From: Paul Mackerras <paulus@samba.org>

The handling of misaligned load/store multiple instructions did not check
to see if the address was ok to access before using __{get,put}_user().

Signed-off-by: Kumar Gala <kumar.gala@freescale.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
---

 arch/ppc/kernel/align.c |    4 ++++
 1 files changed, 4 insertions(+)

diff -puN arch/ppc/kernel/align.c~ppc32-fix-address-checking-on-lmw-stmw-align-exception arch/ppc/kernel/align.c
--- 25/arch/ppc/kernel/align.c~ppc32-fix-address-checking-on-lmw-stmw-align-exception	2005-04-26 04:20:29.715306840 -0700
+++ 25-akpm/arch/ppc/kernel/align.c	2005-04-26 04:20:29.719306232 -0700
@@ -290,6 +290,10 @@ fix_alignment(struct pt_regs *regs)
 			/* lwm, stmw */
 			nb = (32 - reg) * 4;
 		}
+
+		if (!access_ok((flags & ST? VERIFY_WRITE: VERIFY_READ), addr, nb+nb0))
+			return -EFAULT;	/* bad address */
+
 		rptr = (unsigned char *) &regs->gpr[reg];
 		if (flags & LD) {
 			for (i = 0; i < nb; ++i)
_