From patchwork Thu Nov 22 15:38:00 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Bottomley X-Patchwork-Id: 1788181 Return-Path: X-Original-To: patchwork-linux-parisc@patchwork.kernel.org Delivered-To: patchwork-process-083081@patchwork2.kernel.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by patchwork2.kernel.org (Postfix) with ESMTP id 831A1DF24C for ; Thu, 22 Nov 2012 20:38:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756644Ab2KVUiG (ORCPT ); Thu, 22 Nov 2012 15:38:06 -0500 Received: from bedivere.hansenpartnership.com ([66.63.167.143]:40103 "EHLO bedivere.hansenpartnership.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752943Ab2KVTOV (ORCPT ); Thu, 22 Nov 2012 14:14:21 -0500 Received: from localhost (localhost [127.0.0.1]) by bedivere.hansenpartnership.com (Postfix) with ESMTP id B2D1C8EE0E6; Thu, 22 Nov 2012 07:38:03 -0800 (PST) Received: from bedivere.hansenpartnership.com ([127.0.0.1]) by localhost (bedivere.hansenpartnership.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GbuERJDxs3Yz; Thu, 22 Nov 2012 07:38:03 -0800 (PST) Received: from [153.66.254.224] (accolon.hansenpartnership.com [46.65.52.191]) by bedivere.hansenpartnership.com (Postfix) with ESMTPSA id 837568EE0AB; Thu, 22 Nov 2012 07:38:02 -0800 (PST) Message-ID: <1353598680.2449.39.camel@dabdike.int.hansenpartnership.com> Subject: [GIT PULL] parisc fixes for 3.6-rc3 From: James Bottomley To: Andrew Morton , Linus Torvalds Cc: Parisc List , linux-kernel Date: Thu, 22 Nov 2012 15:38:00 +0000 X-Mailer: Evolution 3.4.4 Mime-Version: 1.0 Sender: linux-parisc-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-parisc@vger.kernel.org This is two bug fixes: one fixes a loophole where rt_sigprocmask() with the wrong values panics the box (Denial of Service) and the other fixes an aliasing problem with get_shared_area() which could cause data corruption. The patches are here: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/parisc-2.6.git parisc-fixes The short changelog is: Al Viro (1): fix user-triggerable panic on parisc James Bottomley (1): fix virtual aliasing issue in get_shared_area() And the diffstat: arch/parisc/kernel/signal32.c | 6 ++++-- arch/parisc/kernel/sys_parisc.c | 2 ++ 2 files changed, 6 insertions(+), 2 deletions(-) Full diff is below. James --- -- To unsubscribe from this list: send the line "unsubscribe linux-parisc" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/arch/parisc/kernel/signal32.c b/arch/parisc/kernel/signal32.c index fd49aed..5dede04 100644 --- a/arch/parisc/kernel/signal32.c +++ b/arch/parisc/kernel/signal32.c @@ -65,7 +65,8 @@ put_sigset32(compat_sigset_t __user *up, sigset_t *set, size_t sz) { compat_sigset_t s; - if (sz != sizeof *set) panic("put_sigset32()"); + if (sz != sizeof *set) + return -EINVAL; sigset_64to32(&s, set); return copy_to_user(up, &s, sizeof s); @@ -77,7 +78,8 @@ get_sigset32(compat_sigset_t __user *up, sigset_t *set, size_t sz) compat_sigset_t s; int r; - if (sz != sizeof *set) panic("put_sigset32()"); + if (sz != sizeof *set) + return -EINVAL; if ((r = copy_from_user(&s, up, sz)) == 0) { sigset_32to64(set, &s); diff --git a/arch/parisc/kernel/sys_parisc.c b/arch/parisc/kernel/sys_parisc.c index 7426e40..f76c108 100644 --- a/arch/parisc/kernel/sys_parisc.c +++ b/arch/parisc/kernel/sys_parisc.c @@ -73,6 +73,8 @@ static unsigned long get_shared_area(struct address_space *mapping, struct vm_area_struct *vma; int offset = mapping ? get_offset(mapping) : 0; + offset = (offset + (pgoff << PAGE_SHIFT)) & 0x3FF000; + addr = DCACHE_ALIGN(addr - offset) + offset; for (vma = find_vma(current->mm, addr); ; vma = vma->vm_next) {