Hi -
I encountered a situation where the regset->get function was called
with a size that didn't match the native register size. This crashed
the kernel.
Details: 2.6.30-rc1, x86-64, NT_PRSTATUS regset, pos=80, count=4
(instead of 8).
I wonder if the problem was in this bit of code in arch/x86/ptrace.c:
411 static int genregs_get(struct task_struct *target,
412 const struct user_regset *regset,
413 unsigned int pos, unsigned int count,
414 void *kbuf, void __user *ubuf)
415 {
416 if (kbuf) {
417 unsigned long *k = kbuf;
418 while (count > 0) {
419 *k++ = getreg(target, pos);
420 count -= sizeof(*k);
421 pos += sizeof(*k);
422 }
where the initial count was < sizeof(unsigned long), so count wrapped
around to something very large and the loop kept going.
To what extent is the regset stuff supposed to tolerate such
mismatched data?
- FChE
