8f66fce0f4
The completer in the "or,ev %r1,%r30,%r30" instruction is reversed, so we are not clipping the LWS number when we are called from a 32-bit process (W=0). We need to nulify the following depdi instruction when the least-significant bit of %r30 is 1. If the %r20 register is not clipped, a user process could perform a LWS call that would branch to an undefined location in the kernel and potentially crash the machine. Signed-off-by: John David Anglin <dave.anglin@bell.net> Cc: stable@vger.kernel.org # 4.19+ Signed-off-by: Helge Deller <deller@gmx.de> |
||
|---|---|---|
| .. | ||
| syscalls | ||
| .gitignore | ||
| Makefile | ||
| alternative.c | ||
| asm-offsets.c | ||
| audit.c | ||
| cache.c | ||
| compat_audit.c | ||
| drivers.c | ||
| entry.S | ||
| firmware.c | ||
| ftrace.c | ||
| hardware.c | ||
| head.S | ||
| hpmc.S | ||
| inventory.c | ||
| irq.c | ||
| jump_label.c | ||
| kexec.c | ||
| kexec_file.c | ||
| kgdb.c | ||
| kprobes.c | ||
| module.c | ||
| pa7300lc.c | ||
| pacache.S | ||
| parisc_ksyms.c | ||
| patch.c | ||
| pci-dma.c | ||
| pci.c | ||
| pdc_chassis.c | ||
| pdc_cons.c | ||
| pdt.c | ||
| perf.c | ||
| perf_asm.S | ||
| perf_images.h | ||
| process.c | ||
| processor.c | ||
| ptrace.c | ||
| real2.S | ||
| relocate_kernel.S | ||
| setup.c | ||
| signal.c | ||
| signal32.c | ||
| signal32.h | ||
| smp.c | ||
| stacktrace.c | ||
| sys_parisc.c | ||
| sys_parisc32.c | ||
| syscall.S | ||
| time.c | ||
| toc.c | ||
| toc_asm.S | ||
| topology.c | ||
| traps.c | ||
| unaligned.c | ||
| unwind.c | ||
| vmlinux.lds.S | ||