diff options
| author | Kevin Hilman <khilman@linaro.org> | 2015-05-22 14:58:31 -0700 |
|---|---|---|
| committer | Kevin Hilman <khilman@linaro.org> | 2015-05-22 14:58:31 -0700 |
| commit | 0c94ab754b26e23ecdd6ddb1607c7a3e3f0f27fc (patch) | |
| tree | 3b7a294fef62f9e8196581807c70425c02bc780a /arch | |
| parent | a524c44bc75336d0b9d9b45ceb30e19354ff780e (diff) | |
| parent | c629522ee8c9983fbd7e572e10041e0a96904d15 (diff) | |
Merge tag 'v3.14.42' of git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable into linux-linaro-lsk-v3.14lsk-v3.14-15.05
This is the 3.14.42 stable release
* tag 'v3.14.42' of git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable: (26 commits)
Linux 3.14.42
ARC: signal handling robustify
UBI: fix soft lockup in ubi_check_volume()
compal-laptop: Fix leaking hwmon device
Drivers: hv: vmbus: Don't wait after requesting offers
staging: panel: fix lcd type
usb: gadget: printer: enqueue printer's response for setup request
usb: host: ehci: use new USB_RESUME_TIMEOUT
usb: host: oxu210hp: use new USB_RESUME_TIMEOUT
usb: musb: use new USB_RESUME_TIMEOUT
drm/radeon: add SI DPM quirk for Sapphire R9 270 Dual-X 2G GDDR5
3w-sas: fix command completion race
3w-9xxx: fix command completion race
3w-xxxx: fix command completion race
ext4: fix data corruption caused by unwritten and delayed extents
rbd: end I/O the entire obj_request on error
tty/serial: at91: maxburst was missing for dma transfers
ASoC: dapm: Enable autodisable on SOC_DAPM_SINGLE_TLV_AUTODISABLE
serial: of-serial: Remove device_type = "serial" registration
ALSA: hda - Add mute-LED mode control to Thinkpad
...
Diffstat (limited to 'arch')
| -rw-r--r-- | arch/arc/kernel/signal.c | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/arch/arc/kernel/signal.c b/arch/arc/kernel/signal.c index d68b410595c8..a0c63fc48457 100644 --- a/arch/arc/kernel/signal.c +++ b/arch/arc/kernel/signal.c @@ -131,6 +131,15 @@ SYSCALL_DEFINE0(rt_sigreturn) /* Don't restart from sigreturn */ syscall_wont_restart(regs); + /* + * Ensure that sigreturn always returns to user mode (in case the + * regs saved on user stack got fudged between save and sigreturn) + * Otherwise it is easy to panic the kernel with a custom + * signal handler and/or restorer which clobberes the status32/ret + * to return to a bogus location in kernel mode. + */ + regs->status32 |= STATUS_U_MASK; + return regs->r0; badframe: @@ -234,8 +243,11 @@ setup_rt_frame(int signo, struct k_sigaction *ka, siginfo_t *info, /* * handler returns using sigreturn stub provided already by userpsace + * If not, nuke the process right away */ - BUG_ON(!(ka->sa.sa_flags & SA_RESTORER)); + if(!(ka->sa.sa_flags & SA_RESTORER)) + return 1; + regs->blink = (unsigned long)ka->sa.sa_restorer; /* User Stack for signal handler will be above the frame just carved */ @@ -302,12 +314,12 @@ handle_signal(unsigned long sig, struct k_sigaction *ka, siginfo_t *info, struct pt_regs *regs) { sigset_t *oldset = sigmask_to_save(); - int ret; + int failed; /* Set up the stack frame */ - ret = setup_rt_frame(sig, ka, info, oldset, regs); + failed = setup_rt_frame(sig, ka, info, oldset, regs); - if (ret) + if (failed) force_sigsegv(sig, current); else signal_delivered(sig, info, ka, regs, 0); |