leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[SPARC64]: Fix user accesses in regset code.

Browse Source 
If target is not current we need to use access_process_vm().

Noticed by Roland McGrath.

Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David S. Miller 2008-04-03 16:55:14 -07:00
parent 7c3cce978e
commit ad4f957640
1 changed files with 115 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

136
arch/sparc64/kernel/ptrace.c
View File

@ -138,8 +138,17 @@ static int genregs64_get(struct task_struct *target,
(regs->u_regs[UREG_I6] + STACK_BIAS); (regs->u_regs[UREG_I6] + STACK_BIAS);
unsigned long window[16]; unsigned long window[16];
if (copy_from_user(window, reg_window, sizeof(window))) if (target == current) {
return -EFAULT; if (copy_from_user(window, reg_window, sizeof(window)))
return -EFAULT;
} else {
if (access_process_vm(target,
(unsigned long) reg_window,
window,
sizeof(window), 0) !=
sizeof(window))
return -EFAULT;
}
ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf, ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf,
window, window,
@ -190,16 +199,37 @@ static int genregs64_set(struct task_struct *target,
(regs->u_regs[UREG_I6] + STACK_BIAS); (regs->u_regs[UREG_I6] + STACK_BIAS);
unsigned long window[16]; unsigned long window[16];
if (copy_from_user(window, reg_window, sizeof(window))) if (target == current) {
return -EFAULT; if (copy_from_user(window, reg_window, sizeof(window)))
return -EFAULT;
} else {
if (access_process_vm(target,
(unsigned long) reg_window,
window,
sizeof(window), 0) !=
sizeof(window))
return -EFAULT;
}
ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf,
window, window,
16 * sizeof(u64), 16 * sizeof(u64),
32 * sizeof(u64)); 32 * sizeof(u64));
if (!ret && if (!ret) {
copy_to_user(reg_window, window, sizeof(window))) if (target == current) {
return -EFAULT; if (copy_to_user(reg_window, window,
sizeof(window)))
return -EFAULT;
} else {
if (access_process_vm(target,
(unsigned long)
reg_window,
window,
sizeof(window), 1) !=
sizeof(window))
return -EFAULT;
}
}
} }
if (!ret && count > 0) { if (!ret && count > 0) {
@ -412,9 +442,22 @@ static int genregs32_get(struct task_struct *target,
*k++ = regs->u_regs[pos++]; *k++ = regs->u_regs[pos++];
reg_window = (compat_ulong_t __user *) regs->u_regs[UREG_I6]; reg_window = (compat_ulong_t __user *) regs->u_regs[UREG_I6];
for (; count > 0 && pos < 32; count--) { if (target == current) {
if (get_user(*k++, &reg_window[pos++])) for (; count > 0 && pos < 32; count--) {
return -EFAULT; if (get_user(*k++, &reg_window[pos++]))
return -EFAULT;
}
} else {
for (; count > 0 && pos < 32; count--) {
if (access_process_vm(target,
(unsigned long)
&reg_window[pos],
k, sizeof(*k), 0)
!= sizeof(*k))
return -EFAULT;
k++;
pos++;
}
} }
} else { } else {
for (; count > 0 && pos < 16; count--) { for (; count > 0 && pos < 16; count--) {
@ -423,10 +466,28 @@ static int genregs32_get(struct task_struct *target,
} }
reg_window = (compat_ulong_t __user *) regs->u_regs[UREG_I6]; reg_window = (compat_ulong_t __user *) regs->u_regs[UREG_I6];
for (; count > 0 && pos < 32; count--) { if (target == current) {
if (get_user(reg, &reg_window[pos++]) || for (; count > 0 && pos < 32; count--) {
put_user(reg, u++)) if (get_user(reg, &reg_window[pos++]) ||
return -EFAULT; put_user(reg, u++))
return -EFAULT;
}
} else {
for (; count > 0 && pos < 32; count--) {
if (access_process_vm(target,
(unsigned long)
&reg_window[pos],
&reg, sizeof(reg), 0)
!= sizeof(reg))
return -EFAULT;
if (access_process_vm(target,
(unsigned long) u,
&reg, sizeof(reg), 1)
!= sizeof(reg))
return -EFAULT;
pos++;
u++;
}
} }
} }
while (count > 0) { while (count > 0) {
@ -488,9 +549,23 @@ static int genregs32_set(struct task_struct *target,
regs->u_regs[pos++] = *k++; regs->u_regs[pos++] = *k++;
reg_window = (compat_ulong_t __user *) regs->u_regs[UREG_I6]; reg_window = (compat_ulong_t __user *) regs->u_regs[UREG_I6];
for (; count > 0 && pos < 32; count--) { if (target == current) {
if (put_user(*k++, &reg_window[pos++])) for (; count > 0 && pos < 32; count--) {
return -EFAULT; if (put_user(*k++, &reg_window[pos++]))
return -EFAULT;
}
} else {
for (; count > 0 && pos < 32; count--) {
if (access_process_vm(target,
(unsigned long)
&reg_window[pos],
(void *) k,
sizeof(*k), 1)
!= sizeof(*k))
return -EFAULT;
k++;
pos++;
}
} }
} else { } else {
for (; count > 0 && pos < 16; count--) { for (; count > 0 && pos < 16; count--) {
@ -500,10 +575,29 @@ static int genregs32_set(struct task_struct *target,
} }
reg_window = (compat_ulong_t __user *) regs->u_regs[UREG_I6]; reg_window = (compat_ulong_t __user *) regs->u_regs[UREG_I6];
for (; count > 0 && pos < 32; count--) { if (target == current) {
if (get_user(reg, u++) || for (; count > 0 && pos < 32; count--) {
put_user(reg, &reg_window[pos++])) if (get_user(reg, u++) ||
return -EFAULT; put_user(reg, &reg_window[pos++]))
return -EFAULT;
}
} else {
for (; count > 0 && pos < 32; count--) {
if (access_process_vm(target,
(unsigned long)
u,
&reg, sizeof(reg), 0)
!= sizeof(reg))
return -EFAULT;
if (access_process_vm(target,
(unsigned long)
&reg_window[pos],
&reg, sizeof(reg), 1)
!= sizeof(reg))
return -EFAULT;
pos++;
u++;
}
} }
} }
while (count > 0) { while (count > 0) {