From: Greg KH <gregkh@suse.de>
To: linux-kernel@vger.kernel.org, stable@kernel.org
Cc: Justin Forbes <jmforbes@linuxtx.org>,
Zwane Mwaikambo <zwane@arm.linux.org.uk>,
"Theodore Ts'o" <tytso@mit.edu>,
Randy Dunlap <rdunlap@xenotime.net>,
Dave Jones <davej@redhat.com>,
Chuck Wolber <chuckw@quantumlinux.com>,
Chris Wedgwood <reviews@ml.cw.f00f.org>,
Michael Krufky <mkrufky@linuxtv.org>,
Chuck Ebbert <cebbert@redhat.com>,
Domenico Andreoli <cavokz@gmail.com>, Willy Tarreau <w@1wt.eu>,
Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
torvalds@linux-foundation.org, akpm@linux-foundation.org,
alan@lxorguk.ukuu.org.uk, Pekka Enberg <penberg@cs.helsinki.fi>,
Jeff Dike <jdike@addtoit.com>,
Joris van Rantwijk <jorispubl@xs4all.nl>,
Thorsten Knabe <linux@thorsten-knabe.de>,
Roland McGrath <roland@redhat.com>, Ingo Molnar <mingo@elte.hu>
Subject: [patch 5/9] x86_64 ptrace: fix sys32_ptrace task_struct leak
Date: Tue, 1 Jul 2008 08:19:10 -0700 [thread overview]
Message-ID: <20080701151910.GF3536@suse.de> (raw)
In-Reply-To: <20080701151835.GA3536@suse.de>
[-- Attachment #1: x86_64-ptrace-fix-sys32_ptrace-task_struct-leak.patch --]
[-- Type: text/plain, Size: 2869 bytes --]
2.6.25-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Roland McGrath <roland@redhat.com>
Commit 5a4646a4efed8c835f76c3b88f3155f6ab5b8d9b introduced a leak of
task_struct refs into sys32_ptrace. This bug has already gone away in
for 2.6.26 in commit 562b80bafffaf42a6d916b0a2ee3d684220a1c10.
Signed-off-by: Roland McGrath <roland@redhat.com>
Acked-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
arch/x86/kernel/ptrace.c | 45 ++++++++++++++++++++++++++-------------------
1 file changed, 26 insertions(+), 19 deletions(-)
--- a/arch/x86/kernel/ptrace.c
+++ b/arch/x86/kernel/ptrace.c
@@ -1309,42 +1309,49 @@ asmlinkage long sys32_ptrace(long reques
break;
case PTRACE_GETREGS: /* Get all gp regs from the child. */
- return copy_regset_to_user(child, &user_x86_32_view,
- REGSET_GENERAL,
- 0, sizeof(struct user_regs_struct32),
- datap);
+ ret = copy_regset_to_user(child, &user_x86_32_view,
+ REGSET_GENERAL,
+ 0, sizeof(struct user_regs_struct32),
+ datap);
+ break;
case PTRACE_SETREGS: /* Set all gp regs in the child. */
- return copy_regset_from_user(child, &user_x86_32_view,
- REGSET_GENERAL, 0,
- sizeof(struct user_regs_struct32),
- datap);
+ ret = copy_regset_from_user(child, &user_x86_32_view,
+ REGSET_GENERAL, 0,
+ sizeof(struct user_regs_struct32),
+ datap);
+ break;
case PTRACE_GETFPREGS: /* Get the child FPU state. */
- return copy_regset_to_user(child, &user_x86_32_view,
- REGSET_FP, 0,
- sizeof(struct user_i387_ia32_struct),
- datap);
+ ret = copy_regset_to_user(child, &user_x86_32_view,
+ REGSET_FP, 0,
+ sizeof(struct user_i387_ia32_struct),
+ datap);
+ break;
case PTRACE_SETFPREGS: /* Set the child FPU state. */
- return copy_regset_from_user(
+ ret = copy_regset_from_user(
child, &user_x86_32_view, REGSET_FP,
0, sizeof(struct user_i387_ia32_struct), datap);
+ break;
case PTRACE_GETFPXREGS: /* Get the child extended FPU state. */
