2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Dan Rosenberg <drosenb...@vsecurity.com>
[ upstream commit 0d0138ebe24b94065580bd2601f8bb7eb6152f56 ]
Prevent an arbitrary kernel read. Check the user pointer with access_ok()
before copying data in.
[a...@linux-foundation.org: s/EIO/EFAULT/]
Signed-off-by: Dan Rosenberg <drosenb...@vsecurity.com>
Cc: Christian Zankel <ch...@zankel.net>
Cc: Oleg Nesterov <o...@redhat.com>
Cc: <sta...@kernel.org>
Signed-off-by: Andrew Morton <a...@linux-foundation.org>
Signed-off-by: Linus Torvalds <torva...@linux-foundation.org>
Signed-off-by: Andi Kleen <a...@linux.intel.com>
Index: linux-2.6.35.y/arch/xtensa/kernel/ptrace.c
===================================================================
--- linux-2.6.35.y.orig/arch/xtensa/kernel/ptrace.c
+++ linux-2.6.35.y/arch/xtensa/kernel/ptrace.c
@@ -147,6 +147,9 @@ int ptrace_setxregs(struct task_struct *
elf_xtregs_t *xtregs = uregs;
int ret = 0;
+ if (!access_ok(VERIFY_READ, uregs, sizeof(elf_xtregs_t)))
+ return -EFAULT;
+
#if XTENSA_HAVE_COPROCESSORS
/* Flush all coprocessors before we overwrite them. */
coprocessor_flush_all(ti);
_______________________________________________
stable mailing list
stable@linux.kernel.org
http://linux.kernel.org/mailman/listinfo/stable
