This is a note to let you know that I've just added the patch titled
regset: Prevent null pointer reference on readonly regsets
to the 3.0-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
regset-prevent-null-pointer-reference-on-readonly-regsets.patch
and it can be found in the queue-3.0 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <[email protected]> know about it.
>From c8e252586f8d5de906385d8cf6385fee289a825e Mon Sep 17 00:00:00 2001
From: "H. Peter Anvin" <[email protected]>
Date: Fri, 2 Mar 2012 10:43:48 -0800
Subject: regset: Prevent null pointer reference on readonly regsets
From: "H. Peter Anvin" <[email protected]>
commit c8e252586f8d5de906385d8cf6385fee289a825e upstream.
The regset common infrastructure assumed that regsets would always
have .get and .set methods, but not necessarily .active methods.
Unfortunately people have since written regsets without .set methods.
Rather than putting in stub functions everywhere, handle regsets with
null .get or .set methods explicitly.
Signed-off-by: H. Peter Anvin <[email protected]>
Reviewed-by: Oleg Nesterov <[email protected]>
Acked-by: Roland McGrath <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
fs/binfmt_elf.c | 2 +-
include/linux/regset.h | 6 ++++++
2 files changed, 7 insertions(+), 1 deletion(-)
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -1422,7 +1422,7 @@ static int fill_thread_core_info(struct
for (i = 1; i < view->n; ++i) {
const struct user_regset *regset = &view->regsets[i];
do_thread_regset_writeback(t->task, regset);
- if (regset->core_note_type &&
+ if (regset->core_note_type && regset->get &&
(!regset->active || regset->active(t->task, regset))) {
int ret;
size_t size = regset->n * regset->size;
--- a/include/linux/regset.h
+++ b/include/linux/regset.h
@@ -335,6 +335,9 @@ static inline int copy_regset_to_user(st
{
const struct user_regset *regset = &view->regsets[setno];
+ if (!regset->get)
+ return -EOPNOTSUPP;
+
if (!access_ok(VERIFY_WRITE, data, size))
return -EIO;
@@ -358,6 +361,9 @@ static inline int copy_regset_from_user(
{
const struct user_regset *regset = &view->regsets[setno];
+ if (!regset->set)
+ return -EOPNOTSUPP;
+
if (!access_ok(VERIFY_READ, data, size))
return -EIO;
Patches currently in stable-queue which might be from [email protected] are
queue-3.0/regset-prevent-null-pointer-reference-on-readonly-regsets.patch
queue-3.0/regset-return-efault-not-eio-on-host-side-memory-fault.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
