [S390] user readable uninitialised kernel memory.
This should fix that up, and is queued for next -stable.
thanks,
-chris
--
From: Martin Schwidefsky <[EMAIL PROTECTED]>
[S390] user readable uninitialised kernel memory, take 2.
The previous patch to correct the copy_from_user padding is quite
broken. The execute instruction needs to be done via the register %r4,
not via %r2 and 31 bit doesn't know the instructions lgr and ahji.
Signed-off-by: Martin Schwidefsky <[EMAIL PROTECTED]>
Signed-off-by: Martin Schwidefsky <[EMAIL PROTECTED]>
---
arch/s390/lib/uaccess.S | 10 +++++-----
arch/s390/lib/uaccess64.S | 2 +-
2 files changed, 6 insertions(+), 6 deletions(-)
diff -urpN linux-2.6.18.1/arch/s390/lib/uaccess64.S
linux-2.6.18.1-s390/arch/s390/lib/uaccess64.S
--- linux-2.6.18.1/arch/s390/lib/uaccess64.S 2006-10-14 05:34:03.000000000
+0200
+++ linux-2.6.18.1-s390/arch/s390/lib/uaccess64.S 2006-10-17
13:21:20.000000000 +0200
@@ -49,7 +49,7 @@ __copy_from_user_asm:
la %r2,256(%r2)
8: aghi %r5,-256
jnm 7b
- ex %r5,0(%r2)
+ ex %r5,0(%r4)
9: lgr %r2,%r3
br %r14
.section __ex_table,"a"
diff -urpN linux-2.6.18.1/arch/s390/lib/uaccess.S
linux-2.6.18.1-s390/arch/s390/lib/uaccess.S
--- linux-2.6.18.1/arch/s390/lib/uaccess.S 2006-10-14 05:34:03.000000000
+0200
+++ linux-2.6.18.1-s390/arch/s390/lib/uaccess.S 2006-10-17 13:21:06.000000000
+0200
@@ -41,15 +41,15 @@ __copy_from_user_asm:
5: mvcp 0(%r5,%r2),0(%r4),%r0
slr %r3,%r5
alr %r2,%r5
-6: lgr %r5,%r3 # copy remaining size
+6: lr %r5,%r3 # copy remaining size
ahi %r5,-1 # subtract 1 for xc loop
bras %r4,8f
- xc 0(1,%2),0(%2)
-7: xc 0(256,%2),0(%2)
+ xc 0(1,%r2),0(%r2)
+7: xc 0(256,%r2),0(%r2)
la %r2,256(%r2)
-8: ahji %r5,-256
+8: ahi %r5,-256
jnm 7b
- ex %r5,0(%r2)
+ ex %r5,0(%r4)
9: lr %r2,%r3
br %r14
.section __ex_table,"a"
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
