diff --git a/arch/x86/kernel/signal_32.c b/arch/x86/kernel/signal_32.c index 9eb23fb66b1e..47c85e6b14bb 100644 --- a/arch/x86/kernel/signal_32.c +++ b/arch/x86/kernel/signal_32.c @@ -214,11 +214,12 @@ asmlinkage int sys_sigreturn(unsigned long __unused) asmlinkage int sys_rt_sigreturn(unsigned long __unused) { - struct pt_regs *regs = (struct pt_regs *) &__unused; - struct rt_sigframe __user *frame = (struct rt_sigframe __user *)(regs->sp - 4); + struct pt_regs *regs = (struct pt_regs *)&__unused; + struct rt_sigframe __user *frame; sigset_t set; int ax; + frame = (struct rt_sigframe __user *)(regs->sp - sizeof(long)); if (!access_ok(VERIFY_READ, frame, sizeof(*frame))) goto badframe; if (__copy_from_user(&set, &frame->uc.uc_sigmask, sizeof(set))) diff --git a/arch/x86/kernel/signal_64.c b/arch/x86/kernel/signal_64.c index b7d7a6d5c26b..1045a07eeaec 100644 --- a/arch/x86/kernel/signal_64.c +++ b/arch/x86/kernel/signal_64.c @@ -133,13 +133,11 @@ asmlinkage long sys_rt_sigreturn(struct pt_regs *regs) sigset_t set; unsigned long ax; - frame = (struct rt_sigframe __user *)(regs->sp - 8); - if (!access_ok(VERIFY_READ, frame, sizeof(*frame))) { + frame = (struct rt_sigframe __user *)(regs->sp - sizeof(long)); + if (!access_ok(VERIFY_READ, frame, sizeof(*frame))) goto badframe; - } - if (__copy_from_user(&set, &frame->uc.uc_sigmask, sizeof(set))) { + if (__copy_from_user(&set, &frame->uc.uc_sigmask, sizeof(set))) goto badframe; - } sigdelsetmask(&set, ~_BLOCKABLE); spin_lock_irq(¤t->sighand->siglock);