sh: __copy_user function can corrupt the stack in case of exception
authorStuart MENEFY <stuart.menefy@st.com>
Fri, 10 Oct 2008 18:49:30 +0000 (19:49 +0100)
committerPaul Mundt <lethal@linux-sh.org>
Thu, 13 Nov 2008 08:40:30 +0000 (17:40 +0900)
commit5d52013cbb3d39bde9f5a6023193058eeb112e98
treee941d9e884132d72c002536955014a938d740906
parent2cd0ebc83d771220eeddec91fd6d4cfefc2cc46e
sh: __copy_user function can corrupt the stack in case of exception

The __copy_user function can corrupt the stack in the case of a
non-trivial length of data, and either of the first two move instructions
cause an exception. This is because the fixup for these two instructions
is mapped to the no_pop case, but these instructions execute after the
stack is pushed.

This change creates an explicit NO_POP exception mapping macro, and uses
it for the two instructions executed in the trivial case where no stack
pushes occur.

More information at ST Linux bugzilla:

https://bugzilla.stlinux.com/show_bug.cgi?id=4824

Signed-off-by: Dylan Reid <dylan_reid@bose.com>
Signed-off-by: Stuart Menefy <stuart.menefy@st.com>
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
arch/sh/lib/copy_page.S