diff options
author | David S. Miller <davem@davemloft.net> | 2008-04-03 19:55:14 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-04-03 19:55:14 -0400 |
commit | ad4f95764040077f16ebf24559d5a06f8fb133bc (patch) | |
tree | 48d1414e70785a9d910c8bcc62c324e8852c48ad /arch/sparc64/kernel/ptrace.c | |
parent | 7c3cce978e4f933ac13758ec5d2554fc8d0927d2 (diff) |
[SPARC64]: Fix user accesses in regset code.
If target is not current we need to use access_process_vm().
Noticed by Roland McGrath.
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'arch/sparc64/kernel/ptrace.c')
-rw-r--r-- | arch/sparc64/kernel/ptrace.c | 136 |
1 files changed, 115 insertions, 21 deletions
diff --git a/arch/sparc64/kernel/ptrace.c b/arch/sparc64/kernel/ptrace.c index aaae865e7932..7963595c77cc 100644 --- a/arch/sparc64/kernel/ptrace.c +++ b/arch/sparc64/kernel/ptrace.c | |||
@@ -138,8 +138,17 @@ static int genregs64_get(struct task_struct *target, | |||
138 | (regs->u_regs[UREG_I6] + STACK_BIAS); | 138 | (regs->u_regs[UREG_I6] + STACK_BIAS); |
139 | unsigned long window[16]; | 139 | unsigned long window[16]; |
140 | 140 | ||
141 | if (copy_from_user(window, reg_window, sizeof(window))) | 141 | if (target == current) { |
142 | return -EFAULT; | 142 | if (copy_from_user(window, reg_window, sizeof(window))) |
143 | return -EFAULT; | ||
144 | } else { | ||
145 | if (access_process_vm(target, | ||
146 | (unsigned long) reg_window, | ||
147 | window, | ||
148 | sizeof(window), 0) != | ||
149 | sizeof(window)) | ||
150 | return -EFAULT; | ||
151 | } | ||
143 | 152 | ||
144 | ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf, | 153 | ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf, |
145 | window, | 154 | window, |
@@ -190,16 +199,37 @@ static int genregs64_set(struct task_struct *target, | |||
190 | (regs->u_regs[UREG_I6] + STACK_BIAS); | 199 | (regs->u_regs[UREG_I6] + STACK_BIAS); |
191 | unsigned long window[16]; | 200 | unsigned long window[16]; |
192 | 201 | ||
193 | if (copy_from_user(window, reg_window, sizeof(window))) | 202 | if (target == current) { |
194 | return -EFAULT; | 203 | if (copy_from_user(window, reg_window, sizeof(window))) |
204 | return -EFAULT; | ||
205 | } else { | ||
206 | if (access_process_vm(target, | ||
207 | (unsigned long) reg_window, | ||
208 | window, | ||
209 | sizeof(window), 0) != | ||
210 | sizeof(window)) | ||
211 | return -EFAULT; | ||
212 | } | ||
195 | 213 | ||
196 | ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, | 214 | ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, |
197 | window, | 215 | window, |
198 | 16 * sizeof(u64), | 216 | 16 * sizeof(u64), |
199 | 32 * sizeof(u64)); | 217 | 32 * sizeof(u64)); |
200 | if (!ret && | 218 | if (!ret) { |
201 | copy_to_user(reg_window, window, sizeof(window))) | 219 | if (target == current) { |
202 | return -EFAULT; | 220 | if (copy_to_user(reg_window, window, |
221 | sizeof(window))) | ||
222 | return -EFAULT; | ||
223 | } else { | ||
224 | if (access_process_vm(target, | ||
225 | (unsigned long) | ||
226 | reg_window, | ||
227 | window, | ||
228 | sizeof(window), 1) != | ||
229 | sizeof(window)) | ||
230 | return -EFAULT; | ||
231 | } | ||
232 | } | ||
203 | } | 233 | } |
204 | 234 | ||
205 | if (!ret && count > 0) { | 235 | if (!ret && count > 0) { |
@@ -412,9 +442,22 @@ static int genregs32_get(struct task_struct *target, | |||
412 | *k++ = regs->u_regs[pos++]; | 442 | *k++ = regs->u_regs[pos++]; |
413 | 443 | ||
414 | reg_window = (compat_ulong_t __user *) regs->u_regs[UREG_I6]; | 444 | reg_window = (compat_ulong_t __user *) regs->u_regs[UREG_I6]; |
415 | for (; count > 0 && pos < 32; count--) { | 445 | if (target == current) { |
416 | if (get_user(*k++, ®_window[pos++])) | 446 | for (; count > 0 && pos < 32; count--) { |
417 | return -EFAULT; | 447 | if (get_user(*k++, ®_window[pos++])) |
