aboutsummaryrefslogtreecommitdiffstats
path: root/arch/x86
diff options
context:
space:
mode:
Diffstat (limited to 'arch/x86')
-rw-r--r--arch/x86/entry/vsyscall/vsyscall_64.c2
-rw-r--r--arch/x86/ia32/ia32_aout.c4
-rw-r--r--arch/x86/ia32/ia32_signal.c8
-rw-r--r--arch/x86/ia32/sys_ia32.c2
-rw-r--r--arch/x86/include/asm/checksum_32.h2
-rw-r--r--arch/x86/include/asm/pgtable_32.h2
-rw-r--r--arch/x86/include/asm/uaccess.h7
-rw-r--r--arch/x86/kernel/fpu/signal.c4
-rw-r--r--arch/x86/kernel/signal.c14
-rw-r--r--arch/x86/kernel/stacktrace.c2
-rw-r--r--arch/x86/kernel/vm86_32.c4
-rw-r--r--arch/x86/lib/csum-wrappers_64.c4
-rw-r--r--arch/x86/lib/usercopy_32.c2
-rw-r--r--arch/x86/lib/usercopy_64.c2
-rw-r--r--arch/x86/math-emu/fpu_system.h4
-rw-r--r--arch/x86/math-emu/load_store.c6
-rw-r--r--arch/x86/math-emu/reg_ld_str.c48
-rw-r--r--arch/x86/mm/mpx.c2
-rw-r--r--arch/x86/um/asm/checksum_32.h2
-rw-r--r--arch/x86/um/signal.c6
20 files changed, 62 insertions, 65 deletions
diff --git a/arch/x86/entry/vsyscall/vsyscall_64.c b/arch/x86/entry/vsyscall/vsyscall_64.c
index d78bcc03e60e..d9d81ad7a400 100644
--- a/arch/x86/entry/vsyscall/vsyscall_64.c
+++ b/arch/x86/entry/vsyscall/vsyscall_64.c
@@ -99,7 +99,7 @@ static bool write_ok_or_segv(unsigned long ptr, size_t size)
99 * sig_on_uaccess_err, this could go away. 99 * sig_on_uaccess_err, this could go away.
100 */ 100 */
101 101
102 if (!access_ok(VERIFY_WRITE, (void __user *)ptr, size)) { 102 if (!access_ok((void __user *)ptr, size)) {
103 struct thread_struct *thread = &current->thread; 103 struct thread_struct *thread = &current->thread;
104 104
105 thread->error_code = X86_PF_USER | X86_PF_WRITE; 105 thread->error_code = X86_PF_USER | X86_PF_WRITE;
diff --git a/arch/x86/ia32/ia32_aout.c b/arch/x86/ia32/ia32_aout.c
index 8e02b30cf08e..f65b78d32f5e 100644
--- a/arch/x86/ia32/ia32_aout.c
+++ b/arch/x86/ia32/ia32_aout.c
@@ -176,10 +176,10 @@ static int aout_core_dump(struct coredump_params *cprm)
176 176
177 /* make sure we actually have a data and stack area to dump */ 177 /* make sure we actually have a data and stack area to dump */
178 set_fs(USER_DS); 178 set_fs(USER_DS);
179 if (!access_ok(VERIFY_READ, (void *) (unsigned long)START_DATA(dump), 179 if (!access_ok((void *) (unsigned long)START_DATA(dump),
180 dump.u_dsize << PAGE_SHIFT)) 180 dump.u_dsize << PAGE_SHIFT))
181 dump.u_dsize = 0; 181 dump.u_dsize = 0;
182 if (!access_ok(VERIFY_READ, (void *) (unsigned long)START_STACK(dump), 182 if (!access_ok((void *) (unsigned long)START_STACK(dump),
183 dump.u_ssize << PAGE_SHIFT)) 183 dump.u_ssize << PAGE_SHIFT))
184 dump.u_ssize = 0; 184 dump.u_ssize = 0;
185 185
diff --git a/arch/x86/ia32/ia32_signal.c b/arch/x86/ia32/ia32_signal.c
index 86b1341cba9a..321fe5f5d0e9 100644
--- a/arch/x86/ia32/ia32_signal.c
+++ b/arch/x86/ia32/ia32_signal.c
@@ -119,7 +119,7 @@ asmlinkage long sys32_sigreturn(void)
119 struct sigframe_ia32 __user *frame = (struct sigframe_ia32 __user *)(regs->sp-8); 119 struct sigframe_ia32 __user *frame = (struct sigframe_ia32 __user *)(regs->sp-8);
120 sigset_t set; 120 sigset_t set;
121 121
122 if (!access_ok(VERIFY_READ, frame, sizeof(*frame))) 122 if (!access_ok(frame, sizeof(*frame)))
123 goto badframe; 123 goto badframe;
124 if (__get_user(set.sig[0], &frame->sc.oldmask) 124 if (__get_user(set.sig[0], &frame->sc.oldmask)
125 || (_COMPAT_NSIG_WORDS > 1 125 || (_COMPAT_NSIG_WORDS > 1
@@ -147,7 +147,7 @@ asmlinkage long sys32_rt_sigreturn(void)
147 147
148 frame = (struct rt_sigframe_ia32 __user *)(regs->sp - 4); 148 frame = (struct rt_sigframe_ia32 __user *)(regs->sp - 4);
149 149
150 if (!access_ok(VERIFY_READ, frame, sizeof(*frame))) 150 if (!access_ok(frame, sizeof(*frame)))
151 goto badframe; 151 goto badframe;
152 if (__copy_from_user(&set, &frame->uc.uc_sigmask, sizeof(set))) 152 if (__copy_from_user(&set, &frame->uc.uc_sigmask, sizeof(set)))
153 goto badframe; 153 goto badframe;
@@ -269,7 +269,7 @@ int ia32_setup_frame(int sig, struct ksignal *ksig,
269 269
270 frame = get_sigframe(ksig, regs, sizeof(*frame), &fpstate); 270 frame = get_sigframe(ksig, regs, sizeof(*frame), &fpstate);
271 271
