diff options
| author | Paul Mundt <lethal@linux-sh.org> | 2008-01-10 23:18:16 -0500 |
|---|---|---|
| committer | Paul Mundt <lethal@linux-sh.org> | 2008-01-10 23:18:16 -0500 |
| commit | d7587b1445c0087cfcaa03ceae79b52eef4e9e4b (patch) | |
| tree | 5f6dc2a4d6c3c4b90854b57174efa76369a5fd95 /include/asm-sh | |
| parent | 844b43adba74d97f15e56b103c97bfcccaa01aa6 (diff) | |
sh: Force __access_ok() to obey address space limit.
When the thread_info->addr_limit changes were introduced, __access_ok()
was missed in the conversion, allowing user processes to perform P1/P2
accesses under certain conditions.
This has already been corrected with the nommu refactoring in later
kernels.
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
Diffstat (limited to 'include/asm-sh')
| -rw-r--r-- | include/asm-sh/uaccess.h | 42 |
1 files changed, 15 insertions, 27 deletions
diff --git a/include/asm-sh/uaccess.h b/include/asm-sh/uaccess.h index f18a1a5c95..77c391fa93 100644 --- a/include/asm-sh/uaccess.h +++ b/include/asm-sh/uaccess.h | |||
| @@ -73,38 +73,26 @@ static inline int __access_ok(unsigned long addr, unsigned long size) | |||
| 73 | /* | 73 | /* |
| 74 | * __access_ok: Check if address with size is OK or not. | 74 | * __access_ok: Check if address with size is OK or not. |
| 75 | * | 75 | * |
| 76 | * We do three checks: | 76 | * Uhhuh, this needs 33-bit arithmetic. We have a carry.. |
| 77 | * (1) is it user space? | ||
| 78 | * (2) addr + size --> carry? | ||
| 79 | * (3) addr + size >= 0x80000000 (PAGE_OFFSET) | ||
| 80 | * | 77 | * |
| 81 | * (1) (2) (3) | RESULT | 78 | * sum := addr + size; carry? --> flag = true; |
| 82 | * 0 0 0 | ok | 79 | * if (sum >= addr_limit) flag = true; |
| 83 | * 0 0 1 | ok | ||
| 84 | * 0 1 0 | bad | ||
| 85 | * 0 1 1 | bad | ||
| 86 | * 1 0 0 | ok | ||
| 87 | * 1 0 1 | bad | ||
| 88 | * 1 1 0 | bad | ||
| 89 | * 1 1 1 | bad | ||
| 90 | */ | 80 | */ |
| 91 | static inline int __access_ok(unsigned long addr, unsigned long size) | 81 | static inline int __access_ok(unsigned long addr, unsigned long size) |
| 92 | { | 82 | { |
| 93 | unsigned long flag, tmp; | 83 | unsigned long flag, sum; |
| 94 | 84 | ||
| 95 | __asm__("stc r7_bank, %0\n\t" | 85 | __asm__("clrt\n\t" |
| 96 | "mov.l @(8,%0), %0\n\t" | 86 | "addc %3, %1\n\t" |
| 97 | "clrt\n\t" | 87 | "movt %0\n\t" |
| 98 | "addc %2, %1\n\t" | 88 | "cmp/hi %4, %1\n\t" |
| 99 | "and %1, %0\n\t" | 89 | "rotcl %0" |
| 100 | "rotcl %0\n\t" | 90 | :"=&r" (flag), "=r" (sum) |
| 101 | "rotcl %0\n\t" | 91 | :"1" (addr), "r" (size), |
| 102 | "and #3, %0" | 92 | "r" (current_thread_info()->addr_limit.seg) |
| 103 | : "=&z" (flag), "=r" (tmp) | 93 | :"t"); |
| 104 | : "r" (addr), "1" (size) | ||
| 105 | : "t"); | ||
| 106 | |||
| 107 | return flag == 0; | 94 | return flag == 0; |
| 95 | |||
| 108 | } | 96 | } |
| 109 | #endif /* CONFIG_MMU */ | 97 | #endif /* CONFIG_MMU */ |
| 110 | 98 | ||