448 | return -EFAULT; | ||
449 | } | ||
450 | } else { | ||
451 | for (; count > 0 && pos < 32; count--) { | ||
452 | if (access_process_vm(target, | ||
453 | (unsigned long) | ||
454 | ®_window[pos], | ||
455 | k, sizeof(*k), 0) | ||
456 | != sizeof(*k)) | ||
457 | return -EFAULT; | ||
458 | k++; | ||
459 | pos++; | ||
460 | } | ||
418 | } | 461 | } |
419 | } else { | 462 | } else { |
420 | for (; count > 0 && pos < 16; count--) { | 463 | for (; count > 0 && pos < 16; count--) { |
@@ -423,10 +466,28 @@ static int genregs32_get(struct task_struct *target, | |||
423 | } | 466 | } |
424 | 467 | ||
425 | reg_window = (compat_ulong_t __user *) regs->u_regs[UREG_I6]; | 468 | reg_window = (compat_ulong_t __user *) regs->u_regs[UREG_I6]; |
426 | for (; count > 0 && pos < 32; count--) { | 469 | if (target == current) { |
427 | if (get_user(reg, ®_window[pos++]) || | 470 | for (; count > 0 && pos < 32; count--) { |
428 | put_user(reg, u++)) | 471 | if (get_user(reg, ®_window[pos++]) || |
429 | return -EFAULT; | 472 | put_user(reg, u++)) |
473 | return -EFAULT; | ||
474 | } | ||
475 | } else { | ||
476 | for (; count > 0 && pos < 32; count--) { | ||
477 | if (access_process_vm(target, | ||
478 | (unsigned long) | ||
479 | ®_window[pos], | ||
480 | ®, sizeof(reg), 0) | ||
481 | != sizeof(reg)) | ||
482 | return -EFAULT; | ||
483 | if (access_process_vm(target, | ||
484 | (unsigned long) u, | ||
485 | ®, sizeof(reg), 1) | ||
486 | != sizeof(reg)) | ||
487 | return -EFAULT; | ||
488 | pos++; | ||
489 | u++; | ||
490 | } | ||
430 | } | 491 | } |
431 | } | 492 | } |
432 | while (count > 0) { | 493 | while (count > 0) { |
@@ -488,9 +549,23 @@ static int genregs32_set(struct task_struct *target, | |||
488 | regs->u_regs[pos++] = *k++; | 549 | regs->u_regs[pos++] = *k++; |
489 | 550 | ||
490 | reg_window = (compat_ulong_t __user *) regs->u_regs[UREG_I6]; | 551 | reg_window = (compat_ulong_t __user *) regs->u_regs[UREG_I6]; |
491 | for (; count > 0 && pos < 32; count--) { | 552 | if (target == current) { |
492 | if (put_user(*k++, ®_window[pos++])) | 553 | for (; count > 0 && pos < 32; count--) { |
493 | return -EFAULT; | 554 | if (put_user(*k++, ®_window[pos++])) |
555 | return -EFAULT; | ||
556 | } | ||
557 | } else { | ||
558 | for (; count > 0 && pos < 32; count--) { | ||
559 | if (access_process_vm(target, | ||
560 | (unsigned long) | ||
561 | ®_window[pos], | ||
562 | (void *) k, | ||
563 | sizeof(*k), 1) | ||
564 | != sizeof(*k)) | ||
565 | return -EFAULT; | ||
566 | k++; | ||
567 | pos++; | ||
568 | } | ||
494 | } | 569 | } |
495 | } else { | 570 | } else { |
496 | for (; count > 0 && pos < 16; count--) { | 571 | for (; count > 0 && pos < 16; count--) { |
@@ -500,10 +575,29 @@ static int genregs32_set(struct task_struct *target, | |||
500 | } | 575 | } |
501 | 576 | ||
502 | reg_window = (compat_ulong_t __user *) regs->u_regs[UREG_I6]; | 577 | reg_window = (compat_ulong_t __user *) regs->u_regs[UREG_I6]; |
503 | for (; count > 0 && pos < 32; count--) { | 578 | if (target == current) { |
504 | if (get_user(reg, u++) || | 579 | for (; count > 0 && pos < 32; count--) { |
505 | put_user(reg, ®_window[pos++])) | 580 | if (get_user(reg, u++) || |
506 | return -EFAULT; | 581 | put_user(reg, ®_window[pos++])) |
582 | return -EFAULT; | ||
583 | } | ||
584 | } else { | ||
585 | for (; count > 0 && pos < 32; count--) { | ||
586 | if (access_process_vm(target, | ||
587 | (unsigned long) | ||
588 | u, | ||
589 | ®, sizeof(reg), 0) | ||
590 | != sizeof(reg)) | ||
591 | return -EFAULT; | ||
592 | if (access_process_vm(target, | ||
593 | (unsigned long) | ||
594 | ®_window[pos], | ||
595 | ®, sizeof(reg), 1) | ||
596 | != sizeof(reg)) | ||
597 | return -EFAULT; | ||
598 | pos++; | ||
599 | u++; | ||
600 | } | ||
507 | } | 601 | } |
508 | } | 602 | } |
509 | while (count > 0) { | 603 | while (count > 0) { |