aboutsummaryrefslogtreecommitdiffstats
path: root/arch/sh
diff options
context:
space:
mode:
authorAl Viro <viro@zeniv.linux.org.uk>2012-04-22 16:59:56 -0400
committerAl Viro <viro@zeniv.linux.org.uk>2012-05-21 23:59:21 -0400
commita46808e1b75216f175a12cd16e3af3be2d4a53d4 (patch)
treee848ce1a583e7c7720edede1431325089681e5b5 /arch/sh
parent187cd44e147ec7245ddd97bbd3305d29583288a9 (diff)
sh: missing checks of __get_user()/__put_user() return values
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'arch/sh')
-rw-r--r--arch/sh/kernel/signal_32.c37
-rw-r--r--arch/sh/kernel/signal_64.c12
2 files changed, 27 insertions, 22 deletions
diff --git a/arch/sh/kernel/signal_32.c b/arch/sh/kernel/signal_32.c
index 04d776f35869..cb4172c8af7d 100644
--- a/arch/sh/kernel/signal_32.c
+++ b/arch/sh/kernel/signal_32.c
@@ -71,10 +71,10 @@ sys_sigaction(int sig, const struct old_sigaction __user *act,
71 old_sigset_t mask; 71 old_sigset_t mask;
72 if (!access_ok(VERIFY_READ, act, sizeof(*act)) || 72 if (!access_ok(VERIFY_READ, act, sizeof(*act)) ||
73 __get_user(new_ka.sa.sa_handler, &act->sa_handler) || 73 __get_user(new_ka.sa.sa_handler, &act->sa_handler) ||
74 __get_user(new_ka.sa.sa_restorer, &act->sa_restorer)) 74 __get_user(new_ka.sa.sa_restorer, &act->sa_restorer) ||
75 __get_user(new_ka.sa.sa_flags, &act->sa_flags) ||
76 __get_user(mask, &act->sa_mask))
75 return -EFAULT; 77 return -EFAULT;
76 __get_user(new_ka.sa.sa_flags, &act->sa_flags);
77 __get_user(mask, &act->sa_mask);
78 siginitset(&new_ka.sa.sa_mask, mask); 78 siginitset(&new_ka.sa.sa_mask, mask);
79 } 79 }
80 80
@@ -83,10 +83,10 @@ sys_sigaction(int sig, const struct old_sigaction __user *act,
83 if (!ret && oact) { 83 if (!ret && oact) {
84 if (!access_ok(VERIFY_WRITE, oact, sizeof(*oact)) || 84 if (!access_ok(VERIFY_WRITE, oact, sizeof(*oact)) ||
85 __put_user(old_ka.sa.sa_handler, &oact->sa_handler) || 85 __put_user(old_ka.sa.sa_handler, &oact->sa_handler) ||
86 __put_user(old_ka.sa.sa_restorer, &oact->sa_restorer)) 86 __put_user(old_ka.sa.sa_restorer, &oact->sa_restorer) ||
87 __put_user(old_ka.sa.sa_flags, &oact->sa_flags) ||
88 __put_user(old_ka.sa.sa_mask.sig[0], &oact->sa_mask))
87 return -EFAULT; 89 return -EFAULT;
88 __put_user(old_ka.sa.sa_flags, &oact->sa_flags);
89 __put_user(old_ka.sa.sa_mask.sig[0], &oact->sa_mask);
90 } 90 }
91 91
92 return ret; 92 return ret;
@@ -150,12 +150,11 @@ static inline int save_sigcontext_fpu(struct sigcontext __user *sc,
150 if (!(boot_cpu_data.flags & CPU_HAS_FPU)) 150 if (!(boot_cpu_data.flags & CPU_HAS_FPU))
151 return 0; 151 return 0;
152 152
153 if (!used_math()) { 153 if (!used_math())
154 __put_user(0, &sc->sc_ownedfp); 154 return __put_user(0, &sc->sc_ownedfp);
155 return 0;
156 }
157 155
158 __put_user(1, &sc->sc_ownedfp); 156 if (__put_user(1, &sc->sc_ownedfp))
157 return -EFAULT;
159 158
160 /* This will cause a "finit" to be triggered by the next 159 /* This will cause a "finit" to be triggered by the next
161 attempted FPU operation by the 'current' process. 160 attempted FPU operation by the 'current' process.
