Gitweb:     
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d7587b1445c0087cfcaa03ceae79b52eef4e9e4b
Commit:     d7587b1445c0087cfcaa03ceae79b52eef4e9e4b
Parent:     844b43adba74d97f15e56b103c97bfcccaa01aa6
Author:     Paul Mundt <[EMAIL PROTECTED]>
AuthorDate: Fri Jan 11 13:18:16 2008 +0900
Committer:  Paul Mundt <[EMAIL PROTECTED]>
CommitDate: Fri Jan 11 13:18:16 2008 +0900

    sh: Force __access_ok() to obey address space limit.
    
    When the thread_info->addr_limit changes were introduced, __access_ok()
    was missed in the conversion, allowing user processes to perform P1/P2
    accesses under certain conditions.
    
    This has already been corrected with the nommu refactoring in later
    kernels.
    
    Signed-off-by: Paul Mundt <[EMAIL PROTECTED]>
---
 include/asm-sh/uaccess.h |   42 +++++++++++++++---------------------------
 1 files changed, 15 insertions(+), 27 deletions(-)

diff --git a/include/asm-sh/uaccess.h b/include/asm-sh/uaccess.h
index f18a1a5..77c391f 100644
--- a/include/asm-sh/uaccess.h
+++ b/include/asm-sh/uaccess.h
@@ -73,38 +73,26 @@ static inline int __access_ok(unsigned long addr, unsigned 
long size)
 /*
  * __access_ok: Check if address with size is OK or not.
  *
- * We do three checks:
- * (1) is it user space?
- * (2) addr + size --> carry?
- * (3) addr + size >= 0x80000000  (PAGE_OFFSET)
+ * Uhhuh, this needs 33-bit arithmetic. We have a carry..
  *
- * (1) (2) (3) | RESULT
- *  0   0   0  |  ok
- *  0   0   1  |  ok
- *  0   1   0  |  bad
- *  0   1   1  |  bad
- *  1   0   0  |  ok
- *  1   0   1  |  bad
- *  1   1   0  |  bad
- *  1   1   1  |  bad
+ * sum := addr + size;  carry? --> flag = true;
+ * if (sum >= addr_limit) flag = true;
  */
 static inline int __access_ok(unsigned long addr, unsigned long size)
 {
-       unsigned long flag, tmp;
-
-       __asm__("stc    r7_bank, %0\n\t"
-               "mov.l  @(8,%0), %0\n\t"
-               "clrt\n\t"
-               "addc   %2, %1\n\t"
-               "and    %1, %0\n\t"
-               "rotcl  %0\n\t"
-               "rotcl  %0\n\t"
-               "and    #3, %0"
-               : "=&z" (flag), "=r" (tmp)
-               : "r" (addr), "1" (size)
-               : "t");
-
+       unsigned long flag, sum;
+
+       __asm__("clrt\n\t"
+               "addc   %3, %1\n\t"
+               "movt   %0\n\t"
+               "cmp/hi %4, %1\n\t"
+               "rotcl  %0"
+               :"=&r" (flag), "=r" (sum)
+               :"1" (addr), "r" (size),
+                "r" (current_thread_info()->addr_limit.seg)
+               :"t");
        return flag == 0;
+
 }
 #endif /* CONFIG_MMU */
 
-
To unsubscribe from this list: send the line "unsubscribe git-commits-head" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to