272 if (!access_ok(VERIFY_WRITE, frame, sizeof(*frame))) 272 if (!access_ok(frame, sizeof(*frame)))
273 return -EFAULT; 273 return -EFAULT;
274 274
275 if (__put_user(sig, &frame->sig)) 275 if (__put_user(sig, &frame->sig))
@@ -349,7 +349,7 @@ int ia32_setup_rt_frame(int sig, struct ksignal *ksig,
349 349
350 frame = get_sigframe(ksig, regs, sizeof(*frame), &fpstate); 350 frame = get_sigframe(ksig, regs, sizeof(*frame), &fpstate);
351 351
352 if (!access_ok(VERIFY_WRITE, frame, sizeof(*frame))) 352 if (!access_ok(frame, sizeof(*frame)))
353 return -EFAULT; 353 return -EFAULT;
354 354
355 put_user_try { 355 put_user_try {
diff --git a/arch/x86/ia32/sys_ia32.c b/arch/x86/ia32/sys_ia32.c
index 11ef7b7c9cc8..a43212036257 100644
--- a/arch/x86/ia32/sys_ia32.c
+++ b/arch/x86/ia32/sys_ia32.c
@@ -75,7 +75,7 @@ static int cp_stat64(struct stat64 __user *ubuf, struct kstat *stat)
75 typeof(ubuf->st_gid) gid = 0; 75 typeof(ubuf->st_gid) gid = 0;
76 SET_UID(uid, from_kuid_munged(current_user_ns(), stat->uid)); 76 SET_UID(uid, from_kuid_munged(current_user_ns(), stat->uid));
77 SET_GID(gid, from_kgid_munged(current_user_ns(), stat->gid)); 77 SET_GID(gid, from_kgid_munged(current_user_ns(), stat->gid));
78 if (!access_ok(VERIFY_WRITE, ubuf, sizeof(struct stat64)) || 78 if (!access_ok(ubuf, sizeof(struct stat64)) ||
79 __put_user(huge_encode_dev(stat->dev), &ubuf->st_dev) || 79 __put_user(huge_encode_dev(stat->dev), &ubuf->st_dev) ||
80 __put_user(stat->ino, &ubuf->__st_ino) || 80 __put_user(stat->ino, &ubuf->__st_ino) ||
81 __put_user(stat->ino, &ubuf->st_ino) || 81 __put_user(stat->ino, &ubuf->st_ino) ||
diff --git a/arch/x86/include/asm/checksum_32.h b/arch/x86/include/asm/checksum_32.h
index 7a659c74cd03..f57b94e02c57 100644
--- a/arch/x86/include/asm/checksum_32.h
+++ b/arch/x86/include/asm/checksum_32.h
@@ -182,7 +182,7 @@ static inline __wsum csum_and_copy_to_user(const void *src,
182 __wsum ret; 182 __wsum ret;
183 183
184 might_sleep(); 184 might_sleep();
185 if (access_ok(VERIFY_WRITE, dst, len)) { 185 if (access_ok(dst, len)) {
186 stac(); 186 stac();
187 ret = csum_partial_copy_generic(src, (__force void *)dst, 187 ret = csum_partial_copy_generic(src, (__force void *)dst,
188 len, sum, NULL, err_ptr); 188 len, sum, NULL, err_ptr);
diff --git a/arch/x86/include/asm/pgtable_32.h b/arch/x86/include/asm/pgtable_32.h
index b3ec519e3982..4fe9e7fc74d3 100644
--- a/arch/x86/include/asm/pgtable_32.h
+++ b/arch/x86/include/asm/pgtable_32.h
@@ -37,7 +37,7 @@ void sync_initial_page_table(void);
37/* 37/*
38 * Define this if things work differently on an i386 and an i486: 38 * Define this if things work differently on an i386 and an i486:
39 * it will (on an i486) warn about kernel memory accesses that are 39 * it will (on an i486) warn about kernel memory accesses that are
40 * done without a 'access_ok(VERIFY_WRITE,..)' 40 * done without a 'access_ok( ..)'
41 */ 41 */
42#undef TEST_ACCESS_OK 42#undef TEST_ACCESS_OK
43 43
diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h
index b5e58cc0c5e7..3920f456db79 100644
--- a/arch/x86/include/asm/uaccess.h
+++ b/arch/x86/include/asm/uaccess.h
@@ -77,9 +77,6 @@ static inline bool __chk_range_not_ok(unsigned long addr, unsigned long size, un
77 77
78/** 78/**
79 * access_ok: - Checks if a user space pointer is valid 79 * access_ok: - Checks if a user space pointer is valid
80 * @type: Type of access: %VERIFY_READ or %VERIFY_WRITE. Note that
81 * %VERIFY_WRITE is a superset of %VERIFY_READ - if it is safe
82 * to write to a block, it is always safe to read from it.
83 * @addr: User space pointer to start of block to check 80 * @addr: User space pointer to start of block to check
84 * @size: Size of block to check 81 * @size: Size of block to check
85 * 82 *
@@ -95,7 +92,7 @@ static inline bool __chk_range_not_ok(unsigned long addr, unsigned long size, un
95 * checks that the pointer is in the user space range - after calling 92 * checks that the pointer is in the user space range - after calling
96 * this function, memory access functions may still return -EFAULT. 93 * this function, memory access functions may still return -EFAULT.
