Commit:     5d119b2c9a490e2d647eae134211b32a18a04c7d
Parent:     ce28b9864b853803320c3f1d8de1b81aa4120b14
Author:     Ingo Molnar <[EMAIL PROTECTED]>
AuthorDate: Tue Feb 26 12:55:57 2008 +0100
Committer:  Ingo Molnar <[EMAIL PROTECTED]>
CommitDate: Tue Feb 26 12:55:57 2008 +0100

    x86: fix execve with -fstack-protect
    pointed out by [EMAIL PROTECTED]:
    > what happens here is that gcc treats the argument area as owned by the
    > callee, not the caller and is allowed to do certain tricks. for ssp it
    > will make a copy of the struct passed by value into the local variable
    > area and pass *its* address down, and it won't copy it back into the
    > original instance stored in the argument area.
    > so once sys_execve returns, the pt_regs passed by value hasn't at all
    > changed and its default content will cause a nice double fault (FWIW,
    > this part took me the longest to debug, being down with cold didn't
    > help it either ;).
    To fix this we pass in pt_regs by pointer.
    Signed-off-by: Ingo Molnar <[EMAIL PROTECTED]>
    Signed-off-by: Thomas Gleixner <[EMAIL PROTECTED]>
 arch/x86/kernel/entry_64.S   |    6 ++++--
 arch/x86/kernel/process_64.c |    6 +++---
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
index 2ad9a1b..c20c9e7 100644
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
@@ -453,6 +453,7 @@ ENTRY(stub_execve)
        CFI_REGISTER rip, r11
        FIXUP_TOP_OF_STACK %r11
+       movq %rsp, %rcx
        call sys_execve
        movq %rax,RAX(%rsp)
@@ -1036,15 +1037,16 @@ ENDPROC(child_rip)
  *     rdi: name, rsi: argv, rdx: envp
  * We want to fallback into:
- *     extern long sys_execve(char *name, char **argv,char **envp, struct 
pt_regs regs)
+ *     extern long sys_execve(char *name, char **argv,char **envp, struct 
pt_regs *regs)
  * do_sys_execve asm fallback arguments:
- *     rdi: name, rsi: argv, rdx: envp, fake frame on the stack
+ *     rdi: name, rsi: argv, rdx: envp, rcx: fake frame on the stack
+       movq %rsp,%rcx
        call sys_execve
        movq %rax, RAX(%rsp)    
diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
index b0cc8f0..43f2877 100644
--- a/arch/x86/kernel/process_64.c
+++ b/arch/x86/kernel/process_64.c
@@ -730,16 +730,16 @@ __switch_to(struct task_struct *prev_p, struct 
task_struct *next_p)
 long sys_execve(char __user *name, char __user * __user *argv,
-               char __user * __user *envp, struct pt_regs regs)
+               char __user * __user *envp, struct pt_regs *regs)
        long error;
        char * filename;
        filename = getname(name);
        error = PTR_ERR(filename);
-       if (IS_ERR(filename)) 
+       if (IS_ERR(filename))
                return error;
-       error = do_execve(filename, argv, envp, &regs); 
+       error = do_execve(filename, argv, envp, regs);
        return error;
