diff options
| author | Martin Schwidefsky <schwidefsky@de.ibm.com> | 2016-06-27 11:06:45 -0400 |
|---|---|---|
| committer | Martin Schwidefsky <schwidefsky@de.ibm.com> | 2016-06-28 03:24:28 -0400 |
| commit | bcf4dd5f9ee096bd1510f838dd4750c35df4e38b (patch) | |
| tree | 8077b22cea87210acb52b09075a0ff43ddd2fd38 | |
| parent | 5419447e2142d6ed68c9f5c1a28630b3a290a845 (diff) | |
s390: fix test_fp_ctl inline assembly contraints
The test_fp_ctl function is used to test if a given value is a valid
floating-point control. The inline assembly in test_fp_ctl uses an
incorrect constraint for the 'orig_fpc' variable. If the compiler
chooses the same register for 'fpc' and 'orig_fpc' the test_fp_ctl()
function always returns true. This allows user space to trigger
kernel oopses with invalid floating-point control values on the
signal stack.
This problem has been introduced with git commit 4725c86055f5bbdcdf
"s390: fix save and restore of the floating-point-control register"
Cc: stable@vger.kernel.org # v3.13+
Reviewed-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
| -rw-r--r-- | arch/s390/include/asm/fpu/api.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/arch/s390/include/asm/fpu/api.h b/arch/s390/include/asm/fpu/api.h index 5e04f3cbd320..8ae236b0f80b 100644 --- a/arch/s390/include/asm/fpu/api.h +++ b/arch/s390/include/asm/fpu/api.h | |||
| @@ -22,7 +22,7 @@ static inline int test_fp_ctl(u32 fpc) | |||
| 22 | " la %0,0\n" | 22 | " la %0,0\n" |
| 23 | "1:\n" | 23 | "1:\n" |
| 24 | EX_TABLE(0b,1b) | 24 | EX_TABLE(0b,1b) |
| 25 | : "=d" (rc), "=d" (orig_fpc) | 25 | : "=d" (rc), "=&d" (orig_fpc) |
| 26 | : "d" (fpc), "0" (-EINVAL)); | 26 | : "d" (fpc), "0" (-EINVAL)); |
| 27 | return rc; | 27 | return rc; |
| 28 | } | 28 | } |