tree e0bcc6080adc665a818585fbb0280a50c82a18c4
parent 63028aa7f581d9d4e6889f9dc06ded2534250a76
author Chen, Kenneth W <[EMAIL PROTECTED]> Wed, 07 Sep 2005 06:05:23 -0700
committer Tony Luck <[EMAIL PROTECTED]> Wed, 07 Sep 2005 22:53:16 -0700

[IA64] make exception handler in copy_user more robust

The exception handler in copy user always expects fault occurs only on
user space address and the fall back recovery code is written with that
very assumption in mind.  Recent source code inspection revealed that
while it worked splendid and to the expectation under normal circumstances,
It broke down under unexpected condition where some address calculation
might go outside the legal address range the original copy_user was
called for.  This patch is to make copy_user exception handler more robust
and to prevent potential memory corruption.

Signed-off-by: Ken Chen <[EMAIL PROTECTED]>
Signed-off-by: Tony Luck <[EMAIL PROTECTED]>

 arch/ia64/lib/memcpy_mck.S |    3 +++
 1 files changed, 3 insertions(+)

diff --git a/arch/ia64/lib/memcpy_mck.S b/arch/ia64/lib/memcpy_mck.S
--- a/arch/ia64/lib/memcpy_mck.S
+++ b/arch/ia64/lib/memcpy_mck.S
@@ -625,8 +625,11 @@ EK(.ex_handler,  (p17)     st8     [dst1]=r39,8)
        clrrrb
        ;;
        alloc   saved_pfs_stack=ar.pfs,3,3,3,0
+       cmp.lt  p8,p0=A,r0
        sub     B = dst0, saved_in0     // how many byte copied so far
        ;;
+(p8)   mov     A = 0;                  // A shouldn't be negative, cap it
+       ;;
        sub     C = A, B
        sub     D = saved_in2, A
        ;;
-
To unsubscribe from this list: send the line "unsubscribe git-commits-head" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to