From: Paul Mackerras When the kernel creates a signal frame on the user stack, it puts the old stack pointer value at the beginning so that the signal frame is linked into the chain of stack frames like any other frame. Unfortunately, for 32-bit processes we are writing the old stack pointer as a 64-bit value rather than a 32-bit value, and the process sees that as a null pointer, since it only looks at the first 32 bits, which are zero since ppc is bigendian and the stack pointer is below 4GB. This bug is in SLES9 and RHEL4 too, hence the ccs. This patch fixes the bug by making the signal code write the old stack pointer as a u32 instead of an unsigned long. Signed-off-by: Paul Mackerras Signed-off-by: Andrew Morton --- arch/ppc64/kernel/signal32.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff -puN arch/ppc64/kernel/signal32.c~ppc64-fix-32-bit-signal-frame-back-link arch/ppc64/kernel/signal32.c --- 25/arch/ppc64/kernel/signal32.c~ppc64-fix-32-bit-signal-frame-back-link 2005-04-29 21:52:05.662676352 -0700 +++ 25-akpm/arch/ppc64/kernel/signal32.c 2005-04-29 21:52:05.668675440 -0700 @@ -657,7 +657,7 @@ static int handle_rt_signal32(unsigned l /* Save user registers on the stack */ frame = &rt_sf->uc.uc_mcontext; - if (put_user(regs->gpr[1], (unsigned long __user *)newsp)) + if (put_user(regs->gpr[1], (u32 __user *)newsp)) goto badframe; if (vdso32_rt_sigtramp && current->thread.vdso_base) { @@ -842,7 +842,7 @@ static int handle_signal32(unsigned long regs->link = (unsigned long) frame->mctx.tramp; } - if (put_user(regs->gpr[1], (unsigned long __user *)newsp)) + if (put_user(regs->gpr[1], (u32 __user *)newsp)) goto badframe; regs->gpr[1] = (unsigned long) newsp; regs->gpr[3] = sig; _