- return copy_regset_to_user(child, &user_x86_32_view,
- REGSET_XFP, 0,
- sizeof(struct user32_fxsr_struct),
- datap);
+ ret = copy_regset_to_user(child, &user_x86_32_view,
+ REGSET_XFP, 0,
+ sizeof(struct user32_fxsr_struct),
+ datap);
+ break;
case PTRACE_SETFPXREGS: /* Set the child extended FPU state. */
- return copy_regset_from_user(child, &user_x86_32_view,
+ ret = copy_regset_from_user(child, &user_x86_32_view,
REGSET_XFP, 0,
sizeof(struct user32_fxsr_struct),
datap);
+ break;
default:
- return compat_ptrace_request(child, request, addr, data);
+ ret = compat_ptrace_request(child, request, addr, data);
+ break;
}
out:
--
next prev parent reply other threads:[~2008-07-01 15:23 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20080701151057.930340322@mini.kroah.org>
2008-07-01 15:18 ` [patch 0/9] 2.6.25.10 -stable review Greg KH
2008-07-01 15:18 ` [patch 1/9] TTY: fix for tty operations bugs Greg KH
2008-07-01 16:01 ` Greg KH
2008-07-02 9:57 ` S.Çağlar Onur
2008-07-02 9:44 ` Alan Cox
2008-07-02 14:41 ` Greg KH
2008-07-02 15:09 ` S.Çağlar Onur
2008-07-16 4:01 ` [stable] Linux 2.6.25.10 (resume) Rodrigo Rubira Branco
2008-07-16 4:49 ` Greg KH
2008-07-18 14:07 ` Rodrigo Rubira Branco (BSDaemon)
2008-07-18 15:20 ` Willy Tarreau
2008-07-18 15:29 ` Rodrigo Rubira Branco (BSDaemon)
2008-07-19 4:45 ` david
2008-07-19 10:11 ` Alan Cox
2008-07-22 0:48 ` Rodrigo Rubira Branco (BSDaemon)
2008-07-23 4:27 ` Greg KH
2008-07-23 11:54 ` pageexec
2008-07-23 14:31 ` Henrique de Moraes Holschuh
2008-07-23 14:53 ` pageexec
2008-07-19 22:13 ` Greg KH
2008-07-20 17:28 ` Al Viro
2008-07-22 1:07 ` Rodrigo Rubira Branco (BSDaemon)
2008-07-22 0:52 ` Rodrigo Rubira Branco (BSDaemon)
2008-07-01 15:19 ` [patch 2/9] futexes: fix fault handling in futex_lock_pi Greg KH
2008-07-01 15:19 ` [patch 3/9] IB/mthca: Clear ICM pages before handing to FW Greg KH
2008-07-01 15:19 ` [patch 4/9] DRM: enable bus mastering on i915 at resume time Greg KH
2008-07-01 15:19 ` Greg KH [this message]
2008-07-01 15:19 ` [patch 6/9] sched: fix cpu hotplug Greg KH
2008-07-01 15:19 ` [patch 7/9] ptrace GET/SET FPXREGS broken Greg KH
2008-07-01 15:19 ` [patch 8/9] x86: fix cpu hotplug crash Greg KH
2008-07-01 15:19 ` [patch 9/9] x86: shift bits the right way in native_read_tscp Greg KH
2008-07-01 16:43 ` [patch 0/9] 2.6.25.10 -stable review Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080701151910.GF3536@suse.de \
--to=gregkh@suse.de \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=cavokz@gmail.com \
--cc=cebbert@redhat.com \
--cc=chuckw@quantumlinux.com \
--cc=davej@redhat.com \
--cc=jdike@addtoit.com \
--cc=jmforbes@linuxtx.org \
--cc=jorispubl@xs4all.nl \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@thorsten-knabe.de \
--cc=mingo@elte.hu \
--cc=mkrufky@linuxtv.org \
--cc=penberg@cs.helsinki.fi \
--cc=rbranco@la.checkpoint.com \
--cc=rdunlap@xenotime.net \
--cc=reviews@ml.cw.f00f.org \
--cc=roland@redhat.com \
--cc=stable@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=tytso@mit.edu \
--cc=w@1wt.eu \
--cc=zwane@arm.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox