[PATCH 3/7] powerpc/signal64: Access function descriptor with user access block

[PATCH 1/7] powerpc/signal64: Copy siginfo before changing regs->nip · Christophe Leroy <hidden> · 2021-06-15
[PATCH 2/7] powerpc/signal64: Don't read sigaction arguments back from user memory · Christophe Leroy <hidden> · 2021-06-15
[PATCH 3/7] powerpc/signal64: Access function descriptor with user access block · Christophe Leroy <hidden> · 2021-06-15
[PATCH 4/7] powerpc/signal: Include the new stack frame inside the user access block · Christophe Leroy <hidden> · 2021-06-15
[PATCH 5/7] signal: Add unsafe_copy_siginfo_to_user() · Christophe Leroy <hidden> · 2021-06-15
Re: [PATCH 5/7] signal: Add unsafe_copy_siginfo_to_user() · Christoph Hellwig <hch@infradead.org> · 2021-06-15
Re: [PATCH 5/7] signal: Add unsafe_copy_siginfo_to_user() · Christophe Leroy <hidden> · 2021-06-15
Re: [PATCH 5/7] signal: Add unsafe_copy_siginfo_to_user() · Christoph Hellwig <hch@infradead.org> · 2021-06-15
Re: [PATCH 5/7] signal: Add unsafe_copy_siginfo_to_user() · Christophe Leroy <hidden> · 2021-06-15
[PATCH 6/7] powerpc/uaccess: Add unsafe_clear_user() · Christophe Leroy <hidden> · 2021-06-15
Re: [PATCH 6/7] powerpc/uaccess: Add unsafe_clear_user() · Christoph Hellwig <hch@infradead.org> · 2021-06-15
Re: [PATCH 6/7] powerpc/uaccess: Add unsafe_clear_user() · Christophe Leroy <hidden> · 2021-06-15
[PATCH 7/7] powerpc/signal: Use unsafe_copy_siginfo_to_user() · Christophe Leroy <hidden> · 2021-06-15
Re: [PATCH 7/7] powerpc/signal: Use unsafe_copy_siginfo_to_user() · Christoph Hellwig <hch@infradead.org> · 2021-06-15
Re: [PATCH 7/7] powerpc/signal: Use unsafe_copy_siginfo_to_user() · Christophe Leroy <hidden> · 2021-06-15

STALE1813d

From: Christophe Leroy <hidden>
Date: 2021-06-15 06:41:31
Also in: lkml
Subsystem: linux for powerpc (32-bit and 64-bit), the rest · Maintainers: Madhavan Srinivasan, Michael Ellerman, Linus Torvalds

Access the function descriptor of the handler within a
user access block.

Signed-off-by: Christophe Leroy <redacted>
---
 arch/powerpc/kernel/signal_64.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/arch/powerpc/kernel/signal_64.c b/arch/powerpc/kernel/signal_64.c
index 8b2eb758131c..9ca97b4366df 100644
--- a/arch/powerpc/kernel/signal_64.c
+++ b/arch/powerpc/kernel/signal_64.c

@@ -936,8 +936,18 @@ int handle_rt_signal64(struct ksignal *ksig, sigset_t *set,
 		func_descr_t __user *funct_desc_ptr =
 			(func_descr_t __user *) ksig->ka.sa.sa_handler;
 
-		err |= get_user(regs->ctr, &funct_desc_ptr->entry);
-		err |= get_user(regs->gpr[2], &funct_desc_ptr->toc);
+		if (user_read_access_begin(funct_desc_ptr, sizeof(func_descr_t))) {
+			unsafe_get_user(regs->ctr, &funct_desc_ptr->entry, bad_funct_desc_block);
+			unsafe_get_user(regs->gpr[2], &funct_desc_ptr->toc, bad_funct_desc_block);
+		} else {
+			goto bad_funct_desc;
+bad_funct_desc_block:
+			user_read_access_end();
+bad_funct_desc:
+			signal_fault(current, regs, __func__, funct_desc_ptr);
+			return 1;
+		}
+		user_read_access_end();
 	}
 
 	/* enter the signal handler in native-endian mode */

-- 
2.25.0

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help