97 */ 94 */
98#define access_ok(type, addr, size) \ 95#define access_ok(addr, size) \
99({ \ 96({ \
100 WARN_ON_IN_IRQ(); \ 97 WARN_ON_IN_IRQ(); \
101 likely(!__range_not_ok(addr, size, user_addr_max())); \ 98 likely(!__range_not_ok(addr, size, user_addr_max())); \
@@ -670,7 +667,7 @@ extern void __cmpxchg_wrong_size(void)
670 667
671#define user_atomic_cmpxchg_inatomic(uval, ptr, old, new) \ 668#define user_atomic_cmpxchg_inatomic(uval, ptr, old, new) \
672({ \ 669({ \
673 access_ok(VERIFY_WRITE, (ptr), sizeof(*(ptr))) ? \ 670 access_ok((ptr), sizeof(*(ptr))) ? \
674 __user_atomic_cmpxchg_inatomic((uval), (ptr), \ 671 __user_atomic_cmpxchg_inatomic((uval), (ptr), \
675 (old), (new), sizeof(*(ptr))) : \ 672 (old), (new), sizeof(*(ptr))) : \
676 -EFAULT; \ 673 -EFAULT; \
diff --git a/arch/x86/kernel/fpu/signal.c b/arch/x86/kernel/fpu/signal.c
index d99a8ee9e185..f6a1d299627c 100644
--- a/arch/x86/kernel/fpu/signal.c
+++ b/arch/x86/kernel/fpu/signal.c
@@ -164,7 +164,7 @@ int copy_fpstate_to_sigframe(void __user *buf, void __user *buf_fx, int size)
164 ia32_fxstate &= (IS_ENABLED(CONFIG_X86_32) || 164 ia32_fxstate &= (IS_ENABLED(CONFIG_X86_32) ||
165 IS_ENABLED(CONFIG_IA32_EMULATION)); 165 IS_ENABLED(CONFIG_IA32_EMULATION));
166 166
167 if (!access_ok(VERIFY_WRITE, buf, size)) 167 if (!access_ok(buf, size))
168 return -EACCES; 168 return -EACCES;
169 169
170 if (!static_cpu_has(X86_FEATURE_FPU)) 170 if (!static_cpu_has(X86_FEATURE_FPU))
@@ -281,7 +281,7 @@ static int __fpu__restore_sig(void __user *buf, void __user *buf_fx, int size)
281 return 0; 281 return 0;
282 } 282 }
283 283
284 if (!access_ok(VERIFY_READ, buf, size)) 284 if (!access_ok(buf, size))
285 return -EACCES; 285 return -EACCES;
286 286
287 fpu__initialize(fpu); 287 fpu__initialize(fpu);
diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c
index 92a3b312a53c..08dfd4c1a4f9 100644
--- a/arch/x86/kernel/signal.c
+++ b/arch/x86/kernel/signal.c
@@ -322,7 +322,7 @@ __setup_frame(int sig, struct ksignal *ksig, sigset_t *set,
322 322
323 frame = get_sigframe(&ksig->ka, regs, sizeof(*frame), &fpstate); 323 frame = get_sigframe(&ksig->ka, regs, sizeof(*frame), &fpstate);
324 324
325 if (!access_ok(VERIFY_WRITE, frame, sizeof(*frame))) 325 if (!access_ok(frame, sizeof(*frame)))
326 return -EFAULT; 326 return -EFAULT;
327 327
328 if (__put_user(sig, &frame->sig)) 328 if (__put_user(sig, &frame->sig))
@@ -385,7 +385,7 @@ static int __setup_rt_frame(int sig, struct ksignal *ksig,
385 385
386 frame = get_sigframe(&ksig->ka, regs, sizeof(*frame), &fpstate); 386 frame = get_sigframe(&ksig->ka, regs, sizeof(*frame), &fpstate);
387 387
388 if (!access_ok(VERIFY_WRITE, frame, sizeof(*frame))) 388 if (!access_ok(frame, sizeof(*frame)))
389 return -EFAULT; 389 return -EFAULT;
390 390
391 put_user_try { 391 put_user_try {
@@ -465,7 +465,7 @@ static int __setup_rt_frame(int sig, struct ksignal *ksig,
465 465
466 frame = get_sigframe(&ksig->ka, regs, sizeof(struct rt_sigframe), &fp); 466 frame = get_sigframe(&ksig->ka, regs, sizeof(struct rt_sigframe), &fp);
467 467
468 if (!access_ok(VERIFY_WRITE, frame, sizeof(*frame))) 468 if (!access_ok(frame, sizeof(*frame)))
469 return -EFAULT; 469 return -EFAULT;
470 470
471 if (ksig->ka.sa.sa_flags & SA_SIGINFO) { 471 if (ksig->ka.sa.sa_flags & SA_SIGINFO) {
@@ -547,7 +547,7 @@ static int x32_setup_rt_frame(struct ksignal *ksig,
547 547
548 frame = get_sigframe(&ksig->ka, regs, sizeof(*frame), &fpstate); 548 frame = get_sigframe(&ksig->ka, regs, sizeof(*frame), &fpstate);
549 549
550 if (!access_ok(VERIFY_WRITE, frame, sizeof(*frame))) 550 if (!access_ok(frame, sizeof(*frame)))
551 return -EFAULT; 551 return -EFAULT;
552 552
553 if (ksig->ka.sa.sa_flags & SA_SIGINFO) { 553 if (ksig->ka.sa.sa_flags & SA_SIGINFO) {
@@ -610,7 +610,7 @@ SYSCALL_DEFINE0(sigreturn)
610 610
611 frame = (struct sigframe __user *)(regs->sp - 8); 611 frame = (struct sigframe __user *)(regs->sp - 8);
612 612
613 if (!access_ok(VERIFY_READ, frame, sizeof(*frame))) 613 if (!access_ok(frame, sizeof(*frame)))
614 goto badframe; 614 goto badframe;
615 if (__get_user(set.sig[0], &frame->sc.oldmask) || (_NSIG_WORDS > 1 615 if (__get_user(set.sig[0], &frame->sc.oldmask) || (_NSIG_WORDS > 1
616 && __copy_from_user(&set.sig[1], &frame->extramask, 616 && __copy_from_user(&set.sig[1], &frame->extramask,
@@ -642,7 +642,7 @@ SYSCALL_DEFINE0(rt_sigreturn)
642 unsigned long uc_flags; 642 unsigned long uc_flags;
643 643
644 frame = (struct rt_sigframe __user *)(regs->sp - sizeof(long)); 644 frame = (struct rt_sigframe __user *)(regs->sp - sizeof(long));
645 if (!access_ok(VERIFY_READ, frame, sizeof(*frame))) 645 if (!access_ok(frame, sizeof(*frame)))
646 goto badframe; 646 goto badframe;
647 if (__copy_from_user(&set, &frame->uc.uc_sigmask, sizeof(set))) 647 if (__copy_from_user(&set, &frame->uc.uc_sigmask, sizeof(set)))
648 goto badframe; 648 goto badframe;
@@ -871,7 +871,7 @@ asmlinkage long sys32_x32_rt_sigreturn(void)
871 871
872 frame = (struct rt_sigframe_x32 __user *)(regs->sp - 8); 872 frame = (struct rt_sigframe_x32 __user *)(regs->sp - 8);
873 873
874 if (!access_ok(VERIFY_READ, frame, sizeof(*frame))) 874 if (!access_ok(frame, sizeof(*frame)))
875 goto badframe; 875 goto badframe;
876 if (__copy_from_user(&set, &frame->uc.uc_sigmask, sizeof(set))) 876 if (__copy_from_user(&set, &frame->uc.uc_sigmask, sizeof(set)))
877 goto badframe; 877 goto badframe;
diff --git a/arch/x86/kernel/stacktrace.c b/arch/x86/kernel/stacktrace.c
index 7627455047c2..5c2d71a1dc06 100644
--- a/arch/x86/kernel/stacktrace.c
+++ b/arch/x86/kernel/stacktrace.c
@@ -177,7 +177,7 @@ copy_stack_frame(const void __user *fp, struct stack_frame_user *frame)
177{ 177{
178 int ret; 178 int ret;
179 179
180 if (!access_ok(VERIFY_READ, fp, sizeof(*frame))) 180 if (!access_ok(fp, sizeof(*frame)))
181 return 0; 181 return 0;
182 182
183 ret = 1; 183 ret = 1;
diff --git a/arch/x86/kernel/vm86_32.c b/arch/x86/kernel/vm86_32.c
index c2fd39752da8..a092b6b40c6b 100644
--- a/arch/x86/kernel/vm86_32.c
+++ b/arch/x86/kernel/vm86_32.c
@@ -114,7 +114,7 @@ void save_v86_state(struct kernel_vm86_regs *regs, int retval)
114 set_flags(regs->pt.flags, VEFLAGS, X86_EFLAGS_VIF | vm86->veflags_mask); 114 set_flags(regs->pt.flags, VEFLAGS, X86_EFLAGS_VIF | vm86->veflags_mask);
115 user = vm86->user_vm86; 115 user = vm86->user_vm86;
116 116
117 if (!access_ok(VERIFY_WRITE, user, vm86->vm86plus.is_vm86pus ? 117 if (!access_ok(user, vm86->vm86plus.is_vm86pus ?
