2df7a7d1cd
The bug was accidentally found by the following program:
#include <asm/sysinfo.h>
#include <asm/unistd.h>
#include <sys/syscall.h>
static int setsysinfo(unsigned long op, void *buffer, unsigned long size,
int *start, void *arg, unsigned long flag) {
return syscall(__NR_osf_setsysinfo, op, buffer, size, start, arg, flag);
}
int main(int argc, char **argv) {
short x[10];
unsigned int buf[2] = { SSIN_UACPROC, UAC_SIGBUS, };
setsysinfo(SSI_NVPAIRS, buf, 1, 0, 0, 0);
int *y = (int*) (x+1);
*y = 0;
return 0;
}
The program shoud fail on SIGBUS, but didn't.
The patch is a second part of userspace flag fix (commit
|
||
---|---|---|
.. | ||
a.out-core.h | ||
a.out.h | ||
agp_backend.h | ||
agp.h | ||
asm-offsets.h | ||
atomic.h | ||
auxvec.h | ||
barrier.h | ||
bitops.h | ||
bitsperlong.h | ||
bug.h | ||
bugs.h | ||
byteorder.h | ||
cache.h | ||
cacheflush.h | ||
checksum.h | ||
compiler.h | ||
console.h | ||
core_apecs.h | ||
core_cia.h | ||
core_irongate.h | ||
core_lca.h | ||
core_marvel.h | ||
core_mcpcia.h | ||
core_polaris.h | ||
core_t2.h | ||
core_titan.h | ||
core_tsunami.h | ||
core_wildfire.h | ||
cputime.h | ||
current.h | ||
delay.h | ||
device.h | ||
div64.h | ||
dma-mapping.h | ||
dma.h | ||
elf.h | ||
emergency-restart.h | ||
err_common.h | ||
err_ev6.h | ||
err_ev7.h | ||
errno.h | ||
fb.h | ||
fcntl.h | ||
floppy.h | ||
fpu.h | ||
ftrace.h | ||
futex.h | ||
gct.h | ||
gentrap.h | ||
gpio.h | ||
hardirq.h | ||
hw_irq.h | ||
hwrpb.h | ||
io_trivial.h | ||
io.h | ||
ioctl.h | ||
ioctls.h | ||
ipcbuf.h | ||
irq_regs.h | ||
irq.h | ||
irqflags.h | ||
jensen.h | ||
Kbuild | ||
kdebug.h | ||
kmap_types.h | ||
linkage.h | ||
local64.h | ||
local.h | ||
machvec.h | ||
mc146818rtc.h | ||
mman.h | ||
mmu_context.h | ||
mmu.h | ||
mmzone.h | ||
module.h | ||
msgbuf.h | ||
mutex.h | ||
page.h | ||
pal.h | ||
param.h | ||
parport.h | ||
pci.h | ||
percpu.h | ||
perf_event.h | ||
pgalloc.h | ||
pgtable.h | ||
poll.h | ||
posix_types.h | ||
processor.h | ||
ptrace.h | ||
reg.h | ||
regdef.h | ||
resource.h | ||
rtc.h | ||
rwsem.h | ||
scatterlist.h | ||
sections.h | ||
segment.h | ||
sembuf.h | ||
serial.h | ||
setup.h | ||
sfp-machine.h | ||
shmbuf.h | ||
shmparam.h | ||
sigcontext.h | ||
siginfo.h | ||
signal.h | ||
smp.h | ||
socket.h | ||
sockios.h | ||
spinlock_types.h | ||
spinlock.h | ||
stat.h | ||
statfs.h | ||
string.h | ||
swab.h | ||
sysinfo.h | ||
system.h | ||
termbits.h | ||
termios.h | ||
thread_info.h | ||
timex.h | ||
tlb.h | ||
tlbflush.h | ||
topology.h | ||
types.h | ||
uaccess.h | ||
ucontext.h | ||
unaligned.h | ||
unistd.h | ||
user.h | ||
vga.h | ||
wrperfmon.h | ||
xchg.h | ||
xor.h |