• Al Viro's avatar
    [PARISC] fix user-triggerable panic on parisc · 441a179d
    Al Viro authored
    int sys32_rt_sigprocmask(int how, compat_sigset_t __user *set, compat_sigset_t __user *oset,
                                        unsigned int sigsetsize)
    {
            sigset_t old_set, new_set;
            int ret;
    
            if (set && get_sigset32(set, &new_set, sigsetsize))
    
    ...
    static int
    get_sigset32(compat_sigset_t __user *up, sigset_t *set, size_t sz)
    {
            compat_sigset_t s;
            int r;
    
            if (sz != sizeof *set) panic("put_sigset32()");
    
    In other words, rt_sigprocmask(69, (void *)69, 69) done by 32bit process
    will promptly panic the box.
    Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
    Cc: <stable@vger.kernel.org>
    Signed-off-by: default avatarJames Bottomley <JBottomley@Parallels.com>
    441a179d
signal32.c 16.3 KB