parisc: Correct completer in lws start

commit 8f66fce0f46560b9e910787ff7ad0974441c4f9c upstream. The completer in the "or,ev %r1,%r30,%r30" instruction is reversed, so we are not clipping the LWS number when we are called from a 32-bit process (W=0). We need to nulify the following depdi instruction when the least-significant bit of %r30 is 1. If the %r20 register is not clipped, a user process could perform a LWS call that would branch to an undefined location in the kernel and potentially crash the machine. Signed-off-by: John David Anglin <dave.anglin@bell.net> Cc: stable@vger.kernel.org # 4.19+ Signed-off-by: Helge Deller <deller@gmx.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: John David Anglin <dave.anglin@bell.net> 2021-12-21 13:21:22 -0500
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2021-12-29 12:28:53 +0100
commit: 7c6567979c827b9ca2f4ce1c045385e8608694ee (patch)
tree: 0db0715f95dbd80b6b3461dda22c2b97517c5d16 /arch
parent: 5aae769a0ef7ec3ad0e9b3e3297a2e4fc69cde95 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/arch/parisc/kernel/syscall.S b/arch/parisc/kernel/syscall.S
index 3f24a0af1e04..9842dcb2041e 100644
--- a/arch/parisc/kernel/syscall.S
+++ b/arch/parisc/kernel/syscall.S
@@ -478,7 +478,7 @@ lws_start:
 	extrd,u	%r1,PSW_W_BIT,1,%r1
 	/* sp must be aligned on 4, so deposit the W bit setting into
 	 * the bottom of sp temporarily */
-	or,ev	%r1,%r30,%r30
+	or,od	%r1,%r30,%r30
 
 	/* Clip LWS number to a 32-bit value for 32-bit processes */
 	depdi	0, 31, 32, %r20
author	John David Anglin <dave.anglin@bell.net>	2021-12-21 13:21:22 -0500
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2021-12-29 12:28:53 +0100
commit	7c6567979c827b9ca2f4ce1c045385e8608694ee (patch)
tree	0db0715f95dbd80b6b3461dda22c2b97517c5d16 /arch
parent	5aae769a0ef7ec3ad0e9b3e3297a2e4fc69cde95 (diff)