[thirdparty/kernel/stable-queue.git] / releases / 3.0.1 / xtensa-prevent-arbitrary-read-in-ptrace.patch

From 0d0138ebe24b94065580bd2601f8bb7eb6152f56 Mon Sep 17 00:00:00 2001
From: Dan Rosenberg <drosenberg@vsecurity.com>
Date: Mon, 25 Jul 2011 17:11:53 -0700
Subject: xtensa: prevent arbitrary read in ptrace

From: Dan Rosenberg <drosenberg@vsecurity.com>

commit 0d0138ebe24b94065580bd2601f8bb7eb6152f56 upstream.

Prevent an arbitrary kernel read.  Check the user pointer with access_ok()
before copying data in.

[akpm@linux-foundation.org: s/EIO/EFAULT/]
Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
Cc: Christian Zankel <chris@zankel.net>
Cc: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

---
 arch/xtensa/kernel/ptrace.c |    3 +++
 1 file changed, 3 insertions(+)

--- a/arch/xtensa/kernel/ptrace.c
+++ b/arch/xtensa/kernel/ptrace.c
@@ -147,6 +147,9 @@ int ptrace_setxregs(struct task_struct *
 	elf_xtregs_t *xtregs = uregs;
 	int ret = 0;
 
+	if (!access_ok(VERIFY_READ, uregs, sizeof(elf_xtregs_t)))
+		return -EFAULT;
+
 #if XTENSA_HAVE_COPROCESSORS
 	/* Flush all coprocessors before we overwrite them. */
 	coprocessor_flush_all(ti);
Commit	Line	Data
74d95923 GKH	1	From 0d0138ebe24b94065580bd2601f8bb7eb6152f56 Mon Sep 17 00:00:00 2001
	2	From: Dan Rosenberg <drosenberg@vsecurity.com>
	3	Date: Mon, 25 Jul 2011 17:11:53 -0700
	4	Subject: xtensa: prevent arbitrary read in ptrace
	5
	6	From: Dan Rosenberg <drosenberg@vsecurity.com>
	7
	8	commit 0d0138ebe24b94065580bd2601f8bb7eb6152f56 upstream.
	9
	10	Prevent an arbitrary kernel read. Check the user pointer with access_ok()
	11	before copying data in.
	12
	13	[akpm@linux-foundation.org: s/EIO/EFAULT/]
	14	Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
	15	Cc: Christian Zankel <chris@zankel.net>
	16	Cc: Oleg Nesterov <oleg@redhat.com>
	17	Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
	18	Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
	19	Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
	20
	21	---
	22	arch/xtensa/kernel/ptrace.c \| 3 +++
	23	1 file changed, 3 insertions(+)
	24
	25	--- a/arch/xtensa/kernel/ptrace.c
	26	+++ b/arch/xtensa/kernel/ptrace.c
	27	@@ -147,6 +147,9 @@ int ptrace_setxregs(struct task_struct *
	28	elf_xtregs_t *xtregs = uregs;
	29	int ret = 0;
	30
	31	+ if (!access_ok(VERIFY_READ, uregs, sizeof(elf_xtregs_t)))
	32	+ return -EFAULT;
	33	+
	34	#if XTENSA_HAVE_COPROCESSORS
	35	/* Flush all coprocessors before we overwrite them. */
	36	coprocessor_flush_all(ti);