xtensa: prevent arbitrary read in ptrace

commit 0d0138ebe24b94065580bd2601f8bb7eb6152f56 upstream. Prevent an arbitrary kernel read. Check the user pointer with access_ok() before copying data in. [akpm@linux-foundation.org: s/EIO/EFAULT/] Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com> Cc: Christian Zankel <chris@zankel.net> Cc: Oleg Nesterov <oleg@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> Change-Id: I7da76480f958d90b091aec3ad1f7dff004665620 Reviewed-on: http://gerrit.lud.stericsson.com/gerrit/35647 Tested-by: Per VAHLNE <per.xx.vahlne@stericsson.com> Reviewed-by: Jonas ABERG <jonas.aberg@stericsson.com>
author: Dan Rosenberg <drosenberg@vsecurity.com> 2011-07-25 17:11:53 -0700
committer: Jonas ABERG <jonas.aberg@stericsson.com> 2011-10-28 11:13:13 +0200
commit: b0ba33f3cd4bd7990fe702e239d3f828ad8cc090 (patch)
tree: c5dd29b9418bde9d8b1bd87fb1afe6b5c31db4c7
parent: 0d19bf0cb60fa5b274eb1ab488c4b0c3e02ccb8a (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/arch/xtensa/kernel/ptrace.c b/arch/xtensa/kernel/ptrace.c
index c72c9473ef9..a0d042aa296 100644
--- a/arch/xtensa/kernel/ptrace.c
+++ b/arch/xtensa/kernel/ptrace.c
@@ -147,6 +147,9 @@ int ptrace_setxregs(struct task_struct *child, void __user *uregs)
 	elf_xtregs_t *xtregs = uregs;
 	int ret = 0;
 
+	if (!access_ok(VERIFY_READ, uregs, sizeof(elf_xtregs_t)))
+		return -EFAULT;
+
 #if XTENSA_HAVE_COPROCESSORS
 	/* Flush all coprocessors before we overwrite them. */
 	coprocessor_flush_all(ti);
author	Dan Rosenberg <drosenberg@vsecurity.com>	2011-07-25 17:11:53 -0700
committer	Jonas ABERG <jonas.aberg@stericsson.com>	2011-10-28 11:13:13 +0200
commit	b0ba33f3cd4bd7990fe702e239d3f828ad8cc090 (patch)
tree	c5dd29b9418bde9d8b1bd87fb1afe6b5c31db4c7
parent	0d19bf0cb60fa5b274eb1ab488c4b0c3e02ccb8a (diff)