Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / kernel / msm / 5f4ad04a1e805d14de080ff9d5384b4d20518a9a
commit5f4ad04a1e805d14de080ff9d5384b4d20518a9a[log] [tgz]
authorAl Viro <viro@ftp.linux.org.uk>Mon Sep 20 15:13:09 2010 +0100
committerLinus Torvalds <torvalds@linux-foundation.org>Mon Sep 20 10:44:37 2010 -0700
tree63252b79b48b7dfd29d9a8081a34c858dab1de74
parent20cd514d0f3d288d968217028ca67b70e707d896 [diff]
frv: fix address verification holes in setup_frame/setup_rt_frame

a) sa_handler might be maliciously set to point to kernel memory;
   blindly dereferencing it in FDPIC case is a Bad Idea(tm).

b) I'm not sure you need that set_fs(USER_DS) there at all, but if you
   do, you'd better do it *before* checking the frame you've decided to
   use with access_ok(), lest sigaltstack() becomes a convenient
   roothole.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
1 file changed
tree: 63252b79b48b7dfd29d9a8081a34c858dab1de74
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. MAINTAINERS
  28. Makefile
  29. README
  30. REPORTING-BUGS