MIPS: traps: return correct si code for accessing nonmapped addresses

find_vma() returns the first VMA which satisfies fault_addr < vm_end, but
it does not guarantee fault_addr is actually within VMA. Therefore, kernel
has to check that before it chooses correct si code on return.

Signed-off-by: Petar Jovanovic <petar.jovanovic@rt-rk.com>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/13808/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>

diff --git a/arch/mips/kernel/traps.c b/arch/mips/kernel/traps.c
index 4a1712b5abdff6a2d3f3548901a479a05cb250ea..b7b50d5caaf877d117d055aac6f63524d299d9b1 100644 (file)
--- a/arch/mips/kernel/traps.c
+++ b/arch/mips/kernel/traps.c
@@ -704,6 +704,7 @@ asmlinkage void do_ov(struct pt_regs *regs)
 int process_fpemu_return(int sig, void __user *fault_addr, unsigned long fcr31)
 {
        struct siginfo si = { 0 };
+       struct vm_area_struct *vma;
 
        switch (sig) {
        case 0:
@@ -744,7 +745,8 @@ int process_fpemu_return(int sig, void __user *fault_addr, unsigned long fcr31)
                si.si_addr = fault_addr;
                si.si_signo = sig;
                down_read(&current->mm->mmap_sem);
-               if (find_vma(current->mm, (unsigned long)fault_addr))
+               vma = find_vma(current->mm, (unsigned long)fault_addr);
+               if (vma && (vma->vm_start <= (unsigned long)fault_addr))
                        si.si_code = SEGV_ACCERR;
                else
                        si.si_code = SEGV_MAPERR;