diff options
author | Martin Schwidefsky <schwidefsky@de.ibm.com> | 2006-11-05 08:03:01 +0100 |
---|---|---|
committer | Adrian Bunk <bunk@stusta.de> | 2006-11-05 08:03:01 +0100 |
commit | e77b34960d3e48f4e5d4aa2cdb737f618d3834b7 (patch) | |
tree | aaf918c91b1b2ce526bedd313d37ed2951f980c9 | |
parent | dfa2e9e76edadc584a0da6966aa081527dad1372 (diff) |
[S390] fix user readable uninitialised kernel memory, take 2.
The previous patch to correct the copy_from_user padding is quite
broken. The execute instruction needs to be done via the register %r4,
not via %r2 and 31 bit doesn't know the instructions lgr and ahji.
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
-rw-r--r-- | arch/s390/lib/uaccess.S | 10 | ||||
-rw-r--r-- | arch/s390/lib/uaccess64.S | 2 |
2 files changed, 6 insertions, 6 deletions
diff --git a/arch/s390/lib/uaccess.S b/arch/s390/lib/uaccess.S index d4c218c2b65..0028a5461ca 100644 --- a/arch/s390/lib/uaccess.S +++ b/arch/s390/lib/uaccess.S @@ -41,15 +41,15 @@ __copy_from_user_asm: 5: mvcp 0(%r5,%r2),0(%r4),%r0 slr %r3,%r5 alr %r2,%r5 -6: lgr %r5,%r3 # copy remaining size +6: lr %r5,%r3 # copy remaining size ahi %r5,-1 # subtract 1 for xc loop bras %r4,8f - xc 0(1,%2),0(%2) -7: xc 0(256,%2),0(%2) + xc 0(1,%r2),0(%r2) +7: xc 0(256,%r2),0(%r2) la %r2,256(%r2) -8: ahji %r5,-256 +8: ahi %r5,-256 jnm 7b - ex %r5,0(%r2) + ex %r5,0(%r4) 9: lr %r2,%r3 br %r14 .section __ex_table,"a" diff --git a/arch/s390/lib/uaccess64.S b/arch/s390/lib/uaccess64.S index 9811e8a2fc8..7fbe36311cd 100644 --- a/arch/s390/lib/uaccess64.S +++ b/arch/s390/lib/uaccess64.S @@ -49,7 +49,7 @@ __copy_from_user_asm: la %r2,256(%r2) 8: aghi %r5,-256 jnm 7b - ex %r5,0(%r2) + ex %r5,0(%r4) 9: lgr %r2,%r3 br %r14 .section __ex_table,"a" |