patch-2.1.20 linux/arch/i386/kernel/signal.c

• Lines: 85
• Date: Wed Jan 1 16:38:43 1997
• Orig file: v2.1.19/linux/arch/i386/kernel/signal.c
• Orig date: Thu Dec 12 19:36:58 1996

diff -u --recursive --new-file v2.1.19/linux/arch/i386/kernel/signal.c linux/arch/i386/kernel/signal.c
@@ -181,50 +181,56 @@
 	if ((regs->xss & 0xffff) != USER_DS && sa->sa_restorer)
 		frame = (unsigned long *) sa->sa_restorer;
 	frame -= 64;
-	if (verify_area(VERIFY_WRITE,frame,64*4))
+	if (!access_ok(VERIFY_WRITE,frame,64*4))
 		do_exit(SIGSEGV);
 
 /* set up the "normal" stack seen by the signal handler (iBCS2) */
 #define __CODE ((unsigned long)(frame+24))
 #define CODE(x) ((unsigned long *) ((x)+__CODE))
-	if (put_user(__CODE,frame))
+	
+    /* XXX Can possible miss a SIGSEGV when frame crosses a page border
+       and a thread unmaps it while we are accessing it. 
+       So either check all put_user() calls or don't do it at all.  
+       We use __put_user() here because the access_ok() call was already
+       done earlier. */  
+	if (__put_user(__CODE,frame))
 		do_exit(SIGSEGV);
 	if (current->exec_domain && current->exec_domain->signal_invmap)
-		put_user(current->exec_domain->signal_invmap[signr], frame+1);
+		__put_user(current->exec_domain->signal_invmap[signr], frame+1);
 	else
-		put_user(signr, frame+1);
+		__put_user(signr, frame+1);
 	{
 		unsigned int tmp = 0;
 #define PUT_SEG(seg, mem) \
-__asm__("mov %%" #seg",%w0":"=r" (tmp):"0" (tmp)); put_user(tmp,mem);
+__asm__("mov %%" #seg",%w0":"=r" (tmp):"0" (tmp)); __put_user(tmp,mem);
 		PUT_SEG(gs, frame+2);
 		PUT_SEG(fs, frame+3);
 	}
-	put_user(regs->xes, frame+4);
-	put_user(regs->xds, frame+5);
-	put_user(regs->edi, frame+6);
-	put_user(regs->esi, frame+7);
-	put_user(regs->ebp, frame+8);
-	put_user(regs->esp, frame+9);
-	put_user(regs->ebx, frame+10);
-	put_user(regs->edx, frame+11);
-	put_user(regs->ecx, frame+12);
-	put_user(regs->eax, frame+13);
-	put_user(current->tss.trap_no, frame+14);
-	put_user(current->tss.error_code, frame+15);
-	put_user(regs->eip, frame+16);
-	put_user(regs->xcs, frame+17);
-	put_user(regs->eflags, frame+18);
-	put_user(regs->esp, frame+19);
-	put_user(regs->xss, frame+20);
-	put_user((unsigned long) save_i387((struct _fpstate *)(frame+32)),frame+21);
+	__put_user(regs->xes, frame+4);
+	__put_user(regs->xds, frame+5);
+	__put_user(regs->edi, frame+6);
+	__put_user(regs->esi, frame+7);
+	__put_user(regs->ebp, frame+8);
+	__put_user(regs->esp, frame+9);
+	__put_user(regs->ebx, frame+10);
+	__put_user(regs->edx, frame+11);
+	__put_user(regs->ecx, frame+12);
+	__put_user(regs->eax, frame+13);
+	__put_user(current->tss.trap_no, frame+14);
+	__put_user(current->tss.error_code, frame+15);
+	__put_user(regs->eip, frame+16);
+	__put_user(regs->xcs, frame+17);
+	__put_user(regs->eflags, frame+18);
+	__put_user(regs->esp, frame+19);
+	__put_user(regs->xss, frame+20);
+	__put_user((unsigned long) save_i387((struct _fpstate *)(frame+32)),frame+21);
 /* non-iBCS2 extensions.. */
-	put_user(oldmask, frame+22);
-	put_user(current->tss.cr2, frame+23);
+	__put_user(oldmask, frame+22);
+	__put_user(current->tss.cr2, frame+23);
 /* set up the return code... */
-	put_user(0x0000b858, CODE(0));	/* popl %eax ; movl $,%eax */
-	put_user(0x80cd0000, CODE(4));	/* int $0x80 */
-	put_user(__NR_sigreturn, CODE(2));
+	__put_user(0x0000b858, CODE(0));	/* popl %eax ; movl $,%eax */
+	__put_user(0x80cd0000, CODE(4));	/* int $0x80 */
+	__put_user(__NR_sigreturn, CODE(2));
 #undef __CODE
 #undef CODE