[PATCH v1 4/8] powerpc/signal64: Access function descriptor with scoped user access

[PATCH v1 0/8] powerpc/signal: Convert to scoped user access · "Christophe Leroy (CS GROUP)" <chleroy@kernel.org> · 2026-05-22
[PATCH v1 1/8] powerpc/signal32: Convert to scoped user access · "Christophe Leroy (CS GROUP)" <chleroy@kernel.org> · 2026-05-22
[PATCH v1 2/8] powerpc/signal64: Untangle setup_tm_sigcontexts() and user_access_begin() · "Christophe Leroy (CS GROUP)" <chleroy@kernel.org> · 2026-05-22
Re: [PATCH v1 2/8] powerpc/signal64: Untangle setup_tm_sigcontexts() and user_access_begin() · David Laight <hidden> · 2026-05-22
Re: [PATCH v1 2/8] powerpc/signal64: Untangle setup_tm_sigcontexts() and user_access_begin() · "Christophe Leroy (CS GROUP)" <chleroy@kernel.org> · 2026-05-22
Re: [PATCH v1 2/8] powerpc/signal64: Untangle setup_tm_sigcontexts() and user_access_begin() · "Christophe Leroy (CS GROUP)" <chleroy@kernel.org> · 2026-05-22
Re: [PATCH v1 2/8] powerpc/signal64: Untangle setup_tm_sigcontexts() and user_access_begin() · David Laight <hidden> · 2026-05-22
[PATCH v1 3/8] powerpc/signal64: Convert to scoped user access · "Christophe Leroy (CS GROUP)" <chleroy@kernel.org> · 2026-05-22
[PATCH v1 4/8] powerpc/signal64: Access function descriptor with scoped user access · "Christophe Leroy (CS GROUP)" <chleroy@kernel.org> · 2026-05-22
[PATCH v1 5/8] powerpc/signal: Include the new stack frame inside the user access block · "Christophe Leroy (CS GROUP)" <chleroy@kernel.org> · 2026-05-22
[PATCH v1 6/8] signal: Add unsafe_copy_siginfo_to_user() · "Christophe Leroy (CS GROUP)" <chleroy@kernel.org> · 2026-05-22
[PATCH v1 7/8] powerpc/uaccess: Add unsafe_clear_user() · "Christophe Leroy (CS GROUP)" <chleroy@kernel.org> · 2026-05-22
[PATCH v1 8/8] powerpc/signal: Use unsafe_copy_siginfo_to_user() · "Christophe Leroy (CS GROUP)" <chleroy@kernel.org> · 2026-05-22

From: "Christophe Leroy (CS GROUP)" <chleroy@kernel.org>
Date: 2026-05-22 09:56:49
Also in: lkml
Subsystem: linux for powerpc (32-bit and 64-bit), the rest · Maintainers: Madhavan Srinivasan, Michael Ellerman, Linus Torvalds

Access the function descriptor of the handler within a scoped
user access block.

Signed-off-by: Christophe Leroy (CS GROUP) <chleroy@kernel.org>
---
 arch/powerpc/kernel/signal_64.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/arch/powerpc/kernel/signal_64.c b/arch/powerpc/kernel/signal_64.c
index ee8166fd83dc..bf7fc579d572 100644
--- a/arch/powerpc/kernel/signal_64.c
+++ b/arch/powerpc/kernel/signal_64.c

@@ -928,8 +928,10 @@ int handle_rt_signal64(struct ksignal *ksig, sigset_t *set,
 		struct func_desc __user *ptr =
 			(struct func_desc __user *)ksig->ka.sa.sa_handler;
 
-		err |= get_user(regs->ctr, &ptr->addr);
-		err |= get_user(regs->gpr[2], &ptr->toc);
+		scoped_user_read_access(ptr, badfunc) {
+			unsafe_get_user(regs->ctr, &ptr->addr, badfunc);
+			unsafe_get_user(regs->gpr[2], &ptr->toc, badfunc);
+		}
 	}
 
 	/* enter the signal handler in native-endian mode */

@@ -952,5 +954,10 @@ int handle_rt_signal64(struct ksignal *ksig, sigset_t *set,
 badframe:
 	signal_fault(current, regs, "handle_rt_signal64", frame);
 
+	return 1;
+
+badfunc:
+	signal_fault(current, regs, __func__, (void __user *)ksig->ka.sa.sa_handler);
+
 	return 1;
 }

-- 
2.54.0

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help