diff options
author | Chen, Kenneth W <kenneth.w.chen@intel.com> | 2005-09-06 19:05:23 -0400 |
---|---|---|
committer | Tony Luck <tony.luck@intel.com> | 2005-09-07 11:53:16 -0400 |
commit | 295bd89279aad6959f0d363ee8e946d4766f9ad8 (patch) | |
tree | e0bcc6080adc665a818585fbb0280a50c82a18c4 /arch | |
parent | 63028aa7f581d9d4e6889f9dc06ded2534250a76 (diff) |
[IA64] make exception handler in copy_user more robust
The exception handler in copy user always expects fault occurs only on
user space address and the fall back recovery code is written with that
very assumption in mind. Recent source code inspection revealed that
while it worked splendid and to the expectation under normal circumstances,
It broke down under unexpected condition where some address calculation
might go outside the legal address range the original copy_user was
called for. This patch is to make copy_user exception handler more robust
and to prevent potential memory corruption.
Signed-off-by: Ken Chen <kenneth.w.chen@intel.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>
Diffstat (limited to 'arch')
-rw-r--r-- | arch/ia64/lib/memcpy_mck.S | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/arch/ia64/lib/memcpy_mck.S b/arch/ia64/lib/memcpy_mck.S index 6f308e62c137..46c9331e7ab5 100644 --- a/arch/ia64/lib/memcpy_mck.S +++ b/arch/ia64/lib/memcpy_mck.S | |||
@@ -625,8 +625,11 @@ EK(.ex_handler, (p17) st8 [dst1]=r39,8); \ | |||
625 | clrrrb | 625 | clrrrb |
626 | ;; | 626 | ;; |
627 | alloc saved_pfs_stack=ar.pfs,3,3,3,0 | 627 | alloc saved_pfs_stack=ar.pfs,3,3,3,0 |
628 | cmp.lt p8,p0=A,r0 | ||
628 | sub B = dst0, saved_in0 // how many byte copied so far | 629 | sub B = dst0, saved_in0 // how many byte copied so far |
629 | ;; | 630 | ;; |
631 | (p8) mov A = 0; // A shouldn't be negative, cap it | ||
632 | ;; | ||
630 | sub C = A, B | 633 | sub C = A, B |
631 | sub D = saved_in2, A | 634 | sub D = saved_in2, A |
632 | ;; | 635 | ;; |