Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755769AbcCAX4E (ORCPT ); Tue, 1 Mar 2016 18:56:04 -0500 Received: from mail333.us4.mandrillapp.com ([205.201.137.77]:48096 "EHLO mail333.us4.mandrillapp.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755746AbcCAX4A (ORCPT ); Tue, 1 Mar 2016 18:56:00 -0500 DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=mandrill; d=linuxfoundation.org; b=mq3K2aXe5eQ6x7TSpPopbjk2Ycz16w14OD4TifbYJvMWIdzoNfsb3B6f2sR1BmmCSgScSyS4tSRT JAsMdUAeIKj+EBiJ1m1JiVqA6j3andp8NPNXF5ljLgllLra2Fb2jotQnKVqy+XgERIplolgz+K3z cA3RneE9Y1SQO90zf1s=; From: Greg Kroah-Hartman Subject: [PATCH 4.4 099/342] s390/compat: correct restore of high gprs on signal return X-Mailer: git-send-email 2.7.2 To: Cc: Greg Kroah-Hartman , , Martin Schwidefsky Message-Id: <20160301234531.177113873@linuxfoundation.org> In-Reply-To: <20160301234527.990448862@linuxfoundation.org> References: <20160301234527.990448862@linuxfoundation.org> X-Report-Abuse: Please forward a copy of this message, including all headers, to abuse@mandrill.com X-Report-Abuse: You can also report abuse here: http://mandrillapp.com/contact/abuse?id=30481620.14b50bb83f884e688a31a4c04b288355 X-Mandrill-User: md_30481620 Date: Tue, 01 Mar 2016 23:54:16 +0000 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1423 Lines: 37 4.4-stable review patch. If anyone has any objections, please let me know. ------------------ From: Martin Schwidefsky commit 342300cc9cd3428bc6bfe5809bfcc1b9a0f06702 upstream. git commit 8070361799ae1e3f4ef347bd10f0a508ac10acfb "s390: add support for vector extension" broke 31-bit compat processes in regard to signal handling. The restore_sigregs_ext32() function is used to restore the additional elements from the user space signal frame. Among the additional elements are the upper registers halves for 64-bit register support for 31-bit processes. The copy_from_user that is used to retrieve the high-gprs array from the user stack uses an incorrect length, 8 bytes instead of 64 bytes. This causes incorrect upper register halves to get loaded. Signed-off-by: Martin Schwidefsky Signed-off-by: Greg Kroah-Hartman --- arch/s390/kernel/compat_signal.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/arch/s390/kernel/compat_signal.c +++ b/arch/s390/kernel/compat_signal.c @@ -271,7 +271,7 @@ static int restore_sigregs_ext32(struct /* Restore high gprs from signal stack */ if (__copy_from_user(&gprs_high, &sregs_ext->gprs_high, - sizeof(&sregs_ext->gprs_high))) + sizeof(sregs_ext->gprs_high))) return -EFAULT; for (i = 0; i < NUM_GPRS; i++) *(__u32 *)®s->gprs[i] = gprs_high[i];