118 sizeof(struct vm86plus_struct) : 118 sizeof(struct vm86plus_struct) :
119 sizeof(struct vm86_struct))) { 119 sizeof(struct vm86_struct))) {
120 pr_alert("could not access userspace vm86 info\n"); 120 pr_alert("could not access userspace vm86 info\n");
@@ -278,7 +278,7 @@ static long do_sys_vm86(struct vm86plus_struct __user *user_vm86, bool plus)
278 if (vm86->saved_sp0) 278 if (vm86->saved_sp0)
279 return -EPERM; 279 return -EPERM;
280 280
281 if (!access_ok(VERIFY_READ, user_vm86, plus ? 281 if (!access_ok(user_vm86, plus ?
282 sizeof(struct vm86_struct) : 282 sizeof(struct vm86_struct) :
283 sizeof(struct vm86plus_struct))) 283 sizeof(struct vm86plus_struct)))
284 return -EFAULT; 284 return -EFAULT;
diff --git a/arch/x86/lib/csum-wrappers_64.c b/arch/x86/lib/csum-wrappers_64.c
index 8bd53589ecfb..a6a2b7dccbff 100644
--- a/arch/x86/lib/csum-wrappers_64.c
+++ b/arch/x86/lib/csum-wrappers_64.c
@@ -27,7 +27,7 @@ csum_partial_copy_from_user(const void __user *src, void *dst,
27 might_sleep(); 27 might_sleep();
28 *errp = 0; 28 *errp = 0;
29 29
30 if (!likely(access_ok(VERIFY_READ, src, len))) 30 if (!likely(access_ok(src, len)))
31 goto out_err; 31 goto out_err;
32 32
33 /* 33 /*
@@ -89,7 +89,7 @@ csum_partial_copy_to_user(const void *src, void __user *dst,
89 89
90 might_sleep(); 90 might_sleep();
91 91
92 if (unlikely(!access_ok(VERIFY_WRITE, dst, len))) { 92 if (unlikely(!access_ok(dst, len))) {
93 *errp = -EFAULT; 93 *errp = -EFAULT;
94 return 0; 94 return 0;
95 } 95 }
diff --git a/arch/x86/lib/usercopy_32.c b/arch/x86/lib/usercopy_32.c
index 71fb58d44d58..bfd94e7812fc 100644
--- a/arch/x86/lib/usercopy_32.c
+++ b/arch/x86/lib/usercopy_32.c
@@ -67,7 +67,7 @@ unsigned long
67clear_user(void __user *to, unsigned long n) 67clear_user(void __user *to, unsigned long n)
68{ 68{
69 might_fault(); 69 might_fault();
70 if (access_ok(VERIFY_WRITE, to, n)) 70 if (access_ok(to, n))
71 __do_clear_user(to, n); 71 __do_clear_user(to, n);
72 return n; 72 return n;
73} 73}
diff --git a/arch/x86/lib/usercopy_64.c b/arch/x86/lib/usercopy_64.c
index 1bd837cdc4b1..ee42bb0cbeb3 100644
--- a/arch/x86/lib/usercopy_64.c
+++ b/arch/x86/lib/usercopy_64.c
@@ -48,7 +48,7 @@ EXPORT_SYMBOL(__clear_user);
48 48
49unsigned long clear_user(void __user *to, unsigned long n) 49unsigned long clear_user(void __user *to, unsigned long n)
50{ 50{
51 if (access_ok(VERIFY_WRITE, to, n)) 51 if (access_ok(to, n))
52 return __clear_user(to, n); 52 return __clear_user(to, n);
53 return n; 53 return n;
54} 54}
diff --git a/arch/x86/math-emu/fpu_system.h b/arch/x86/math-emu/fpu_system.h
index c8b1b31ed7c4..f98a0c956764 100644
--- a/arch/x86/math-emu/fpu_system.h
+++ b/arch/x86/math-emu/fpu_system.h
@@ -104,7 +104,7 @@ static inline bool seg_writable(struct desc_struct *d)
104#define instruction_address (*(struct address *)&I387->soft.fip) 104#define instruction_address (*(struct address *)&I387->soft.fip)
105#define operand_address (*(struct address *)&I387->soft.foo) 105#define operand_address (*(struct address *)&I387->soft.foo)
106 106
107#define FPU_access_ok(x,y,z) if ( !access_ok(x,y,z) ) \ 107#define FPU_access_ok(y,z) if ( !access_ok(y,z) ) \
108 math_abort(FPU_info,SIGSEGV) 108 math_abort(FPU_info,SIGSEGV)
109#define FPU_abort math_abort(FPU_info, SIGSEGV) 109#define FPU_abort math_abort(FPU_info, SIGSEGV)
110 110
@@ -119,7 +119,7 @@ static inline bool seg_writable(struct desc_struct *d)
119/* A simpler test than access_ok() can probably be done for 119/* A simpler test than access_ok() can probably be done for
120 FPU_code_access_ok() because the only possible error is to step 120 FPU_code_access_ok() because the only possible error is to step
121 past the upper boundary of a legal code area. */ 121 past the upper boundary of a legal code area. */
122#define FPU_code_access_ok(z) FPU_access_ok(VERIFY_READ,(void __user *)FPU_EIP,z) 122#define FPU_code_access_ok(z) FPU_access_ok((void __user *)FPU_EIP,z)
123#endif 123#endif
124 124
125#define FPU_get_user(x,y) get_user((x),(y)) 125#define FPU_get_user(x,y) get_user((x),(y))
diff --git a/arch/x86/math-emu/load_store.c b/arch/x86/math-emu/load_store.c
index f821a9cd7753..f15263e158e8 100644
