projects / wrapfs-5.10.y.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3721d5d)
sparc64: fix misuses of access_process_vm() in genregs32_[sg]et()
authorAl Viro <viro@zeniv.linux.org.uk>
Sun, 17 May 2020 19:37:50 +0000 (15:37 -0400)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 22 Jun 2020 07:05:28 +0000 (09:05 +0200)
commit 142cd25293f6a7ecbdff4fb0af17de6438d46433 upstream.

We do need access_process_vm() to access the target's reg_window.
However, access to caller's memory (storing the result in
genregs32_get(), fetching the new values in case of genregs32_set())
should be done by normal uaccess primitives.

Fixes: ad4f95764040 ([SPARC64]: Fix user accesses in regset code.)
Cc: stable@kernel.org
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
arch/sparc/kernel/ptrace_64.c patch | blob | history

diff --git a/arch/sparc/kernel/ptrace_64.c b/arch/sparc/kernel/ptrace_64.c
index e1d965e90e1697a8205ca505dbf428cb37b30312..0c478c85e380b2f0babba0ecf02269bd9de242d8 100644 (file)
--- a/arch/sparc/kernel/ptrace_64.c
+++ b/arch/sparc/kernel/ptrace_64.c
@@ -571,19 +571,13 @@ static int genregs32_get(struct task_struct *target,
                        for (; count > 0 && pos < 32; count--) {
                                if (access_process_vm(target,
                                                      (unsigned long)
-                                                     &reg_window[pos],
+                                                     &reg_window[pos++],
                                                      &reg, sizeof(reg),
                                                      FOLL_FORCE)
                                    != sizeof(reg))
                                        return -EFAULT;
-                               if (access_process_vm(target,
-                                                     (unsigned long) u,
-                                                     &reg, sizeof(reg),
-                                                     FOLL_FORCE | FOLL_WRITE)
-                                   != sizeof(reg))
+                               if (put_user(reg, u++))
                                        return -EFAULT;
-                               pos++;
-                               u++;
                        }
                }
        }
@@ -683,12 +677,7 @@ static int genregs32_set(struct task_struct *target,
                        }
                } else {
                        for (; count > 0 && pos < 32; count--) {
-                               if (access_process_vm(target,
-                                                     (unsigned long)
-                                                     u,
-                                                     &reg, sizeof(reg),
-                                                     FOLL_FORCE)
-                                   != sizeof(reg))
+                               if (get_user(reg, u++))
                                        return -EFAULT;
                                if (access_process_vm(target,
                                                      (unsigned long)
wrapfs-5.10.y