Commit e43358c5 authored by David S. Miller's avatar David S. Miller Committed by Greg Kroah-Hartman

Fix sys_ipc() SEMCTL on sparc64.

changeset 6536a6b331d3225921c398eb7c6e4ecedb9b05e0 from mainline

Thanks to Tom Callaway for the excellent bug report and
test case.

sys_ipc() has several problems, most to due with semaphore
call handling:

1) 'err' return should be a 'long'
2) "union semun" is passed in a register on 64-bit compared
   to 32-bit which provides it on the stack and therefore
   by reference
3) Second and third arguments to SEMCTL are swapped compared
   to 32-bit.
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
parent 791333ba
......@@ -436,7 +436,7 @@ asmlinkage long sparc_pipe(struct pt_regs *regs)
asmlinkage long sys_ipc(unsigned int call, int first, unsigned long second,
unsigned long third, void __user *ptr, long fifth)
{
int err;
long err;
/* No need for backward compatibility. We can start fresh... */
if (call <= SEMCTL) {
......@@ -453,16 +453,9 @@ asmlinkage long sys_ipc(unsigned int call, int first, unsigned long second,
err = sys_semget(first, (int)second, (int)third);
goto out;
case SEMCTL: {
union semun fourth;
err = -EINVAL;
if (!ptr)
goto out;
err = -EFAULT;
if (get_user(fourth.__pad,
(void __user * __user *) ptr))
goto out;
err = sys_semctl(first, (int)second | IPC_64,
(int)third, fourth);
err = sys_semctl(first, third,
(int)second | IPC_64,
(union semun) ptr);
goto out;
}
default:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment