From d7587b1445c0087cfcaa03ceae79b52eef4e9e4b Mon Sep 17 00:00:00 2001
From: Paul Mundt <lethal@linux-sh.org>
Date: Fri, 11 Jan 2008 13:18:16 +0900
Subject: [PATCH] sh: Force __access_ok() to obey address space limit.
When the thread_info->addr_limit changes were introduced, __access_ok()
was missed in the conversion, allowing user processes to perform P1/P2
accesses under certain conditions.
This has already been corrected with the nommu refactoring in later
kernels.
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
---
include/asm-sh/uaccess.h | 42 ++++++++++++++--------------------------
1 file changed, 15 insertions(+), 27 deletions(-)
diff --git a/include/asm-sh/uaccess.h b/include/asm-sh/uaccess.h
index f18a1a5c95c0..77c391fa93d6 100644
--- a/include/asm-sh/uaccess.h
+++ b/include/asm-sh/uaccess.h
@@ -73,38 +73,26 @@ static inline int __access_ok(unsigned long addr, unsigned long size)
/*
* __access_ok: Check if address with size is OK or not.
*
- * We do three checks:
- * (1) is it user space?
- * (2) addr + size --> carry?
- * (3) addr + size >= 0x80000000 (PAGE_OFFSET)
+ * Uhhuh, this needs 33-bit arithmetic. We have a carry..
*
- * (1) (2) (3) | RESULT
- * 0 0 0 | ok
- * 0 0 1 | ok
- * 0 1 0 | bad
- * 0 1 1 | bad
- * 1 0 0 | ok
- * 1 0 1 | bad
- * 1 1 0 | bad
- * 1 1 1 | bad
+ * sum := addr + size; carry? --> flag = true;
+ * if (sum >= addr_limit) flag = true;
*/
static inline int __access_ok(unsigned long addr, unsigned long size)
{
- unsigned long flag, tmp;
-
- __asm__("stc r7_bank, %0\n\t"
- "mov.l @(8,%0), %0\n\t"
- "clrt\n\t"
- "addc %2, %1\n\t"
- "and %1, %0\n\t"
- "rotcl %0\n\t"
- "rotcl %0\n\t"
- "and #3, %0"
- : "=&z" (flag), "=r" (tmp)
- : "r" (addr), "1" (size)
- : "t");
-
+ unsigned long flag, sum;
+
+ __asm__("clrt\n\t"
+ "addc %3, %1\n\t"
+ "movt %0\n\t"
+ "cmp/hi %4, %1\n\t"
+ "rotcl %0"
+ :"=&r" (flag), "=r" (sum)
+ :"1" (addr), "r" (size),
+ "r" (current_thread_info()->addr_limit.seg)
+ :"t");
return flag == 0;
+
}
#endif /* CONFIG_MMU */
--
GitLab