diff options
author | Al Viro <viro@zeniv.linux.org.uk> | 2012-04-22 16:59:56 -0400 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2012-05-21 23:59:21 -0400 |
commit | a46808e1b75216f175a12cd16e3af3be2d4a53d4 (patch) | |
tree | e848ce1a583e7c7720edede1431325089681e5b5 /arch/sh | |
parent | 187cd44e147ec7245ddd97bbd3305d29583288a9 (diff) |
sh: missing checks of __get_user()/__put_user() return values
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'arch/sh')
-rw-r--r-- | arch/sh/kernel/signal_32.c | 37 | ||||
-rw-r--r-- | arch/sh/kernel/signal_64.c | 12 |
2 files changed, 27 insertions, 22 deletions
diff --git a/arch/sh/kernel/signal_32.c b/arch/sh/kernel/signal_32.c index 04d776f35869..cb4172c8af7d 100644 --- a/arch/sh/kernel/signal_32.c +++ b/arch/sh/kernel/signal_32.c | |||
@@ -71,10 +71,10 @@ sys_sigaction(int sig, const struct old_sigaction __user *act, | |||
71 | old_sigset_t mask; | 71 | old_sigset_t mask; |
72 | if (!access_ok(VERIFY_READ, act, sizeof(*act)) || | 72 | if (!access_ok(VERIFY_READ, act, sizeof(*act)) || |
73 | __get_user(new_ka.sa.sa_handler, &act->sa_handler) || | 73 | __get_user(new_ka.sa.sa_handler, &act->sa_handler) || |
74 | __get_user(new_ka.sa.sa_restorer, &act->sa_restorer)) | 74 | __get_user(new_ka.sa.sa_restorer, &act->sa_restorer) || |
75 | __get_user(new_ka.sa.sa_flags, &act->sa_flags) || | ||
76 | __get_user(mask, &act->sa_mask)) | ||
75 | return -EFAULT; | 77 | return -EFAULT; |
76 | __get_user(new_ka.sa.sa_flags, &act->sa_flags); | ||
77 | __get_user(mask, &act->sa_mask); | ||
78 | siginitset(&new_ka.sa.sa_mask, mask); | 78 | siginitset(&new_ka.sa.sa_mask, mask); |
79 | } | 79 | } |
80 | 80 | ||
@@ -83,10 +83,10 @@ sys_sigaction(int sig, const struct old_sigaction __user *act, | |||
83 | if (!ret && oact) { | 83 | if (!ret && oact) { |
84 | if (!access_ok(VERIFY_WRITE, oact, sizeof(*oact)) || | 84 | if (!access_ok(VERIFY_WRITE, oact, sizeof(*oact)) || |
85 | __put_user(old_ka.sa.sa_handler, &oact->sa_handler) || | 85 | __put_user(old_ka.sa.sa_handler, &oact->sa_handler) || |
86 | __put_user(old_ka.sa.sa_restorer, &oact->sa_restorer)) | 86 | __put_user(old_ka.sa.sa_restorer, &oact->sa_restorer) || |
87 | __put_user(old_ka.sa.sa_flags, &oact->sa_flags) || | ||
88 | __put_user(old_ka.sa.sa_mask.sig[0], &oact->sa_mask)) | ||
87 | return -EFAULT; | 89 | return -EFAULT; |
88 | __put_user(old_ka.sa.sa_flags, &oact->sa_flags); | ||
89 | __put_user(old_ka.sa.sa_mask.sig[0], &oact->sa_mask); | ||
90 | } | 90 | } |
91 | 91 | ||
92 | return ret; | 92 | return ret; |
@@ -150,12 +150,11 @@ static inline int save_sigcontext_fpu(struct sigcontext __user *sc, | |||
150 | if (!(boot_cpu_data.flags & CPU_HAS_FPU)) | 150 | if (!(boot_cpu_data.flags & CPU_HAS_FPU)) |
151 | return 0; | 151 | return 0; |
152 | 152 | ||
153 | if (!used_math()) { | 153 | if (!used_math()) |
154 | __put_user(0, &sc->sc_ownedfp); | 154 | return __put_user(0, &sc->sc_ownedfp); |
155 | return 0; | ||
156 | } | ||
157 | 155 | ||
158 | __put_user(1, &sc->sc_ownedfp); | 156 | if (__put_user(1, &sc->sc_ownedfp)) |
157 | return -EFAULT; | ||
159 | 158 | ||
160 | /* This will cause a "finit" to be triggered by the next | 159 | /* This will cause a "finit" to be triggered by the next |
161 | attempted FPU operation by the 'current' process. | 160 | attempted FPU operation by the 'current' process. |
@@ -195,7 +194,7 @@ restore_sigcontext(struct pt_regs *regs, struct sigcontext __user *sc, int *r0_p | |||
195 | regs->sr |= SR_FD; /* Release FPU */ | 194 | regs->sr |= SR_FD; /* Release FPU */ |
196 | clear_fpu(tsk, regs); | 195 | clear_fpu(tsk, regs); |
197 | clear_used_math(); | 196 | clear_used_math(); |
198 | __get_user (owned_fp, &sc->sc_ownedfp); | 197 | err |= __get_user (owned_fp, &sc->sc_ownedfp); |
199 | if (owned_fp) | 198 | if (owned_fp) |
200 | err |= restore_sigcontext_fpu(sc); | 199 | err |= restore_sigcontext_fpu(sc); |
201 | } | 200 | } |
