aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid S. Miller <davem@davemloft.net>2008-04-03 19:55:14 -0400
committerDavid S. Miller <davem@davemloft.net>2008-04-03 19:55:14 -0400
commitad4f95764040077f16ebf24559d5a06f8fb133bc (patch)
tree48d1414e70785a9d910c8bcc62c324e8852c48ad
parent7c3cce978e4f933ac13758ec5d2554fc8d0927d2 (diff)
[SPARC64]: Fix user accesses in regset code.
If target is not current we need to use access_process_vm(). Noticed by Roland McGrath. Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--arch/sparc64/kernel/ptrace.c136
1 files changed, 115 insertions, 21 deletions
diff --git a/arch/sparc64/kernel/ptrace.c b/arch/sparc64/kernel/ptrace.c
index aaae865e7932..7963595c77cc 100644
--- a/arch/sparc64/kernel/ptrace.c
+++ b/arch/sparc64/kernel/ptrace.c
@@ -138,8 +138,17 @@ static int genregs64_get(struct task_struct *target,
138 (regs->u_regs[UREG_I6] + STACK_BIAS); 138 (regs->u_regs[UREG_I6] + STACK_BIAS);
139 unsigned long window[16]; 139 unsigned long window[16];
140 140
141 if (copy_from_user(window, reg_window, sizeof(window))) 141 if (target == current) {
142 return -EFAULT; 142 if (copy_from_user(window, reg_window, sizeof(window)))
143 return -EFAULT;
144 } else {
145 if (access_process_vm(target,
146 (unsigned long) reg_window,
147 window,
148 sizeof(window), 0) !=
149 sizeof(window))
150 return -EFAULT;
151 }
143 152
144 ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf, 153 ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf,
145 window, 154 window,
@@ -190,16 +199,37 @@ static int genregs64_set(struct task_struct *target,
190 (regs->u_regs[UREG_I6] + STACK_BIAS); 199 (regs->u_regs[UREG_I6] + STACK_BIAS);
191 unsigned long window[16]; 200 unsigned long window[16];
192 201
193 if (copy_from_user(window, reg_window, sizeof(window))) 202 if (target == current) {
194 return -EFAULT; 203 if (copy_from_user(window, reg_window, sizeof(window)))
204 return -EFAULT;
205 } else {
206 if (access_process_vm(target,
207 (unsigned long) reg_window,
208 window,
209 sizeof(window), 0) !=
210 sizeof(window))
211 return -EFAULT;
212 }
195 213
196 ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, 214 ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf,
197 window, 215 window,
198 16 * sizeof(u64), 216 16 * sizeof(u64),
199 32 * sizeof(u64)); 217 32 * sizeof(u64));
200 if (!ret && 218 if (!ret) {
201 copy_to_user(reg_window, window, sizeof(window))) 219 if (target == current) {
202 return -EFAULT; 220 if (copy_to_user(reg_window, window,
221 sizeof(window)))
222 return -EFAULT;
223 } else {
224 if (access_process_vm(target,
225 (unsigned long)
226 reg_window,
227 window,
228 sizeof(window), 1) !=
229 sizeof(window))
230 return -EFAULT;
231 }
232 }
203 } 233 }
204 234
205 if (!ret && count > 0) { 235 if (!ret && count > 0) {
@@ -412,9 +442,22 @@ static int genregs32_get(struct task_struct *target,
412 *k++ = regs->u_regs[pos++]; 442 *k++ = regs->u_regs[pos++];
413 443
414 reg_window = (compat_ulong_t __user *) regs->u_regs[UREG_I6]; 444 reg_window = (compat_ulong_t __user *) regs->u_regs[UREG_I6];
415 for (; count > 0 && pos < 32; count--) { 445 if (target == current) {
416 if (get_user(*k++, &reg_window[pos++])) 446 for (; count > 0 && pos < 32; count--) {
