Re: [Security] [PATCH] xtensa: prevent arbitrary read in ptrace
From: Chris Zankel
Date: Fri Jul 08 2011 - 15:29:23 EST
Hi,
I'll try to run a build this weekend and will look if that code builds
at all.
Thanks,
-Chris
On 7/8/11 11:42 AM, Oleg Nesterov wrote:
On 07/08, Andrew Morton wrote:
On Thu, 07 Jul 2011 20:03:54 -0400
Dan Rosenberg<drosenberg@xxxxxxxxxxxxx> wrote:
Prevent an arbitrary kernel read. Check the user pointer with
access_ok() before copying data in.
Signed-off-by: Dan Rosenberg<drosenberg@xxxxxxxxxxxxx>
Cc: stable@xxxxxxxxxx
---
arch/xtensa/kernel/ptrace.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/arch/xtensa/kernel/ptrace.c b/arch/xtensa/kernel/ptrace.c
index c72c947..ddce75e 100644
--- a/arch/xtensa/kernel/ptrace.c
+++ b/arch/xtensa/kernel/ptrace.c
@@ -147,6 +147,9 @@ int ptrace_setxregs(struct task_struct *child, void __user *uregs)
elf_xtregs_t *xtregs = uregs;
int ret = 0;
+ if (!access_ok(VERIFY_READ, uregs, sizeof(elf_xtregs_t)))
+ return -EIO;
This should be -EFAULT, methinks?
Also, it seems that ptrace_setxregs/ptrace_getxregs could be static?
The patch looks "obviously correct" but I don't understand this code.
Hmm. We don't read/write the XTENSA_HAVE_COPROCESSORS data, but use
sizeof(elf_xtregs_t) anyway. This looks a bit strange but I guess
this doesn't matter.
Oleg.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/