@@ -386,11 +385,14 @@ static int setup_frame(int sig, struct k_sigaction *ka, | |||
386 | struct fdpic_func_descriptor __user *funcptr = | 385 | struct fdpic_func_descriptor __user *funcptr = |
387 | (struct fdpic_func_descriptor __user *)ka->sa.sa_handler; | 386 | (struct fdpic_func_descriptor __user *)ka->sa.sa_handler; |
388 | 387 | ||
389 | __get_user(regs->pc, &funcptr->text); | 388 | err |= __get_user(regs->pc, &funcptr->text); |
390 | __get_user(regs->regs[12], &funcptr->GOT); | 389 | err |= __get_user(regs->regs[12], &funcptr->GOT); |
391 | } else | 390 | } else |
392 | regs->pc = (unsigned long)ka->sa.sa_handler; | 391 | regs->pc = (unsigned long)ka->sa.sa_handler; |
393 | 392 | ||
393 | if (err) | ||
394 | goto give_sigsegv; | ||
395 | |||
394 | set_fs(USER_DS); | 396 | set_fs(USER_DS); |
395 | 397 | ||
396 | pr_debug("SIG deliver (%s:%d): sp=%p pc=%08lx pr=%08lx\n", | 398 | pr_debug("SIG deliver (%s:%d): sp=%p pc=%08lx pr=%08lx\n", |
@@ -470,11 +472,14 @@ static int setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info, | |||
470 | struct fdpic_func_descriptor __user *funcptr = | 472 | struct fdpic_func_descriptor __user *funcptr = |
471 | (struct fdpic_func_descriptor __user *)ka->sa.sa_handler; | 473 | (struct fdpic_func_descriptor __user *)ka->sa.sa_handler; |
472 | 474 | ||
473 | __get_user(regs->pc, &funcptr->text); | 475 | err |= __get_user(regs->pc, &funcptr->text); |
474 | __get_user(regs->regs[12], &funcptr->GOT); | 476 | err |= __get_user(regs->regs[12], &funcptr->GOT); |
475 | } else | 477 | } else |
476 | regs->pc = (unsigned long)ka->sa.sa_handler; | 478 | regs->pc = (unsigned long)ka->sa.sa_handler; |
477 | 479 | ||
480 | if (err) | ||
481 | goto give_sigsegv; | ||
482 | |||
478 | set_fs(USER_DS); | 483 | set_fs(USER_DS); |
479 | 484 | ||
480 | pr_debug("SIG deliver (%s:%d): sp=%p pc=%08lx pr=%08lx\n", | 485 | pr_debug("SIG deliver (%s:%d): sp=%p pc=%08lx pr=%08lx\n", |
diff --git a/arch/sh/kernel/signal_64.c b/arch/sh/kernel/signal_64.c index 8f6ed236c932..b589a354c069 100644 --- a/arch/sh/kernel/signal_64.c +++ b/arch/sh/kernel/signal_64.c | |||
@@ -173,10 +173,10 @@ sys_sigaction(int sig, const struct old_sigaction __user *act, | |||
173 | old_sigset_t mask; | 173 | old_sigset_t mask; |
174 | if (!access_ok(VERIFY_READ, act, sizeof(*act)) || | 174 | if (!access_ok(VERIFY_READ, act, sizeof(*act)) || |
175 | __get_user(new_ka.sa.sa_handler, &act->sa_handler) || | 175 | __get_user(new_ka.sa.sa_handler, &act->sa_handler) || |
176 | __get_user(new_ka.sa.sa_restorer, &act->sa_restorer)) | 176 | __get_user(new_ka.sa.sa_restorer, &act->sa_restorer) || |
177 | __get_user(new_ka.sa.sa_flags, &act->sa_flags) || | ||
178 | __get_user(mask, &act->sa_mask)) | ||
177 | return -EFAULT; | 179 | return -EFAULT; |
178 | __get_user(new_ka.sa.sa_flags, &act->sa_flags); | ||
179 | __get_user(mask, &act->sa_mask); | ||
180 | siginitset(&new_ka.sa.sa_mask, mask); | 180 | siginitset(&new_ka.sa.sa_mask, mask); |
181 | } | 181 | } |
182 | 182 | ||
@@ -185,10 +185,10 @@ sys_sigaction(int sig, const struct old_sigaction __user *act, | |||
185 | if (!ret && oact) { | 185 | if (!ret && oact) { |
186 | if (!access_ok(VERIFY_WRITE, oact, sizeof(*oact)) || | 186 | if (!access_ok(VERIFY_WRITE, oact, sizeof(*oact)) || |
187 | __put_user(old_ka.sa.sa_handler, &oact->sa_handler) || | 187 | __put_user(old_ka.sa.sa_handler, &oact->sa_handler) || |
188 | __put_user(old_ka.sa.sa_restorer, &oact->sa_restorer)) | 188 | __put_user(old_ka.sa.sa_restorer, &oact->sa_restorer) || |
189 | __put_user(old_ka.sa.sa_flags, &oact->sa_flags) || | ||
190 | __put_user(old_ka.sa.sa_mask.sig[0], &oact->sa_mask)) | ||
189 | return -EFAULT; | 191 | return -EFAULT; |
190 | __put_user(old_ka.sa.sa_flags, &oact->sa_flags); | ||
191 | __put_user(old_ka.sa.sa_mask.sig[0], &oact->sa_mask); | ||
192 | } | 192 | } |
193 | 193 | ||
194 | return ret; | 194 | return ret; |