@@ -195,7 +194,7 @@ restore_sigcontext(struct pt_regs *regs, struct sigcontext __user *sc, int *r0_p
195 regs->sr |= SR_FD; /* Release FPU */ 194 regs->sr |= SR_FD; /* Release FPU */
196 clear_fpu(tsk, regs); 195 clear_fpu(tsk, regs);
197 clear_used_math(); 196 clear_used_math();
198 __get_user (owned_fp, &sc->sc_ownedfp); 197 err |= __get_user (owned_fp, &sc->sc_ownedfp);
199 if (owned_fp) 198 if (owned_fp)
200 err |= restore_sigcontext_fpu(sc); 199 err |= restore_sigcontext_fpu(sc);
201 } 200 }
@@ -386,11 +385,14 @@ static int setup_frame(int sig, struct k_sigaction *ka,
386 struct fdpic_func_descriptor __user *funcptr = 385 struct fdpic_func_descriptor __user *funcptr =
387 (struct fdpic_func_descriptor __user *)ka->sa.sa_handler; 386 (struct fdpic_func_descriptor __user *)ka->sa.sa_handler;
388 387
389 __get_user(regs->pc, &funcptr->text); 388 err |= __get_user(regs->pc, &funcptr->text);
390 __get_user(regs->regs[12], &funcptr->GOT); 389 err |= __get_user(regs->regs[12], &funcptr->GOT);
391 } else 390 } else
392 regs->pc = (unsigned long)ka->sa.sa_handler; 391 regs->pc = (unsigned long)ka->sa.sa_handler;
393 392
393 if (err)
394 goto give_sigsegv;
395
394 set_fs(USER_DS); 396 set_fs(USER_DS);
395 397
396 pr_debug("SIG deliver (%s:%d): sp=%p pc=%08lx pr=%08lx\n", 398 pr_debug("SIG deliver (%s:%d): sp=%p pc=%08lx pr=%08lx\n",
@@ -470,11 +472,14 @@ static int setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info,
470 struct fdpic_func_descriptor __user *funcptr = 472 struct fdpic_func_descriptor __user *funcptr =
471 (struct fdpic_func_descriptor __user *)ka->sa.sa_handler; 473 (struct fdpic_func_descriptor __user *)ka->sa.sa_handler;
472 474
473 __get_user(regs->pc, &funcptr->text); 475 err |= __get_user(regs->pc, &funcptr->text);
474 __get_user(regs->regs[12], &funcptr->GOT); 476 err |= __get_user(regs->regs[12], &funcptr->GOT);
475 } else 477 } else
476 regs->pc = (unsigned long)ka->sa.sa_handler; 478 regs->pc = (unsigned long)ka->sa.sa_handler;
477 479
480 if (err)
481 goto give_sigsegv;
482
478 set_fs(USER_DS); 483 set_fs(USER_DS);
479 484
480 pr_debug("SIG deliver (%s:%d): sp=%p pc=%08lx pr=%08lx\n", 485 pr_debug("SIG deliver (%s:%d): sp=%p pc=%08lx pr=%08lx\n",
diff --git a/arch/sh/kernel/signal_64.c b/arch/sh/kernel/signal_64.c
index 8f6ed236c932..b589a354c069 100644
--- a/arch/sh/kernel/signal_64.c
+++ b/arch/sh/kernel/signal_64.c
@@ -173,10 +173,10 @@ sys_sigaction(int sig, const struct old_sigaction __user *act,
173 old_sigset_t mask; 173 old_sigset_t mask;
174 if (!access_ok(VERIFY_READ, act, sizeof(*act)) || 174 if (!access_ok(VERIFY_READ, act, sizeof(*act)) ||
175 __get_user(new_ka.sa.sa_handler, &act->sa_handler) || 175 __get_user(new_ka.sa.sa_handler, &act->sa_handler) ||
176 __get_user(new_ka.sa.sa_restorer, &act->sa_restorer)) 176 __get_user(new_ka.sa.sa_restorer, &act->sa_restorer) ||
177 __get_user(new_ka.sa.sa_flags, &act->sa_flags) ||
178 __get_user(mask, &act->sa_mask))
177 return -EFAULT; 179 return -EFAULT;
178 __get_user(new_ka.sa.sa_flags, &act->sa_flags);
179 __get_user(mask, &act->sa_mask);
180 siginitset(&new_ka.sa.sa_mask, mask); 180 siginitset(&new_ka.sa.sa_mask, mask);
181 } 181 }
182 182
@@ -185,10 +185,10 @@ sys_sigaction(int sig, const struct old_sigaction __user *act,
185 if (!ret && oact) { 185 if (!ret && oact) {
186 if (!access_ok(VERIFY_WRITE, oact, sizeof(*oact)) || 186 if (!access_ok(VERIFY_WRITE, oact, sizeof(*oact)) ||
187 __put_user(old_ka.sa.sa_handler, &oact->sa_handler) || 187 __put_user(old_ka.sa.sa_handler, &oact->sa_handler) ||
188 __put_user(old_ka.sa.sa_restorer, &oact->sa_restorer)) 188 __put_user(old_ka.sa.sa_restorer, &oact->sa_restorer) ||
189 __put_user(old_ka.sa.sa_flags, &oact->sa_flags) ||
190 __put_user(old_ka.sa.sa_mask.sig[0], &oact->sa_mask))
189 return -EFAULT; 191 return -EFAULT;
190 __put_user(old_ka.sa.sa_flags, &oact->sa_flags);
191 __put_user(old_ka.sa.sa_mask.sig[0], &oact->sa_mask);
192 } 192 }
193 193
194 return ret; 194 return ret;