Merge rsync://rsync.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6

author: Greg KH <greg@press.(none)> 2005-06-29 22:54:31 -0700
committer: Greg Kroah-Hartman <gregkh@suse.de> 2005-06-29 22:54:31 -0700
commit: bf164c790deb79b18faf304b0763e44a02c79f90 (patch)
tree: 8fedcdce1f65aa6bc98fea0da6227d3fc0fc51fd /arch/ia64/kernel/ptrace.c
parent: d62c0f9fd2d3943a3eca85b490d86e1605000ccb (diff)
parent: 9b4311eedb17fa88f02e4876cd6aa9a08e383cd6 (diff)
1 files changed, 21 insertions, 1 deletions
diff --git a/arch/ia64/kernel/ptrace.c b/arch/ia64/kernel/ptrace.c
index 6d57aebad48..bbb8bc7c055 100644
--- a/arch/ia64/kernel/ptrace.c
+++ b/arch/ia64/kernel/ptrace.c
@@ -725,12 +725,32 @@ convert_to_non_syscall (struct task_struct *child, struct pt_regs  *pt,
 			break;
 	}
 
+	/*
+	 * Note: at the time of this call, the target task is blocked
+	 * in notify_resume_user() and by clearling PRED_LEAVE_SYSCALL
+	 * (aka, "pLvSys") we redirect execution from
+	 * .work_pending_syscall_end to .work_processed_kernel.
+	 */
 	unw_get_pr(&prev_info, &pr);
-	pr &= ~(1UL << PRED_SYSCALL);
+	pr &= ~((1UL << PRED_SYSCALL) | (1UL << PRED_LEAVE_SYSCALL));
 	pr |=  (1UL << PRED_NON_SYSCALL);
 	unw_set_pr(&prev_info, pr);
 
 	pt->cr_ifs = (1UL << 63) | cfm;
+	/*
+	 * Clear the memory that is NOT written on syscall-entry to
+	 * ensure we do not leak kernel-state to user when execution
+	 * resumes.
+	 */
+	pt->r2 = 0;
+	pt->r3 = 0;
+	pt->r14 = 0;
+	memset(&pt->r16, 0, 16*8);	/* clear r16-r31 */
+	memset(&pt->f6, 0, 6*16);	/* clear f6-f11 */
+	pt->b7 = 0;
+	pt->ar_ccv = 0;
+	pt->ar_csd = 0;
+	pt->ar_ssd = 0;
 }
 
 static int
author	Greg KH <greg@press.(none)>	2005-06-29 22:54:31 -0700
committer	Greg Kroah-Hartman <gregkh@suse.de>	2005-06-29 22:54:31 -0700
commit	bf164c790deb79b18faf304b0763e44a02c79f90 (patch)
tree	8fedcdce1f65aa6bc98fea0da6227d3fc0fc51fd /arch/ia64/kernel/ptrace.c
parent	d62c0f9fd2d3943a3eca85b490d86e1605000ccb (diff)
parent	9b4311eedb17fa88f02e4876cd6aa9a08e383cd6 (diff)