powerpc: Sanitize stack pointer in signal handling code

On powerpc64 machines running 32-bit userspace, we can get garbage bits in the
stack pointer passed into the kernel.  Most places handle this correctly, but
the signal handling code uses the passed value directly for allocating signal
stack frames.

This fixes the issue by introducing a get_clean_sp function that returns a
sanitized stack pointer.  For 32-bit tasks on a 64-bit kernel, the stack
pointer is masked correctly.  In all other cases, the stack pointer is simply
returned.

Additionally, we pass an 'is_32' parameter to get_sigframe now in order to
get the properly sanitized stack.  The callers are know to be 32 or 64-bit
statically.

Signed-off-by: Josh Boyer <jwboyer@linux.vnet.ibm.com>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>

1 files changed, 2 insertions, 2 deletions

diff --git a/arch/powerpc/kernel/signal_32.c b/arch/powerpc/kernel/signal_32.c
index b13abf305996..d670429a1608 100644
--- a/arch/powerpc/kernel/signal_32.c
+++ b/arch/powerpc/kernel/signal_32.c
@@ -836,7 +836,7 @@ int handle_rt_signal32(unsigned long sig, struct k_sigaction *ka,
 
         /* Set up Signal Frame */
         /* Put a Real Time Context onto stack */
-        rt_sf = get_sigframe(ka, regs, sizeof(*rt_sf));
+        rt_sf = get_sigframe(ka, regs, sizeof(*rt_sf), 1);
         addr = rt_sf;
         if (unlikely(rt_sf == NULL))
                 goto badframe;
@@ -1182,7 +1182,7 @@ int handle_signal32(unsigned long sig, struct k_sigaction *ka,
         unsigned long newsp = 0;
 
         /* Set up Signal Frame */
-        frame = get_sigframe(ka, regs, sizeof(*frame));
+        frame = get_sigframe(ka, regs, sizeof(*frame), 1);
         if (unlikely(frame == NULL))
                 goto badframe;
         sc = (struct sigcontext __user *) &frame->sctx;