From: Chen, Kenneth W <kenneth.w.chen@intel.com>
Date: Tue, 6 Sep 2005 23:05:23 +0000 (-0700)
Subject: [IA64] make exception handler in copy_user more robust
X-Git-Url: https://git.karo-electronics.de/?a=commitdiff_plain;h=295bd89279aad6959f0d363ee8e946d4766f9ad8;p=linux-beck.git

[IA64] make exception handler in copy_user more robust

The exception handler in copy user always expects fault occurs only on
user space address and the fall back recovery code is written with that
very assumption in mind.  Recent source code inspection revealed that
while it worked splendid and to the expectation under normal circumstances,
It broke down under unexpected condition where some address calculation
might go outside the legal address range the original copy_user was
called for.  This patch is to make copy_user exception handler more robust
and to prevent potential memory corruption.

Signed-off-by: Ken Chen <kenneth.w.chen@intel.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>
---

diff --git a/arch/ia64/lib/memcpy_mck.S b/arch/ia64/lib/memcpy_mck.S
index 6f308e62c137..46c9331e7ab5 100644
--- a/arch/ia64/lib/memcpy_mck.S
+++ b/arch/ia64/lib/memcpy_mck.S
@@ -625,8 +625,11 @@ EK(.ex_handler,  (p17)	st8	[dst1]=r39,8);						\
 	clrrrb
 	;;
 	alloc	saved_pfs_stack=ar.pfs,3,3,3,0
+	cmp.lt	p8,p0=A,r0
 	sub	B = dst0, saved_in0	// how many byte copied so far
 	;;
+(p8)	mov	A = 0;			// A shouldn't be negative, cap it
+	;;
 	sub	C = A, B
 	sub	D = saved_in2, A
 	;;