mirror of
https://github.com/edk2-porting/linux-next.git
synced 2025-01-16 09:34:22 +08:00
parisc: Correct completer in lws start
The completer in the "or,ev %r1,%r30,%r30" instruction is reversed, so we are not clipping the LWS number when we are called from a 32-bit process (W=0). We need to nulify the following depdi instruction when the least-significant bit of %r30 is 1. If the %r20 register is not clipped, a user process could perform a LWS call that would branch to an undefined location in the kernel and potentially crash the machine. Signed-off-by: John David Anglin <dave.anglin@bell.net> Cc: stable@vger.kernel.org # 4.19+ Signed-off-by: Helge Deller <deller@gmx.de>
This commit is contained in:
parent
484730e586
commit
8f66fce0f4
@ -472,7 +472,7 @@ lws_start:
|
||||
extrd,u %r1,PSW_W_BIT,1,%r1
|
||||
/* sp must be aligned on 4, so deposit the W bit setting into
|
||||
* the bottom of sp temporarily */
|
||||
or,ev %r1,%r30,%r30
|
||||
or,od %r1,%r30,%r30
|
||||
|
||||
/* Clip LWS number to a 32-bit value for 32-bit processes */
|
||||
depdi 0, 31, 32, %r20
|
||||
|
Loading…
Reference in New Issue
Block a user