--- a/arch/x86/math-emu/load_store.c
+++ b/arch/x86/math-emu/load_store.c
@@ -251,7 +251,7 @@ int FPU_load_store(u_char type, fpu_addr_modes addr_modes,
251 break; 251 break;
252 case 024: /* fldcw */ 252 case 024: /* fldcw */
253 RE_ENTRANT_CHECK_OFF; 253 RE_ENTRANT_CHECK_OFF;
254 FPU_access_ok(VERIFY_READ, data_address, 2); 254 FPU_access_ok(data_address, 2);
255 FPU_get_user(control_word, 255 FPU_get_user(control_word,
256 (unsigned short __user *)data_address); 256 (unsigned short __user *)data_address);
257 RE_ENTRANT_CHECK_ON; 257 RE_ENTRANT_CHECK_ON;
@@ -291,7 +291,7 @@ int FPU_load_store(u_char type, fpu_addr_modes addr_modes,
291 break; 291 break;
292 case 034: /* fstcw m16int */ 292 case 034: /* fstcw m16int */
293 RE_ENTRANT_CHECK_OFF; 293 RE_ENTRANT_CHECK_OFF;
294 FPU_access_ok(VERIFY_WRITE, data_address, 2); 294 FPU_access_ok(data_address, 2);
295 FPU_put_user(control_word, 295 FPU_put_user(control_word,
296 (unsigned short __user *)data_address); 296 (unsigned short __user *)data_address);
297 RE_ENTRANT_CHECK_ON; 297 RE_ENTRANT_CHECK_ON;
@@ -305,7 +305,7 @@ int FPU_load_store(u_char type, fpu_addr_modes addr_modes,
305 break; 305 break;
306 case 036: /* fstsw m2byte */ 306 case 036: /* fstsw m2byte */
307 RE_ENTRANT_CHECK_OFF; 307 RE_ENTRANT_CHECK_OFF;
308 FPU_access_ok(VERIFY_WRITE, data_address, 2); 308 FPU_access_ok(data_address, 2);
309 FPU_put_user(status_word(), 309 FPU_put_user(status_word(),
310 (unsigned short __user *)data_address); 310 (unsigned short __user *)data_address);
311 RE_ENTRANT_CHECK_ON; 311 RE_ENTRANT_CHECK_ON;
diff --git a/arch/x86/math-emu/reg_ld_str.c b/arch/x86/math-emu/reg_ld_str.c
index d40ff45497b9..f3779743d15e 100644
--- a/arch/x86/math-emu/reg_ld_str.c
+++ b/arch/x86/math-emu/reg_ld_str.c
@@ -84,7 +84,7 @@ int FPU_load_extended(long double __user *s, int stnr)
84 FPU_REG *sti_ptr = &st(stnr); 84 FPU_REG *sti_ptr = &st(stnr);
85 85
86 RE_ENTRANT_CHECK_OFF; 86 RE_ENTRANT_CHECK_OFF;
87 FPU_access_ok(VERIFY_READ, s, 10); 87 FPU_access_ok(s, 10);
88 __copy_from_user(sti_ptr, s, 10); 88 __copy_from_user(sti_ptr, s, 10);
89 RE_ENTRANT_CHECK_ON; 89 RE_ENTRANT_CHECK_ON;
90 90
@@ -98,7 +98,7 @@ int FPU_load_double(double __user *dfloat, FPU_REG *loaded_data)
98 unsigned m64, l64; 98 unsigned m64, l64;
99 99
100 RE_ENTRANT_CHECK_OFF; 100 RE_ENTRANT_CHECK_OFF;
101 FPU_access_ok(VERIFY_READ, dfloat, 8); 101 FPU_access_ok(dfloat, 8);
102 FPU_get_user(m64, 1 + (unsigned long __user *)dfloat); 102 FPU_get_user(m64, 1 + (unsigned long __user *)dfloat);
103 FPU_get_user(l64, (unsigned long __user *)dfloat); 103 FPU_get_user(l64, (unsigned long __user *)dfloat);
104 RE_ENTRANT_CHECK_ON; 104 RE_ENTRANT_CHECK_ON;
@@ -159,7 +159,7 @@ int FPU_load_single(float __user *single, FPU_REG *loaded_data)
159 int exp, tag, negative; 159 int exp, tag, negative;
160 160
161 RE_ENTRANT_CHECK_OFF; 161 RE_ENTRANT_CHECK_OFF;
162 FPU_access_ok(VERIFY_READ, single, 4); 162 FPU_access_ok(single, 4);
163 FPU_get_user(m32, (unsigned long __user *)single); 163 FPU_get_user(m32, (unsigned long __user *)single);
164 RE_ENTRANT_CHECK_ON; 164 RE_ENTRANT_CHECK_ON;
165 165
@@ -214,7 +214,7 @@ int FPU_load_int64(long long __user *_s)
214 FPU_REG *st0_ptr = &st(0); 214 FPU_REG *st0_ptr = &st(0);
215 215
216 RE_ENTRANT_CHECK_OFF; 216 RE_ENTRANT_CHECK_OFF;
217 FPU_access_ok(VERIFY_READ, _s, 8); 217 FPU_access_ok(_s, 8);
218 if (copy_from_user(&s, _s, 8)) 218 if (copy_from_user(&s, _s, 8))
219 FPU_abort; 219 FPU_abort;
220 RE_ENTRANT_CHECK_ON; 220 RE_ENTRANT_CHECK_ON;
@@ -243,7 +243,7 @@ int FPU_load_int32(long __user *_s, FPU_REG *loaded_data)
243 int negative; 243 int negative;
244 244
245 RE_ENTRANT_CHECK_OFF; 245 RE_ENTRANT_CHECK_OFF;
246 FPU_access_ok(VERIFY_READ, _s, 4); 246 FPU_access_ok(_s, 4);
247 FPU_get_user(s, _s); 247 FPU_get_user(s, _s);
248 RE_ENTRANT_CHECK_ON; 248 RE_ENTRANT_CHECK_ON;
249 249
@@ -271,7 +271,7 @@ int FPU_load_int16(short __user *_s, FPU_REG *loaded_data)
271 int s, negative; 271 int s, negative;
272 272
273 RE_ENTRANT_CHECK_OFF; 273 RE_ENTRANT_CHECK_OFF;
274 FPU_access_ok(VERIFY_READ, _s, 2); 274 FPU_access_ok(_s, 2);
275 /* Cast as short to get the sign extended. */ 275 /* Cast as short to get the sign extended. */
