From: Greg KH <gregkh@suse.de>
To: linux-kernel@vger.kernel.org, stable@kernel.org
Cc: Justin Forbes <jmforbes@linuxtx.org>,
Zwane Mwaikambo <zwane@arm.linux.org.uk>,
"Theodore Ts'o" <tytso@mit.edu>,
Randy Dunlap <rdunlap@xenotime.net>,
Dave Jones <davej@redhat.com>,
Chuck Wolber <chuckw@quantumlinux.com>,
Chris Wedgwood <reviews@ml.cw.f00f.org>,
Michael Krufky <mkrufky@linuxtv.org>,
Chuck Ebbert <cebbert@redhat.com>,
Domenico Andreoli <cavokz@gmail.com>, Willy Tarreau <w@1wt.eu>,
Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
torvalds@linux-foundation.org, akpm@linux-foundation.org,
alan@lxorguk.ukuu.org.uk, Pekka Enberg <penberg@cs.helsinki.fi>,
Jeff Dike <jdike@addtoit.com>,
Joris van Rantwijk <jorispubl@xs4all.nl>,
Thorsten Knabe <linux@thorsten-knabe.de>,
Roland McGrath <roland@redhat.com>, Ingo Molnar <mingo@elte.hu>
Subject: [patch 5/9] x86_64 ptrace: fix sys32_ptrace task_struct leak
Date: Tue, 1 Jul 2008 08:19:10 -0700 [thread overview]
Message-ID: <20080701151910.GF3536@suse.de> (raw)
In-Reply-To: <20080701151835.GA3536@suse.de>
[-- Attachment #1: x86_64-ptrace-fix-sys32_ptrace-task_struct-leak.patch --]
[-- Type: text/plain, Size: 2869 bytes --]
2.6.25-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Roland McGrath <roland@redhat.com>
Commit 5a4646a4efed8c835f76c3b88f3155f6ab5b8d9b introduced a leak of
task_struct refs into sys32_ptrace. This bug has already gone away in
for 2.6.26 in commit 562b80bafffaf42a6d916b0a2ee3d684220a1c10.
Signed-off-by: Roland McGrath <roland@redhat.com>
Acked-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
arch/x86/kernel/ptrace.c | 45 ++++++++++++++++++++++++++-------------------
1 file changed, 26 insertions(+), 19 deletions(-)
--- a/arch/x86/kernel/ptrace.c
+++ b/arch/x86/kernel/ptrace.c
@@ -1309,42 +1309,49 @@ asmlinkage long sys32_ptrace(long reques
break;
case PTRACE_GETREGS: /* Get all gp regs from the child. */
- return copy_regset_to_user(child, &user_x86_32_view,
- REGSET_GENERAL,
- 0, sizeof(struct user_regs_struct32),
- datap);
+ ret = copy_regset_to_user(child, &user_x86_32_view,
+ REGSET_GENERAL,
+ 0, sizeof(struct user_regs_struct32),
+ datap);
+ break;
case PTRACE_SETREGS: /* Set all gp regs in the child. */
- return copy_regset_from_user(child, &user_x86_32_view,
- REGSET_GENERAL, 0,
- sizeof(struct user_regs_struct32),
- datap);
+ ret = copy_regset_from_user(child, &user_x86_32_view,
+ REGSET_GENERAL, 0,
+ sizeof(struct user_regs_struct32),
+ datap);
+ break;
case PTRACE_GETFPREGS: /* Get the child FPU state. */
- return copy_regset_to_user(child, &user_x86_32_view,
- REGSET_FP, 0,
- sizeof(struct user_i387_ia32_struct),
- datap);
+ ret = copy_regset_to_user(child, &user_x86_32_view,
+ REGSET_FP, 0,
+ sizeof(struct user_i387_ia32_struct),
+ datap);
+ break;
case PTRACE_SETFPREGS: /* Set the child FPU state. */
- return copy_regset_from_user(
+ ret = copy_regset_from_user(
child, &user_x86_32_view, REGSET_FP,
0, sizeof(struct user_i387_ia32_struct), datap);
+ break;
case PTRACE_GETFPXREGS: /* Get the child extended FPU state. */
