[stable] [34/55] xtensa: prevent arbitrary read in ptrace

Fri, 05 Aug 2011 17:10:57 -0700 

2.6.32-longterm review patch.  If anyone has any objections, please let us know.

------------------

From: Dan Rosenberg <drosenb...@vsecurity.com>

commit 0d0138ebe24b94065580bd2601f8bb7eb6152f56 upstream.

Prevent an arbitrary kernel read.  Check the user pointer with access_ok()
before copying data in.

[a...@linux-foundation.org: s/EIO/EFAULT/]
Signed-off-by: Dan Rosenberg <drosenb...@vsecurity.com>
Cc: Christian Zankel <ch...@zankel.net>
Cc: Oleg Nesterov <o...@redhat.com>
Signed-off-by: Andrew Morton <a...@linux-foundation.org>
Signed-off-by: Linus Torvalds <torva...@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gre...@suse.de>

---
 arch/xtensa/kernel/ptrace.c |    3 +++
 1 file changed, 3 insertions(+)

--- a/arch/xtensa/kernel/ptrace.c
+++ b/arch/xtensa/kernel/ptrace.c
@@ -136,6 +136,9 @@ int ptrace_setxregs(struct task_struct *
        elf_xtregs_t *xtregs = uregs;
        int ret = 0;
 
+       if (!access_ok(VERIFY_READ, uregs, sizeof(elf_xtregs_t)))
+               return -EFAULT;
+
 #if XTENSA_HAVE_COPROCESSORS
        /* Flush all coprocessors before we overwrite them. */
        coprocessor_flush_all(ti);


_______________________________________________
stable mailing list
stable@linux.kernel.org
http://linux.kernel.org/mailman/listinfo/stable

Reply via email to