+ xtensa-prevent-arbitrary-read-in-ptrace.patch added to -mm tree

akpm@xxxxxxxxxxxxxxxxxxxx · Fri, 08 Jul 2011 11:28:12 -0700

The patch titled
     xtensa: prevent arbitrary read in ptrace
has been added to the -mm tree.  Its filename is
     xtensa-prevent-arbitrary-read-in-ptrace.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/SubmitChecklist when testing your code ***

See http://userweb.kernel.org/~akpm/stuff/added-to-mm.txt to find
out what to do about this

The current -mm tree may be found at http://userweb.kernel.org/~akpm/mmotm/

------------------------------------------------------
Subject: xtensa: prevent arbitrary read in ptrace
From: Dan Rosenberg <drosenberg@xxxxxxxxxxxxx>

Prevent an arbitrary kernel read.  Check the user pointer with access_ok()
before copying data in.

Signed-off-by: Dan Rosenberg <drosenberg@xxxxxxxxxxxxx>
Cc: Christian Zankel <chris@xxxxxxxxxx>
Cc: Oleg Nesterov <oleg@xxxxxxxxxx>
Cc: <stable@xxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---

 arch/xtensa/kernel/ptrace.c |    3 +++
 1 file changed, 3 insertions(+)

diff -puN arch/xtensa/kernel/ptrace.c~xtensa-prevent-arbitrary-read-in-ptrace arch/xtensa/kernel/ptrace.c

--- a/arch/xtensa/kernel/ptrace.c~xtensa-prevent-arbitrary-read-in-ptrace
+++ a/arch/xtensa/kernel/ptrace.c
@@ -147,6 +147,9 @@ int ptrace_setxregs(struct task_struct *
 	elf_xtregs_t *xtregs = uregs;
 	int ret = 0;
 
+	if (!access_ok(VERIFY_READ, uregs, sizeof(elf_xtregs_t)))
+		return -EIO;
+
 #if XTENSA_HAVE_COPROCESSORS
 	/* Flush all coprocessors before we overwrite them. */
 	coprocessor_flush_all(ti);
_

Patches currently in -mm which might be from drosenberg@xxxxxxxxxxxxx are

xtensa-prevent-arbitrary-read-in-ptrace.patch
xtensa-prevent-arbitrary-read-in-ptrace-fix.patch
linux-next.patch
drivers-scsi-pmcraid-reject-negative-request-size.patch

--
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html