417 return -EFAULT; 447 if (get_user(*k++, &reg_window[pos++]))
448 return -EFAULT;
449 }
450 } else {
451 for (; count > 0 && pos < 32; count--) {
452 if (access_process_vm(target,
453 (unsigned long)
454 &reg_window[pos],
455 k, sizeof(*k), 0)
456 != sizeof(*k))
457 return -EFAULT;
458 k++;
459 pos++;
460 }
418 } 461 }
419 } else { 462 } else {
420 for (; count > 0 && pos < 16; count--) { 463 for (; count > 0 && pos < 16; count--) {
@@ -423,10 +466,28 @@ static int genregs32_get(struct task_struct *target,
423 } 466 }
424 467
425 reg_window = (compat_ulong_t __user *) regs->u_regs[UREG_I6]; 468 reg_window = (compat_ulong_t __user *) regs->u_regs[UREG_I6];
426 for (; count > 0 && pos < 32; count--) { 469 if (target == current) {
427 if (get_user(reg, &reg_window[pos++]) || 470 for (; count > 0 && pos < 32; count--) {
428 put_user(reg, u++)) 471 if (get_user(reg, &reg_window[pos++]) ||
429 return -EFAULT; 472 put_user(reg, u++))
473 return -EFAULT;
474 }
475 } else {
476 for (; count > 0 && pos < 32; count--) {
477 if (access_process_vm(target,
478 (unsigned long)
479 &reg_window[pos],
480 &reg, sizeof(reg), 0)
481 != sizeof(reg))
482 return -EFAULT;
483 if (access_process_vm(target,
484 (unsigned long) u,
485 &reg, sizeof(reg), 1)
486 != sizeof(reg))
487 return -EFAULT;
488 pos++;
489 u++;
490 }
430 } 491 }
431 } 492 }
432 while (count > 0) { 493 while (count > 0) {
@@ -488,9 +549,23 @@ static int genregs32_set(struct task_struct *target,
488 regs->u_regs[pos++] = *k++; 549 regs->u_regs[pos++] = *k++;
489 550
490 reg_window = (compat_ulong_t __user *) regs->u_regs[UREG_I6]; 551 reg_window = (compat_ulong_t __user *) regs->u_regs[UREG_I6];
491 for (; count > 0 && pos < 32; count--) { 552 if (target == current) {
492 if (put_user(*k++, &reg_window[pos++])) 553 for (; count > 0 && pos < 32; count--) {
493 return -EFAULT; 554 if (put_user(*k++, &reg_window[pos++]))
555 return -EFAULT;
556 }
557 } else {
558 for (; count > 0 && pos < 32; count--) {
559 if (access_process_vm(target,
560 (unsigned long)
561 &reg_window[pos],
562 (void *) k,
563 sizeof(*k), 1)
564 != sizeof(*k))
565 return -EFAULT;
566 k++;
567 pos++;
568 }
494 } 569 }
495 } else { 570 } else {
496 for (; count > 0 && pos < 16; count--) { 571 for (; count > 0 && pos < 16; count--) {
@@ -500,10 +575,29 @@ static int genregs32_set(struct task_struct *target,
500 } 575 }
501 576
502 reg_window = (compat_ulong_t __user *) regs->u_regs[UREG_I6]; 577 reg_window = (compat_ulong_t __user *) regs->u_regs[UREG_I6];
503 for (; count > 0 && pos < 32; count--) { 578 if (target == current) {
504 if (get_user(reg, u++) || 579 for (; count > 0 && pos < 32; count--) {
505 put_user(reg, &reg_window[pos++])) 580 if (get_user(reg, u++) ||
506 return -EFAULT; 581 put_user(reg, &reg_window[pos++]))
582 return -EFAULT;
583 }
584 } else {
585 for (; count > 0 && pos < 32; count--) {
586 if (access_process_vm(target,
587 (unsigned long)
588 u,
589 &reg, sizeof(reg), 0)
590 != sizeof(reg))
591 return -EFAULT;
592 if (access_process_vm(target,
593 (unsigned long)
594 &reg_window[pos],
595 &reg, sizeof(reg), 1)
596 != sizeof(reg))
597 return -EFAULT;
598 pos++;
599 u++;
600 }
507 } 601 }
508 } 602 }
509 while (count > 0) { 603 while (count > 0) {