10 years ago · f01cae4e1a
--- a/arch/sparc/include/asm/uaccess_64.h
+++ b/arch/sparc/include/asm/uaccess_64.h
@@ -49,6 +49,28 @@ do {										\
 
				 	__asm__ __volatile__ ("wr %%g0, %0, %%asi" : : "r" ((val).seg));	\
			
 
				 } while(0)
			
 
				 
			
 
				+/*
			
 
				+ * Test whether a block of memory is a valid user space address.
			
 
				+ * Returns 0 if the range is valid, nonzero otherwise.
			
 
				+ */
			
 
				+static inline bool __chk_range_not_ok(unsigned long addr, unsigned long size, unsigned long limit)
			
 
				+{
			
 
				+	if (__builtin_constant_p(size))
			
 
				+		return addr > limit - size;
			
 
				+
			
 
				+	addr += size;
			
 
				+	if (addr < size)
			
 
				+		return true;
			
 
				+
			
 
				+	return addr > limit;
			
 
				+}
			
 
				+
			
 
				+#define __range_not_ok(addr, size, limit)                               \
			
 
				+({                                                                      \
			
 
				+	__chk_user_ptr(addr);                                           \
			
 
				+	__chk_range_not_ok((unsigned long __force)(addr), size, limit); \
			
 
				+})
			
 
				+
			
 
				 static inline int __access_ok(const void __user * addr, unsigned long size)
			
 
				 {
			
 
				 	return 1;
			
--- a/arch/sparc/kernel/perf_event.c
+++ b/arch/sparc/kernel/perf_event.c
@@ -21,7 +21,7 @@
 
				 
			
 
				 #include <asm/stacktrace.h>
			
 
				 #include <asm/cpudata.h>
			
 
				-#include <asm/uaccess.h>
			
 
				+#include <linux/uaccess.h>
			
 
				 #include <linux/atomic.h>
			
 
				 #include <asm/nmi.h>
			
 
				 #include <asm/pcr.h>
			
@@ -1741,18 +1741,31 @@ void perf_callchain_kernel(struct perf_callchain_entry *entry,
 
				 	} while (entry->nr < PERF_MAX_STACK_DEPTH);
			
 
				 }
			
 
				 
			
 
				+static inline int
			
 
				+valid_user_frame(const void __user *fp, unsigned long size)
			
 
				+{
			
 
				+	/* addresses should be at least 4-byte aligned */
			
 
				+	if (((unsigned long) fp) & 3)
			
 
				+		return 0;
			
 
				+
			
 
				+	return (__range_not_ok(fp, size, TASK_SIZE) == 0);
			
 
				+}
			
 
				+
			
 
				 static void perf_callchain_user_64(struct perf_callchain_entry *entry,
			
 
				 				   struct pt_regs *regs)
			
 
				 {
			
 
				 	unsigned long ufp;
			
 
				 
			
 
				-	ufp = regs->u_regs[UREG_I6] + STACK_BIAS;
			
 
				+	ufp = regs->u_regs[UREG_FP] + STACK_BIAS;
			
 
				 	do {
			
 
				 		struct sparc_stackf __user *usf;
			
 
				 		struct sparc_stackf sf;
			
 
				 		unsigned long pc;
			
 
				 
			
 
				 		usf = (struct sparc_stackf __user *)ufp;
			
 
				+		if (!valid_user_frame(usf, sizeof(sf)))
			
 
				+			break;
			
 
				+
			
 
				 		if (__copy_from_user_inatomic(&sf, usf, sizeof(sf)))
			
 
				 			break;
			
 
				 
			
@@ -1767,7 +1780,7 @@ static void perf_callchain_user_32(struct perf_callchain_entry *entry,
 
				 {
			
 
				 	unsigned long ufp;
			
 
				 
			
 
				-	ufp = regs->u_regs[UREG_I6] & 0xffffffffUL;
			
 
				+	ufp = regs->u_regs[UREG_FP] & 0xffffffffUL;
			
 
				 	do {
			
 
				 		unsigned long pc;
			
 
				 
			
@@ -1803,8 +1816,13 @@ perf_callchain_user(struct perf_callchain_entry *entry, struct pt_regs *regs)
 
				 		return;
			
 
				 
			
 
				 	flushw_user();
			
 
				+
			
 
				+	pagefault_disable();
			
 
				+
			
 
				 	if (test_thread_flag(TIF_32BIT))
			
 
				 		perf_callchain_user_32(entry, regs);
			
 
				 	else
			
 
				 		perf_callchain_user_64(entry, regs);
			
 
				+
			
 
				+	pagefault_enable();
			
 
				 }
			
--- a/arch/sparc/mm/fault_64.c
+++ b/arch/sparc/mm/fault_64.c
@@ -413,8 +413,9 @@ good_area:
 
				 	 * that here.
			
 
				 	 */
			
 
				 	if ((fault_code & FAULT_CODE_ITLB) && !(vma->vm_flags & VM_EXEC)) {
			
 
				-		BUG_ON(address != regs->tpc);
			
 
				-		BUG_ON(regs->tstate & TSTATE_PRIV);
			
 
				+		WARN(address != regs->tpc,
			
 
				+		     "address (%lx) != regs->tpc (%lx)\n", address, regs->tpc);
			
 
				+		WARN_ON(regs->tstate & TSTATE_PRIV);
			
 
				 		goto bad_area;
			
 
				 	}