ARM: 7526/1: traps: send SIGILL if get_user fails on undef handling path

get_user may fail to load from the provided __user address due to an
unhandled fault generated by the access.

In the case of the undefined instruction trap, this results in failure
to load the faulting instruction, in which case we should send SIGILL to
the task rather than continue with potentially uninitialised data.

Signed-off-by: Will Deacon <will.deacon@arm.com>
Cc: stable@vger.kernel.org
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>

1 files changed, 7 insertions, 4 deletions

diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c
index f7945218b8c..b0179b89a04 100644
--- a/arch/arm/kernel/traps.c
+++ b/arch/arm/kernel/traps.c
@@ -420,20 +420,23 @@ asmlinkage void __exception do_undefinstr(struct pt_regs *regs)
 #endif
                         instr = *(u32 *) pc;
         } else if (thumb_mode(regs)) {
-                get_user(instr, (u16 __user *)pc);
+                if (get_user(instr, (u16 __user *)pc))
+                        goto die_sig;
                 if (is_wide_instruction(instr)) {
                         unsigned int instr2;
-                        get_user(instr2, (u16 __user *)pc+1);
+                        if (get_user(instr2, (u16 __user *)pc+1))
+                                goto die_sig;
                         instr <<= 16;
                         instr |= instr2;
                 }
-        } else {
-                get_user(instr, (u32 __user *)pc);
+        } else if (get_user(instr, (u32 __user *)pc)) {
+                goto die_sig;
         }
 
         if (call_undef_hook(regs, instr) == 0)
                 return;
 
+die_sig:
 #ifdef CONFIG_DEBUG_USER
         if (user_debug & UDBG_UNDEFINED) {
                 printk(KERN_INFO "%s (%d): undefined instruction: pc=%p\n",