• Al Viro's avatar
    csky: don't let sigreturn play with priveleged bits of status register · fbd63c08
    Al Viro authored
    csky restore_sigcontext() blindly overwrites regs->sr with the value
    it finds in sigcontext.  Attacker can store whatever they want in there,
    which includes things like S-bit.  Userland shouldn't be able to set
    that, or anything other than C flag (bit 0).
    
    Do the same thing other architectures with protected bits in flags
    register do - preserve everything that shouldn't be settable in
    user mode, picking the rest from the value saved is sigcontext.
    Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
    Signed-off-by: default avatarGuo Ren <guoren@kernel.org>
    Cc: stable@vger.kernel.org
    fbd63c08
signal.c 6.23 KB