From: Al Viro <viro@parcelfarce.linux.theplanet.co.uk>

The copy_user stuff in the signal frame code was broke.

Signed-off-by: Jeff Dike <jdike@addtoit.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
---

 arch/um/sys-i386/signal.c   |    2 +-
 arch/um/sys-x86_64/signal.c |   39 +++++++++++++++++++++++----------------
 2 files changed, 24 insertions(+), 17 deletions(-)

diff -puN arch/um/sys-i386/signal.c~uml-fix-signal-frame-copy_user arch/um/sys-i386/signal.c
--- devel/arch/um/sys-i386/signal.c~uml-fix-signal-frame-copy_user	2005-08-17 18:21:04.000000000 -0700
+++ devel-akpm/arch/um/sys-i386/signal.c	2005-08-17 18:21:04.000000000 -0700
@@ -122,9 +122,9 @@ int copy_sc_from_user_tt(struct sigconte
 	int err;
 
 	to_fp = to->fpstate;
-	from_fp = from->fpstate;
 	sigs = to->oldmask;
 	err = copy_from_user(to, from, sizeof(*to));
+	from_fp = to->fpstate;
 	to->oldmask = sigs;
 	to->fpstate = to_fp;
 	if(to_fp != NULL)
diff -puN arch/um/sys-x86_64/signal.c~uml-fix-signal-frame-copy_user arch/um/sys-x86_64/signal.c
--- devel/arch/um/sys-x86_64/signal.c~uml-fix-signal-frame-copy_user	2005-08-17 18:21:04.000000000 -0700
+++ devel-akpm/arch/um/sys-x86_64/signal.c	2005-08-17 18:21:04.000000000 -0700
@@ -104,28 +104,35 @@ int copy_sc_to_user_skas(struct sigconte
 int copy_sc_from_user_tt(struct sigcontext *to, struct sigcontext *from,
                         int fpsize)
 {
-       struct _fpstate *to_fp, *from_fp;
-       unsigned long sigs;
-       int err;
-
-       to_fp = to->fpstate;
-       from_fp = from->fpstate;
-       sigs = to->oldmask;
-       err = copy_from_user(to, from, sizeof(*to));
-       to->oldmask = sigs;
-       return(err);
+	struct _fpstate *to_fp, *from_fp;
+	unsigned long sigs;
+	int err;
+
+	to_fp = to->fpstate;
+	sigs = to->oldmask;
+	err = copy_from_user(to, from, sizeof(*to));
+	from_fp = to->fpstate;
+	to->fpstate = to_fp;
+	to->oldmask = sigs;
+	if(to_fp != NULL)
+		err |= copy_from_user(to_fp, from_fp, fpsize);
+	return(err);
 }
 
 int copy_sc_to_user_tt(struct sigcontext *to, struct _fpstate *fp,
                       struct sigcontext *from, int fpsize)
 {
-       struct _fpstate *to_fp, *from_fp;
-       int err;
+	struct _fpstate *to_fp, *from_fp;
+	int err;
 
-       to_fp = (fp ? fp : (struct _fpstate *) (to + 1));
-       from_fp = from->fpstate;
-       err = copy_to_user(to, from, sizeof(*to));
-       return(err);
+	to_fp = (fp ? fp : (struct _fpstate *) (to + 1));
+	from_fp = from->fpstate;
+	err = copy_to_user(to, from, sizeof(*to));
+	if(from_fp != NULL){
+		err |= copy_to_user(&to->fpstate, &to_fp, sizeof(to->fpstate));
+		err |= copy_to_user(to_fp, from_fp, fpsize);
+	}
+	return(err);
 }
 
 #endif
_