Prevent an arbitrary kernel read. Check the user pointer with access_ok()

author Dan Rosenberg <drosenberg@vsecurity.com>

Sat, 16 Jul 2011 13:30:40 +0000 (23:30 +1000)

committer Stephen Rothwell <sfr@canb.auug.org.au>

Tue, 26 Jul 2011 05:04:08 +0000 (15:04 +1000)
author Dan Rosenberg <drosenberg@vsecurity.com>
Sat, 16 Jul 2011 13:30:40 +0000 (23:30 +1000)
committer Stephen Rothwell <sfr@canb.auug.org.au>
Tue, 26 Jul 2011 05:04:08 +0000 (15:04 +1000)
diff --git a/arch/xtensa/kernel/ptrace.c b/arch/xtensa/kernel/ptrace.c

index c72c9473ef9913f9666ff54f869fe35fdfd27509..ddce75efd74c665ce23668fece31798cf511716a 100644 (file)
--- a/arch/xtensa/kernel/ptrace.c
+++ b/arch/xtensa/kernel/ptrace.c
@@ -147,6 +147,9 @@ int ptrace_setxregs(struct task_struct *child, void __user *uregs)
         elf_xtregs_t *xtregs = uregs;
         int ret = 0;
  
+       if (!access_ok(VERIFY_READ, uregs, sizeof(elf_xtregs_t)))
+               return -EIO;
+
  #if XTENSA_HAVE_COPROCESSORS
         /* Flush all coprocessors before we overwrite them. */
         coprocessor_flush_all(ti);
author	Dan Rosenberg <drosenberg@vsecurity.com>
	Sat, 16 Jul 2011 13:30:40 +0000 (23:30 +1000)
committer	Stephen Rothwell <sfr@canb.auug.org.au>
	Tue, 26 Jul 2011 05:04:08 +0000 (15:04 +1000)