arch/m68k/kernel/ptrace.c:arch_ptrace() has:
| case PTRACE_PEEKUSR:
| ...
| } else if (addr >= 21 && addr < 49) {
| tmp = child->thread.fp[addr - 21];
| ...
| case PTRACE_POKEUSR: /* write the word at location addr
in the USER area */
| ...
| } else if (addr >= 21 && addr < 48) {
| ...
| child->thread.fp[addr - 21] = data;
This allows to access the fp[] (index 21..44) and fpcntl[] (index
45..47) fields in struct thread_struct:
struct thread_struct {
unsigned long ksp; /* kernel stack pointer */
unsigned long usp; /* user stack pointer */
unsigned short sr; /* saved status register */
unsigned short fs; /* saved fs (sfc, dfc) */
unsigned long crp[2]; /* cpu root pointer */
unsigned long esp0; /* points to SR of stack frame */
unsigned long faddr; /* info about last fault */
int signo, code;
unsigned long fp[8*3];
unsigned long fpcntl[3]; /* fp control regs */
unsigned char fpstate[FPSTATESIZE]; /* floating point state */
struct thread_info info;
};
However, in the PTRACE_PEEKUSR case, the limit is 49, not 48, so it
allows to access the
first 4 bytes of fpstate[], too.
Is this intentional (anyone remembers?), or Just A Bug(tm)?
According to full-history-linux, it's been like that since this source
file entered mainline (1.3.94).
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- [email protected]
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
--
To unsubscribe from this list: send the line "unsubscribe linux-m68k" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
