* Oleg Nesterov <[EMAIL PROTECTED]> wrote: > I am really puzzled by set_fs(USER_DS) in setup_frame/setup_rt_frame. > > How is it possible that current->addr_limit != USER_DS ? If this _is_ > possible, how can can we trust the result of access_ok() above?
hm, this is _ancient_ code (possibly dating back to the pharaohs). If we are in KERNEL_DS then we call do_signal() then we are most likely a kernel thread and regs->esp points to the kernel stack ... the result of which would be a quite spectacular crash anyway. Patch below. Ingo -----------------------------> Subject: [patch] i386: remove unnecessary code From: Ingo Molnar <[EMAIL PROTECTED]> Oleg Nesterov pointed out that the set_fs() calls in setup_frame() and setup_rt_frame() were superfluous. Signed-off-by: Ingo Molnar <[EMAIL PROTECTED]> --- arch/i386/kernel/signal.c | 2 -- 1 file changed, 2 deletions(-) Index: linux/arch/i386/kernel/signal.c =================================================================== --- linux.orig/arch/i386/kernel/signal.c +++ linux/arch/i386/kernel/signal.c @@ -380,7 +380,6 @@ static int setup_frame(int sig, struct k regs->edx = (unsigned long) 0; regs->ecx = (unsigned long) 0; - set_fs(USER_DS); regs->xds = __USER_DS; regs->xes = __USER_DS; regs->xss = __USER_DS; @@ -474,7 +473,6 @@ static int setup_rt_frame(int sig, struc regs->edx = (unsigned long) &frame->info; regs->ecx = (unsigned long) &frame->uc; - set_fs(USER_DS); regs->xds = __USER_DS; regs->xes = __USER_DS; regs->xss = __USER_DS; - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/