From: Dan Rosenberg <drosenberg@vsecurity.com>
Date: Sat, 16 Jul 2011 13:30:40 +0000 (+1000)
Subject: Prevent an arbitrary kernel read.  Check the user pointer with access_ok()
X-Git-Tag: next-20110726~2^2~109
X-Git-Url: https://git.karo-electronics.de/?a=commitdiff_plain;h=f1ea189457c58bd7e06c001ff1ecfe3219c031c1;p=karo-tx-linux.git

Prevent an arbitrary kernel read.  Check the user pointer with access_ok()
before copying data in.

Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
Cc: Christian Zankel <chris@zankel.net>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

diff --git a/arch/xtensa/kernel/ptrace.c b/arch/xtensa/kernel/ptrace.c
index c72c9473ef99..ddce75efd74c 100644
--- a/arch/xtensa/kernel/ptrace.c
+++ b/arch/xtensa/kernel/ptrace.c
@@ -147,6 +147,9 @@ int ptrace_setxregs(struct task_struct *child, void __user *uregs)
 	elf_xtregs_t *xtregs = uregs;
 	int ret = 0;
 
+	if (!access_ok(VERIFY_READ, uregs, sizeof(elf_xtregs_t)))
+		return -EIO;
+
 #if XTENSA_HAVE_COPROCESSORS
 	/* Flush all coprocessors before we overwrite them. */
 	coprocessor_flush_all(ti);