276 FPU_get_user(s, _s); 276 FPU_get_user(s, _s);
277 RE_ENTRANT_CHECK_ON; 277 RE_ENTRANT_CHECK_ON;
@@ -304,7 +304,7 @@ int FPU_load_bcd(u_char __user *s)
304 int sign; 304 int sign;
305 305
306 RE_ENTRANT_CHECK_OFF; 306 RE_ENTRANT_CHECK_OFF;
307 FPU_access_ok(VERIFY_READ, s, 10); 307 FPU_access_ok(s, 10);
308 RE_ENTRANT_CHECK_ON; 308 RE_ENTRANT_CHECK_ON;
309 for (pos = 8; pos >= 0; pos--) { 309 for (pos = 8; pos >= 0; pos--) {
310 l *= 10; 310 l *= 10;
@@ -345,7 +345,7 @@ int FPU_store_extended(FPU_REG *st0_ptr, u_char st0_tag,
345 345
346 if (st0_tag != TAG_Empty) { 346 if (st0_tag != TAG_Empty) {
347 RE_ENTRANT_CHECK_OFF; 347 RE_ENTRANT_CHECK_OFF;
348 FPU_access_ok(VERIFY_WRITE, d, 10); 348 FPU_access_ok(d, 10);
349 349
350 FPU_put_user(st0_ptr->sigl, (unsigned long __user *)d); 350 FPU_put_user(st0_ptr->sigl, (unsigned long __user *)d);
351 FPU_put_user(st0_ptr->sigh, 351 FPU_put_user(st0_ptr->sigh,
@@ -364,7 +364,7 @@ int FPU_store_extended(FPU_REG *st0_ptr, u_char st0_tag,
364 /* The masked response */ 364 /* The masked response */
365 /* Put out the QNaN indefinite */ 365 /* Put out the QNaN indefinite */
366 RE_ENTRANT_CHECK_OFF; 366 RE_ENTRANT_CHECK_OFF;
367 FPU_access_ok(VERIFY_WRITE, d, 10); 367 FPU_access_ok(d, 10);
368 FPU_put_user(0, (unsigned long __user *)d); 368 FPU_put_user(0, (unsigned long __user *)d);
369 FPU_put_user(0xc0000000, 1 + (unsigned long __user *)d); 369 FPU_put_user(0xc0000000, 1 + (unsigned long __user *)d);
370 FPU_put_user(0xffff, 4 + (short __user *)d); 370 FPU_put_user(0xffff, 4 + (short __user *)d);
@@ -539,7 +539,7 @@ denormal_arg:
539 /* The masked response */ 539 /* The masked response */
540 /* Put out the QNaN indefinite */ 540 /* Put out the QNaN indefinite */
541 RE_ENTRANT_CHECK_OFF; 541 RE_ENTRANT_CHECK_OFF;
542 FPU_access_ok(VERIFY_WRITE, dfloat, 8); 542 FPU_access_ok(dfloat, 8);
543 FPU_put_user(0, (unsigned long __user *)dfloat); 543 FPU_put_user(0, (unsigned long __user *)dfloat);
544 FPU_put_user(0xfff80000, 544 FPU_put_user(0xfff80000,
545 1 + (unsigned long __user *)dfloat); 545 1 + (unsigned long __user *)dfloat);
@@ -552,7 +552,7 @@ denormal_arg:
552 l[1] |= 0x80000000; 552 l[1] |= 0x80000000;
553 553
554 RE_ENTRANT_CHECK_OFF; 554 RE_ENTRANT_CHECK_OFF;
555 FPU_access_ok(VERIFY_WRITE, dfloat, 8); 555 FPU_access_ok(dfloat, 8);
556 FPU_put_user(l[0], (unsigned long __user *)dfloat); 556 FPU_put_user(l[0], (unsigned long __user *)dfloat);
557 FPU_put_user(l[1], 1 + (unsigned long __user *)dfloat); 557 FPU_put_user(l[1], 1 + (unsigned long __user *)dfloat);
558 RE_ENTRANT_CHECK_ON; 558 RE_ENTRANT_CHECK_ON;
@@ -724,7 +724,7 @@ int FPU_store_single(FPU_REG *st0_ptr, u_char st0_tag, float __user *single)
724 /* The masked response */ 724 /* The masked response */
725 /* Put out the QNaN indefinite */ 725 /* Put out the QNaN indefinite */
726 RE_ENTRANT_CHECK_OFF; 726 RE_ENTRANT_CHECK_OFF;
727 FPU_access_ok(VERIFY_WRITE, single, 4); 727 FPU_access_ok(single, 4);
728 FPU_put_user(0xffc00000, 728 FPU_put_user(0xffc00000,
729 (unsigned long __user *)single); 729 (unsigned long __user *)single);
730 RE_ENTRANT_CHECK_ON; 730 RE_ENTRANT_CHECK_ON;
@@ -742,7 +742,7 @@ int FPU_store_single(FPU_REG *st0_ptr, u_char st0_tag, float __user *single)
742 templ |= 0x80000000; 742 templ |= 0x80000000;
743 743
744 RE_ENTRANT_CHECK_OFF; 744 RE_ENTRANT_CHECK_OFF;
745 FPU_access_ok(VERIFY_WRITE, single, 4); 745 FPU_access_ok(single, 4);
746 FPU_put_user(templ, (unsigned long __user *)single); 746 FPU_put_user(templ, (unsigned long __user *)single);
747 RE_ENTRANT_CHECK_ON; 747 RE_ENTRANT_CHECK_ON;
748 748
@@ -791,7 +791,7 @@ int FPU_store_int64(FPU_REG *st0_ptr, u_char st0_tag, long long __user *d)
791 } 791 }
792 792
793 RE_ENTRANT_CHECK_OFF; 793 RE_ENTRANT_CHECK_OFF;
794 FPU_access_ok(VERIFY_WRITE, d, 8); 794 FPU_access_ok(d, 8);
795 if (copy_to_user(d, &tll, 8)) 795 if (copy_to_user(d, &tll, 8))
796 FPU_abort; 796 FPU_abort;
797 RE_ENTRANT_CHECK_ON; 797 RE_ENTRANT_CHECK_ON;
@@ -838,7 +838,7 @@ int FPU_store_int32(FPU_REG *st0_ptr, u_char st0_tag, long __user *d)
838 } 838 }
839 839
840 RE_ENTRANT_CHECK_OFF; 840 RE_ENTRANT_CHECK_OFF;
841 FPU_access_ok(VERIFY_WRITE, d, 4); 841 FPU_access_ok(d, 4);
