# The cmov check now uses copy_from_user instead of grabbing the instruction
# directly.
# Added a reminder to add copy_user stuff to modify_ldt.
Index: um/arch/um/sys-i386/bugs.c
===================================================================
--- um.orig/arch/um/sys-i386/bugs.c	2004-08-05 20:38:10.000000000 -0400
+++ um/arch/um/sys-i386/bugs.c	2004-08-05 20:39:22.000000000 -0400
@@ -183,15 +183,16 @@
 
 int arch_handle_signal(int sig, union uml_pt_regs *regs)
 {
-	unsigned long ip;
+	unsigned char tmp[2];
 
 	/* This is testing for a cmov (0x0f 0x4x) instruction causing a
 	 * SIGILL in init.
 	 */
 	if((sig != SIGILL) || (TASK_PID(get_current()) != 1)) return(0);
 
-	ip = UPT_IP(regs);
-	if((*((char *) ip) != 0x0f) || ((*((char *) (ip + 1)) & 0xf0) != 0x40))
+	if (copy_from_user_proc(tmp, (void *) UPT_IP(regs), 2))
+		panic("SIGILL in init, could not read instructions!\n");
+	if((tmp[0] != 0x0f) || ((tmp[1] & 0xf0) != 0x40))
 		return(0);
 
 	if(host_has_cmov == 0)
Index: um/arch/um/sys-i386/ldt.c
===================================================================
--- um.orig/arch/um/sys-i386/ldt.c	2004-08-05 20:38:10.000000000 -0400
+++ um/arch/um/sys-i386/ldt.c	2004-08-05 20:39:22.000000000 -0400
@@ -13,6 +13,8 @@
 #ifdef CONFIG_MODE_TT
 extern int modify_ldt(int func, void *ptr, unsigned long bytecount);
 
+/* XXX this needs copy_to_user and copy_from_user */
+
 int sys_modify_ldt_tt(int func, void *ptr, unsigned long bytecount)
 {
 	if(verify_area(VERIFY_READ, ptr, bytecount)) return(-EFAULT);