xtensa: prevent arbitrary read in ptrace commit 0d0138ebe24b94065580bd2601f8bb7eb6152f56 upstream. Prevent an arbitrary kernel read. Check the user pointer with access_ok() before copying data in. [akpm@linux-foundation.org: s/EIO/EFAULT/] Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com> Cc: Christian Zankel <chris@zankel.net> Cc: Oleg Nesterov <oleg@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

commit: f7ac7c5b73c4f78f83202f8ec54ef1a73b9c5abe [log] [tgz]
author: Dan Rosenberg <drosenberg@vsecurity.com> Mon Jul 25 17:11:53 2011 -0700
committer: Greg Kroah-Hartman <gregkh@suse.de> Thu Aug 04 21:58:39 2011 -0700
tree: 4b346639150d015b87b65447bdaa7f1bfe3d33a9
parent: 650957da7699e730e78e82735b8c2595fcf7794a [diff]
diff --git a/arch/xtensa/kernel/ptrace.c b/arch/xtensa/kernel/ptrace.c
index c72c947..a0d042a 100644
--- a/arch/xtensa/kernel/ptrace.c
+++ b/arch/xtensa/kernel/ptrace.c

@@ -147,6 +147,9 @@
 	elf_xtregs_t *xtregs = uregs;
 	int ret = 0;
 
+	if (!access_ok(VERIFY_READ, uregs, sizeof(elf_xtregs_t)))
+		return -EFAULT;
+
 #if XTENSA_HAVE_COPROCESSORS
 	/* Flush all coprocessors before we overwrite them. */
 	coprocessor_flush_all(ti);
commit	f7ac7c5b73c4f78f83202f8ec54ef1a73b9c5abe	[log] [tgz]
author	Dan Rosenberg <drosenberg@vsecurity.com>	Mon Jul 25 17:11:53 2011 -0700
committer	Greg Kroah-Hartman <gregkh@suse.de>	Thu Aug 04 21:58:39 2011 -0700
tree	4b346639150d015b87b65447bdaa7f1bfe3d33a9
parent	650957da7699e730e78e82735b8c2595fcf7794a [diff]