diff options
author | Martin Schwidefsky <schwidefsky@de.ibm.com> | 2006-11-03 15:43:36 +0100 |
---|---|---|
committer | Chris Wright <chrisw@sous-sol.org> | 2006-11-18 19:27:57 -0800 |
commit | 6d2654aef9d0af26ac75e1f13bf27d7c0a2c8a5a (patch) | |
tree | b5a25c2a44dc722de26bd1cd9621db70643ce9d1 /arch | |
parent | b4d854665eafe32b48e0eecadb91a73f6eea0055 (diff) |
[PATCH] S390: user readable uninitialised kernel memory, take 2.
The previous patch to correct the copy_from_user padding is quite
broken. The execute instruction needs to be done via the register %r4,
not via %r2 and 31 bit doesn't know the instructions lgr and ahji.
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Diffstat (limited to 'arch')
-rw-r--r-- | arch/s390/lib/uaccess.S | 10 | ||||
-rw-r--r-- | arch/s390/lib/uaccess64.S | 2 |
2 files changed, 6 insertions, 6 deletions
diff --git a/arch/s390/lib/uaccess.S b/arch/s390/lib/uaccess.S index 3f5511dd2bc4..90443e742fc7 100644 --- a/arch/s390/lib/uaccess.S +++ b/arch/s390/lib/uaccess.S @@ -41,15 +41,15 @@ __copy_from_user_asm: 5: mvcp 0(%r5,%r2),0(%r4),%r0 slr %r3,%r5 alr %r2,%r5 -6: lgr %r5,%r3 # copy remaining size +6: lr %r5,%r3 # copy remaining size ahi %r5,-1 # subtract 1 for xc loop bras %r4,8f - xc 0(1,%2),0(%2) -7: xc 0(256,%2),0(%2) + xc 0(1,%r2),0(%r2) +7: xc 0(256,%r2),0(%r2) la %r2,256(%r2) -8: ahji %r5,-256 +8: ahi %r5,-256 jnm 7b - ex %r5,0(%r2) + ex %r5,0(%r4) 9: lr %r2,%r3 br %r14 .section __ex_table,"a" diff --git a/arch/s390/lib/uaccess64.S b/arch/s390/lib/uaccess64.S index 9376df013e9c..2d42c7e8c368 100644 --- a/arch/s390/lib/uaccess64.S +++ b/arch/s390/lib/uaccess64.S @@ -49,7 +49,7 @@ __copy_from_user_asm: la %r2,256(%r2) 8: aghi %r5,-256 jnm 7b - ex %r5,0(%r2) + ex %r5,0(%r4) 9: lgr %r2,%r3 br %r14 .section __ex_table,"a" |