842 FPU_put_user(t.sigl, (unsigned long __user *)d); 842 FPU_put_user(t.sigl, (unsigned long __user *)d);
843 RE_ENTRANT_CHECK_ON; 843 RE_ENTRANT_CHECK_ON;
844 844
@@ -884,7 +884,7 @@ int FPU_store_int16(FPU_REG *st0_ptr, u_char st0_tag, short __user *d)
884 } 884 }
885 885
886 RE_ENTRANT_CHECK_OFF; 886 RE_ENTRANT_CHECK_OFF;
887 FPU_access_ok(VERIFY_WRITE, d, 2); 887 FPU_access_ok(d, 2);
888 FPU_put_user((short)t.sigl, d); 888 FPU_put_user((short)t.sigl, d);
889 RE_ENTRANT_CHECK_ON; 889 RE_ENTRANT_CHECK_ON;
890 890
@@ -925,7 +925,7 @@ int FPU_store_bcd(FPU_REG *st0_ptr, u_char st0_tag, u_char __user *d)
925 if (control_word & CW_Invalid) { 925 if (control_word & CW_Invalid) {
926 /* Produce the QNaN "indefinite" */ 926 /* Produce the QNaN "indefinite" */
927 RE_ENTRANT_CHECK_OFF; 927 RE_ENTRANT_CHECK_OFF;
928 FPU_access_ok(VERIFY_WRITE, d, 10); 928 FPU_access_ok(d, 10);
929 for (i = 0; i < 7; i++) 929 for (i = 0; i < 7; i++)
930 FPU_put_user(0, d + i); /* These bytes "undefined" */ 930 FPU_put_user(0, d + i); /* These bytes "undefined" */
931 FPU_put_user(0xc0, d + 7); /* This byte "undefined" */ 931 FPU_put_user(0xc0, d + 7); /* This byte "undefined" */
@@ -941,7 +941,7 @@ int FPU_store_bcd(FPU_REG *st0_ptr, u_char st0_tag, u_char __user *d)
941 } 941 }
942 942
943 RE_ENTRANT_CHECK_OFF; 943 RE_ENTRANT_CHECK_OFF;
944 FPU_access_ok(VERIFY_WRITE, d, 10); 944 FPU_access_ok(d, 10);
945 RE_ENTRANT_CHECK_ON; 945 RE_ENTRANT_CHECK_ON;
946 for (i = 0; i < 9; i++) { 946 for (i = 0; i < 9; i++) {
947 b = FPU_div_small(&ll, 10); 947 b = FPU_div_small(&ll, 10);
@@ -1034,7 +1034,7 @@ u_char __user *fldenv(fpu_addr_modes addr_modes, u_char __user *s)
1034 ((addr_modes.default_mode == PM16) 1034 ((addr_modes.default_mode == PM16)
1035 ^ (addr_modes.override.operand_size == OP_SIZE_PREFIX))) { 1035 ^ (addr_modes.override.operand_size == OP_SIZE_PREFIX))) {
1036 RE_ENTRANT_CHECK_OFF; 1036 RE_ENTRANT_CHECK_OFF;
1037 FPU_access_ok(VERIFY_READ, s, 0x0e); 1037 FPU_access_ok(s, 0x0e);
1038 FPU_get_user(control_word, (unsigned short __user *)s); 1038 FPU_get_user(control_word, (unsigned short __user *)s);
1039 FPU_get_user(partial_status, (unsigned short __user *)(s + 2)); 1039 FPU_get_user(partial_status, (unsigned short __user *)(s + 2));
1040 FPU_get_user(tag_word, (unsigned short __user *)(s + 4)); 1040 FPU_get_user(tag_word, (unsigned short __user *)(s + 4));
@@ -1056,7 +1056,7 @@ u_char __user *fldenv(fpu_addr_modes addr_modes, u_char __user *s)
1056 } 1056 }
1057 } else { 1057 } else {
1058 RE_ENTRANT_CHECK_OFF; 1058 RE_ENTRANT_CHECK_OFF;
1059 FPU_access_ok(VERIFY_READ, s, 0x1c); 1059 FPU_access_ok(s, 0x1c);
1060 FPU_get_user(control_word, (unsigned short __user *)s); 1060 FPU_get_user(control_word, (unsigned short __user *)s);
1061 FPU_get_user(partial_status, (unsigned short __user *)(s + 4)); 1061 FPU_get_user(partial_status, (unsigned short __user *)(s + 4));
1062 FPU_get_user(tag_word, (unsigned short __user *)(s + 8)); 1062 FPU_get_user(tag_word, (unsigned short __user *)(s + 8));
@@ -1125,7 +1125,7 @@ void frstor(fpu_addr_modes addr_modes, u_char __user *data_address)
1125 1125
1126 /* Copy all registers in stack order. */ 1126 /* Copy all registers in stack order. */
1127 RE_ENTRANT_CHECK_OFF; 1127 RE_ENTRANT_CHECK_OFF;
1128 FPU_access_ok(VERIFY_READ, s, 80); 1128 FPU_access_ok(s, 80);
1129 __copy_from_user(register_base + offset, s, other); 1129 __copy_from_user(register_base + offset, s, other);
1130 if (offset) 1130 if (offset)
1131 __copy_from_user(register_base, s + other, offset); 1131 __copy_from_user(register_base, s + other, offset);
@@ -1146,7 +1146,7 @@ u_char __user *fstenv(fpu_addr_modes addr_modes, u_char __user *d)
1146 ((addr_modes.default_mode == PM16) 1146 ((addr_modes.default_mode == PM16)
1147 ^ (addr_modes.override.operand_size == OP_SIZE_PREFIX))) { 1147 ^ (addr_modes.override.operand_size == OP_SIZE_PREFIX))) {
1148 RE_ENTRANT_CHECK_OFF; 1148 RE_ENTRANT_CHECK_OFF;
1149 FPU_access_ok(VERIFY_WRITE, d, 14); 1149 FPU_access_ok(d, 14);
1150#ifdef PECULIAR_486 1150#ifdef PECULIAR_486
1151 FPU_put_user(control_word & ~0xe080, (unsigned long __user *)d); 1151 FPU_put_user(control_word & ~0xe080, (unsigned long __user *)d);