- return copy_regset_to_user(child, &user_x86_32_view,
- REGSET_XFP, 0,
- sizeof(struct user32_fxsr_struct),
- datap);
+ ret = copy_regset_to_user(child, &user_x86_32_view,
+ REGSET_XFP, 0,
+ sizeof(struct user32_fxsr_struct),
+ datap);
+ break;
case PTRACE_SETFPXREGS: /* Set the child extended FPU state. */
- return copy_regset_from_user(child, &user_x86_32_view,
+ ret = copy_regset_from_user(child, &user_x86_32_view,
REGSET_XFP, 0,
sizeof(struct user32_fxsr_struct),
datap);
+ break;
default:
- return compat_ptrace_request(child, request, addr, data);
+ ret = compat_ptrace_request(child, request, addr, data);
+ break;
}
out:
--
next prev parent reply other threads:[~2008-07-01 15:23 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20080701151057.930340322@mini.kroah.org>
2008-07-01 15:18 ` [patch 0/9] 2.6.25.10 -stable review Greg KH
2008-07-01 15:18 ` [patch 1/9] TTY: fix for tty operations bugs Greg KH
2008-07-01 16:01 ` Greg KH
2008-07-02 9:57 ` S.Çağlar Onur
2008-07-02 9:44 ` Alan Cox
2008-07-02 14:41 ` Greg KH
2008-07-02 15:09 ` S.Çağlar Onur
2008-07-16 4:01 ` [stable] Linux 2.6.25.10 (resume) Rodrigo Rubira Branco
2008-07-16 4:49 ` Greg KH
2008-07-18 14:07 ` Rodrigo Rubira Branco (BSDaemon)
2008-07-18 15:20 ` Willy Tarreau
2008-07-18 15:29 ` Rodrigo Rubira Branco (BSDaemon)
2008-07-19 4:45 ` david
2008-07-19 10:11 ` Alan Cox
2008-07-22 0:48 ` Rodrigo Rubira Branco (BSDaemon)
2008-07-23 4:27 ` Greg KH
2008-07-23 11:54 ` pageexec
2008-07-23 14:31 ` Henrique de Moraes Holschuh
2008-07-23 14:53 ` pageexec
2008-07-19 22:13 ` Greg KH
2008-07-20 17:28 ` Al Viro
2008-07-22 1:07 ` Rodrigo Rubira Branco (BSDaemon)
2008-07-22 0:52 ` Rodrigo Rubira Branco (BSDaemon)
2008-07-01 15:19 ` [patch 2/9] futexes: fix fault handling in futex_lock_pi Greg KH
2008-07-01 15:19 ` [patch 3/9] IB/mthca: Clear ICM pages before handing to FW Greg KH
2008-07-01 15:19 ` [patch 4/9] DRM: enable bus mastering on i915 at resume time Greg KH
2008-07-01 15:19 ` Greg KH [this message]
2008-07-01 15:19 ` [patch 6/9] sched: fix cpu hotplug Greg KH
2008-07-01 15:19 ` [patch 7/9] ptrace GET/SET FPXREGS broken Greg KH
2008-07-01 15:19 ` [patch 8/9] x86: fix cpu hotplug crash Greg KH
2008-07-01 15:19 ` [patch 9/9] x86: shift bits the right way in native_read_tscp Greg KH
2008-07-01 16:43 ` [patch 0/9] 2.6.25.10 -stable review Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080701151910.GF3536@suse.de \
--to=gregkh@suse.de \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=cavokz@gmail.com \
--cc=cebbert@redhat.com \
--cc=chuckw@quantumlinux.com \
--cc=davej@redhat.com \
--cc=jdike@addtoit.com \
--cc=jmforbes@linuxtx.org \
--cc=jorispubl@xs4all.nl \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@thorsten-knabe.de \
--cc=mingo@elte.hu \
--cc=mkrufky@linuxtv.org \
--cc=penberg@cs.helsinki.fi \
--cc=rbranco@la.checkpoint.com \
--cc=rdunlap@xenotime.net \
--cc=reviews@ml.cw.f00f.org \
--cc=roland@redhat.com \
--cc=stable@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=tytso@mit.edu \
--cc=w@1wt.eu \
--cc=zwane@arm.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.