Hi Cyrill,
On Wed, Aug 24, 2011 at 12:53 +0400, Cyrill Gorcunov wrote:
> +static struct dentry *proc_map_files_lookup(struct inode *dir,
> + struct dentry *dentry, struct nameidata *nd)
> +{
> + struct task_struct *task;
> + unsigned long vm_start;
> + struct vm_area_struct *vma;
> + struct mm_struct *mm;
> + struct dentry *result;
> + char *endp;
> +
> + result = ERR_PTR(-ENOENT);
> +
> + task = get_proc_task(dir);
> + if (!task)
> + goto out_no_task;
> +
> + vm_start = simple_strtoul(dentry->d_name.name, &endp, 16);
> + if (*endp != '\0')
> + goto out_no_mm;
> +
> + mm = get_task_mm(task);
> + if (!mm)
> + goto out_no_mm;
> +
> + down_read(&mm->mmap_sem);
> + vma = find_vma(mm, vm_start);
> + if (!vma || vma->vm_start != vm_start)
> + goto out_no_vma;
> + result = proc_map_files_instantiate(dir, dentry, task, vma);
> +
> +out_no_vma:
> + up_read(&mm->mmap_sem);
> + mmput(mm);
> +out_no_mm:
> + put_task_struct(task);
> +out_no_task:
> + return result;
> +}
You have no ptrace_may_access() check in ->lookup(), only in ->readdir().
> +static const struct inode_operations proc_map_files_inode_operations = {
> + .lookup = proc_map_files_lookup,
> + .setattr = proc_setattr,
> +};
> +
> +static int proc_map_files_readdir(struct file *filp, void *dirent, filldir_t filldir)
> +{
...
> + ret = -EPERM;
> + if (!ptrace_may_access(task, PTRACE_MODE_READ))
> + goto out;
...
> + }
Thanks,
--
Vasiliy
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