1152#else 1152#else
@@ -1174,7 +1174,7 @@ u_char __user *fstenv(fpu_addr_modes addr_modes, u_char __user *d)
1174 d += 0x0e; 1174 d += 0x0e;
1175 } else { 1175 } else {
1176 RE_ENTRANT_CHECK_OFF; 1176 RE_ENTRANT_CHECK_OFF;
1177 FPU_access_ok(VERIFY_WRITE, d, 7 * 4); 1177 FPU_access_ok(d, 7 * 4);
1178#ifdef PECULIAR_486 1178#ifdef PECULIAR_486
1179 control_word &= ~0xe080; 1179 control_word &= ~0xe080;
1180 /* An 80486 sets nearly all of the reserved bits to 1. */ 1180 /* An 80486 sets nearly all of the reserved bits to 1. */
@@ -1204,7 +1204,7 @@ void fsave(fpu_addr_modes addr_modes, u_char __user *data_address)
1204 d = fstenv(addr_modes, data_address); 1204 d = fstenv(addr_modes, data_address);
1205 1205
1206 RE_ENTRANT_CHECK_OFF; 1206 RE_ENTRANT_CHECK_OFF;
1207 FPU_access_ok(VERIFY_WRITE, d, 80); 1207 FPU_access_ok(d, 80);
1208 1208
1209 /* Copy all registers in stack order. */ 1209 /* Copy all registers in stack order. */
1210 if (__copy_to_user(d, register_base + offset, other)) 1210 if (__copy_to_user(d, register_base + offset, other))
diff --git a/arch/x86/mm/mpx.c b/arch/x86/mm/mpx.c
index 2385538e8065..de1851d15699 100644
--- a/arch/x86/mm/mpx.c
+++ b/arch/x86/mm/mpx.c
@@ -495,7 +495,7 @@ static int get_bt_addr(struct mm_struct *mm,
495 unsigned long bd_entry; 495 unsigned long bd_entry;
496 unsigned long bt_addr; 496 unsigned long bt_addr;
497 497
498 if (!access_ok(VERIFY_READ, (bd_entry_ptr), sizeof(*bd_entry_ptr))) 498 if (!access_ok((bd_entry_ptr), sizeof(*bd_entry_ptr)))
499 return -EFAULT; 499 return -EFAULT;
500 500
501 while (1) { 501 while (1) {
diff --git a/arch/x86/um/asm/checksum_32.h b/arch/x86/um/asm/checksum_32.h
index 83a75f8a1233..b9ac7c9eb72c 100644
--- a/arch/x86/um/asm/checksum_32.h
+++ b/arch/x86/um/asm/checksum_32.h
@@ -43,7 +43,7 @@ static __inline__ __wsum csum_and_copy_to_user(const void *src,
43 void __user *dst, 43 void __user *dst,
44 int len, __wsum sum, int *err_ptr) 44 int len, __wsum sum, int *err_ptr)
45{ 45{
46 if (access_ok(VERIFY_WRITE, dst, len)) { 46 if (access_ok(dst, len)) {
47 if (copy_to_user(dst, src, len)) { 47 if (copy_to_user(dst, src, len)) {
48 *err_ptr = -EFAULT; 48 *err_ptr = -EFAULT;
49 return (__force __wsum)-1; 49 return (__force __wsum)-1;
diff --git a/arch/x86/um/signal.c b/arch/x86/um/signal.c
index 727ed442e0a5..8b4a71efe7ee 100644
--- a/arch/x86/um/signal.c
+++ b/arch/x86/um/signal.c
@@ -367,7 +367,7 @@ int setup_signal_stack_sc(unsigned long stack_top, struct ksignal *ksig,
367 /* This is the same calculation as i386 - ((sp + 4) & 15) == 0 */ 367 /* This is the same calculation as i386 - ((sp + 4) & 15) == 0 */
368 stack_top = ((stack_top + 4) & -16UL) - 4; 368 stack_top = ((stack_top + 4) & -16UL) - 4;
369 frame = (struct sigframe __user *) stack_top - 1; 369 frame = (struct sigframe __user *) stack_top - 1;
370 if (!access_ok(VERIFY_WRITE, frame, sizeof(*frame))) 370 if (!access_ok(frame, sizeof(*frame)))
371 return 1; 371 return 1;
372 372
373 restorer = frame->retcode; 373 restorer = frame->retcode;
@@ -412,7 +412,7 @@ int setup_signal_stack_si(unsigned long stack_top, struct ksignal *ksig,
412 412
413 stack_top &= -8UL; 413 stack_top &= -8UL;
414 frame = (struct rt_sigframe __user *) stack_top - 1; 414 frame = (struct rt_sigframe __user *) stack_top - 1;
415 if (!access_ok(VERIFY_WRITE, frame, sizeof(*frame))) 415 if (!access_ok(frame, sizeof(*frame)))
416 return 1; 416 return 1;
417 417
418 restorer = frame->retcode; 418 restorer = frame->retcode;
@@ -497,7 +497,7 @@ int setup_signal_stack_si(unsigned long stack_top, struct ksignal *ksig,
497 /* Subtract 128 for a red zone and 8 for proper alignment */ 497 /* Subtract 128 for a red zone and 8 for proper alignment */
498 frame = (struct rt_sigframe __user *) ((unsigned long) frame - 128 - 8); 498 frame = (struct rt_sigframe __user *) ((unsigned long) frame - 128 - 8);
499 499
500 if (!access_ok(VERIFY_WRITE, frame, sizeof(*frame))) 500 if (!access_ok(frame, sizeof(*frame)))
501 goto out; 501 goto out;
502 502
503 if (ksig->ka.sa.sa_flags & SA_SIGINFO) { 503 if (ksig->ka.sa.sa_flags & SA_SIGINFO) {
generated by cgit v1.2.2 (git 2.25.0) at 2026-01-09 15:55:53 -0500