On 07/21/2016 06:13 AM, linux-mips@xxxxxxxxxxxxxx wrote: > Author: Petar Jovanovic <petar.jovanovic@xxxxxxxxx> Wed Jul 13 15:23:37 2016 +0200 > Comitter: Ralf Baechle <ralf@xxxxxxxxxxxxxx> Thu Jul 21 14:22:07 2016 +0200 > Commit: 1cb2fcc8cd1bd32cca6ce4b76bb9cc36ef5fc76d > Gitweb: https://git.linux-mips.org/g/ralf/linux/1cb2fcc8cd1b > Branch: linux-3.3-stable > > find_vma() returns the first VMA which satisfies fault_addr < vm_end, but > it does not guarantee fault_addr is actually within VMA. Therefore, kernel > has to check that before it chooses correct si code on return. > > Signed-off-by: Petar Jovanovic <petar.jovanovic@xxxxxxxxx> > Cc: linux-mips@xxxxxxxxxxxxxx > Patchwork: https://patchwork.linux-mips.org/patch/13808/ > Signed-off-by: Ralf Baechle <ralf@xxxxxxxxxxxxxx> > (cherry picked from commit abe687d221b4e9fd564d5db76f5847636dae6c2e) > > --- > > arch/mips/kernel/traps.c | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/arch/mips/kernel/traps.c b/arch/mips/kernel/traps.c > index 0bb48ee..4870e02 100644 > --- a/arch/mips/kernel/traps.c > +++ b/arch/mips/kernel/traps.c > @@ -673,13 +673,16 @@ asmlinkage void do_ov(struct pt_regs *regs) > > static int process_fpemu_return(int sig, void __user *fault_addr) > { > + struct vm_area_struct *vma; > + > if (sig == SIGSEGV || sig == SIGBUS) { > struct siginfo si = {0}; > si.si_addr = fault_addr; > si.si_signo = sig; > if (sig == SIGSEGV) { > down_read(¤t->mm->mmap_sem); > - if (find_vma(current->mm, (unsigned long)fault_addr)) > + find_vma(current->mm, (unsigned long)fault_addr); Are not we missing a vma = find_vma() assignment here? linux-4.0-stable seems to be the first branch where this cherry-pick failed and all the way down to linux-2.6.16-stable branches... > + if (vma && (vma->vm_start <= (unsigned long)fault_addr)) > si.si_code = SEGV_ACCERR; > else > si.si_code = SEGV_MAPERR; > -- Florian
