From: will.deacon@arm.com (Will Deacon)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH 1/3] arm64: ptrace: Avoid setting compat FP[SC]R to garbage if get_user fails
Date: Thu, 29 Jun 2017 16:37:09 +0100 [thread overview]
Message-ID: <20170629153709.GC21883@arm.com> (raw)
In-Reply-To: <1498746379-27340-2-git-send-email-Dave.Martin@arm.com>
On Thu, Jun 29, 2017 at 03:25:47PM +0100, Dave Martin wrote:
> If get_user() fails when reading the new FPSCR value from userspace
> in compat_vfp_get(), then garbage* will be written to the task's
> FPSR and FPCR registers.
>
> This patch prevents this by checking the return from get_user()
> first.
>
> [*] Actually, zero, due to the behaviour of get_user() on error, but
> that's still not what userspace expects.
On the other hand, I don't think userspace can expect that if ptrace returns
an error then none of the state has been updated, can it?
Given that we don't propagate the return value from __copy_from_user,
I don't see what we're really fixing here and what userspace can now rely
on that it couldn't rely on before.
Will
>
> Fixes: 478fcb2cdb23 ("arm64: Debugging support")
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
> ---
> arch/arm64/kernel/ptrace.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c
> index 35846f1..4c068dc 100644
> --- a/arch/arm64/kernel/ptrace.c
> +++ b/arch/arm64/kernel/ptrace.c
> @@ -947,8 +947,10 @@ static int compat_vfp_set(struct task_struct *target,
>
> if (count && !ret) {
> ret = get_user(fpscr, (compat_ulong_t *)ubuf);
> - uregs->fpsr = fpscr & VFP_FPSCR_STAT_MASK;
> - uregs->fpcr = fpscr & VFP_FPSCR_CTRL_MASK;
> + if (!ret) {
> + uregs->fpsr = fpscr & VFP_FPSCR_STAT_MASK;
> + uregs->fpcr = fpscr & VFP_FPSCR_CTRL_MASK;
> + }
> }
>
> fpsimd_flush_task_state(target);
> --
> 2.1.4
>
next prev parent reply other threads:[~2017-06-29 15:37 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-29 14:25 [PATCH 0/3] Miscellaneous minor compat ptrace fixes Dave Martin
2017-06-29 14:25 ` [PATCH 1/3] arm64: ptrace: Avoid setting compat FP[SC]R to garbage if get_user fails Dave Martin
2017-06-29 15:37 ` Will Deacon [this message]
2017-06-29 16:39 ` Dave Martin
2017-06-29 14:25 ` [PATCH 2/3] arm64: ptrace: Remove redundant overrun check from compat_vfp_set() Dave Martin
2017-06-29 14:25 ` [PATCH 3/3] arm64: ptrace: Fix incorrect get_user() use in compat_vfp_set() Dave Martin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170629153709.GC21883@arm.com \
--to=will.deacon@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.