2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------ From: Dan Rosenberg <[email protected]> [ upstream commit 0d0138ebe24b94065580bd2601f8bb7eb6152f56 ] Prevent an arbitrary kernel read. Check the user pointer with access_ok() before copying data in. [[email protected]: s/EIO/EFAULT/] Signed-off-by: Dan Rosenberg <[email protected]> Cc: Christian Zankel <[email protected]> Cc: Oleg Nesterov <[email protected]> Cc: <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Signed-off-by: Linus Torvalds <[email protected]> Signed-off-by: Andi Kleen <[email protected]> Index: linux-2.6.35.y/arch/xtensa/kernel/ptrace.c =================================================================== --- linux-2.6.35.y.orig/arch/xtensa/kernel/ptrace.c +++ linux-2.6.35.y/arch/xtensa/kernel/ptrace.c @@ -147,6 +147,9 @@ int ptrace_setxregs(struct task_struct * elf_xtregs_t *xtregs = uregs; int ret = 0; + if (!access_ok(VERIFY_READ, uregs, sizeof(elf_xtregs_t))) + return -EFAULT; + #if XTENSA_HAVE_COPROCESSORS /* Flush all coprocessors before we overwrite them. */ coprocessor_flush_all(ti); _______________________________________________ stable mailing list [email protected] http://linux.kernel.org/mailman/listinfo/stable
