[ 10/12] regset: Prevent null pointer reference on readonly regsets

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Willy Tarreau <w@1wt.eu>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: "H. Peter Anvin" <hpa@zytor.com>,
	Roland McGrath <roland@hack.frob.com>,
	Linus Torvalds <torvalds@linux-foundation.org>
Subject: [ 10/12] regset: Prevent null pointer reference on readonly regsets
Date: Mon, 12 Mar 2012 01:20:55 +0100	[thread overview]
Message-ID: <20120312002046.363122022@1wt.eu> (raw)
In-Reply-To: <feb44625a10a45049eddf27890e95d54@local>

2.6.32-longterm review patch.  If anyone has any objections, please let me know.

------------------

From: H. Peter Anvin <hpa@zytor.com>

commit c8e252586f8d5de906385d8cf6385fee289a825e upstream.

The regset common infrastructure assumed that regsets would always
have .get and .set methods, but not necessarily .active methods.
Unfortunately people have since written regsets without .set methods.

Rather than putting in stub functions everywhere, handle regsets with
null .get or .set methods explicitly.

Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Acked-by: Roland McGrath <roland@hack.frob.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
index bcb884e..07d096c 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -1421,7 +1421,7 @@ static int fill_thread_core_info(struct elf_thread_core_info *t,
 	for (i = 1; i < view->n; ++i) {
 		const struct user_regset *regset = &view->regsets[i];
 		do_thread_regset_writeback(t->task, regset);
-		if (regset->core_note_type &&
+		if (regset->core_note_type && regset->get &&
 		    (!regset->active || regset->active(t->task, regset))) {
 			int ret;
 			size_t size = regset->n * regset->size;
diff --git a/include/linux/regset.h b/include/linux/regset.h
index 8abee65..5150fd1 100644
--- a/include/linux/regset.h
+++ b/include/linux/regset.h
@@ -335,6 +335,9 @@ static inline int copy_regset_to_user(struct task_struct *target,
 {
 	const struct user_regset *regset = &view->regsets[setno];
 
+	if (!regset->get)
+		return -EOPNOTSUPP;
+
 	if (!access_ok(VERIFY_WRITE, data, size))
 		return -EIO;
 
@@ -358,6 +361,9 @@ static inline int copy_regset_from_user(struct task_struct *target,
 {
 	const struct user_regset *regset = &view->regsets[setno];
 
+	if (!regset->set)
+		return -EOPNOTSUPP;
+
 	if (!access_ok(VERIFY_READ, data, size))
 		return -EIO;

next prev parent reply	other threads:[~2012-03-12  0:49 UTC|newest]

Thread overview: 61+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <feb44625a10a45049eddf27890e95d54@local>
2012-03-12  0:20 ` [ 00/12] 2.6.32.59-longterm review Willy Tarreau
2012-03-12  0:20 ` [ 01/12] compat: Re-add missing asm/compat.h include to fix compile breakage on s390 Willy Tarreau
2012-03-12  0:20 ` [ 02/12] Remove COMPAT_IA32 support Willy Tarreau
2012-03-12  1:07   ` Ben Hutchings
2012-03-12  2:49     ` Greg KH
2012-03-12  6:30       ` Willy Tarreau
2012-03-12  6:48         ` stripping [PATCH] without losing later tags from mailed patches (Re: [ 02/12] Remove COMPAT_IA32 support) Jonathan Nieder
2012-03-12  8:58           ` Willy Tarreau
2012-03-12 15:20             ` Greg KH
2012-03-12 15:24               ` Willy Tarreau
2012-03-12 16:41                 ` Thomas Rast
2012-03-12 16:53                   ` Willy Tarreau
2012-03-12 16:57                   ` Jonathan Nieder
2012-03-12 18:04                     ` Junio C Hamano
2012-03-12 18:50                       ` Willy Tarreau
2012-03-12 18:54                         ` Jonathan Nieder
2012-03-12 19:17                           ` Willy Tarreau
2012-03-12 21:47                       ` Thomas Rast
2012-03-12 21:56                         ` [PATCH] git-am: error out when seeing -b/--binary Jonathan Nieder
2012-03-12 22:03                           ` Thomas Rast
2012-03-12 22:22                             ` Jonathan Nieder
2012-03-13 15:31                               ` Thomas Rast
2012-03-13 17:31                                 ` Junio C Hamano
2012-03-13 17:51                                   ` Jonathan Nieder
2012-03-13 18:22                                     ` Junio C Hamano
2012-03-13 18:38                                       ` [PATCH] git-am: officially deprecate -b/--binary Junio C Hamano
2012-03-12 22:12                           ` [PATCH] git-am: error out when seeing -b/--binary Junio C Hamano
2012-03-12 21:57                         ` stripping [PATCH] without losing later tags from mailed patches (Re: [ 02/12] Remove COMPAT_IA32 support) Junio C Hamano
2012-03-12 16:40               ` Junio C Hamano
2012-03-12 16:48                 ` Willy Tarreau
2012-03-12 17:57                   ` Junio C Hamano
2012-03-12 18:45                     ` Willy Tarreau
2012-03-12 19:29                       ` Junio C Hamano
2012-03-12 17:12                 ` Greg KH
2012-03-12 18:01                   ` Junio C Hamano
2012-03-12 19:26                     ` Greg KH
2012-03-12 19:51                       ` Junio C Hamano
2012-03-12 20:19                       ` Willy Tarreau
2012-03-12 15:25         ` [ 02/12] Remove COMPAT_IA32 support Ben Hutchings
2012-03-12 17:02   ` Arnd Bergmann
2012-03-12 17:14     ` Willy Tarreau
2012-03-12 19:34     ` Ben Hutchings
2012-03-12 19:45       ` Willy Tarreau
2012-03-12  0:20 ` [ 03/12] writeback: fixups for !dirty_writeback_centisecs Willy Tarreau
2012-03-12  0:20 ` [ 04/12] bsg: fix sysfs link remove warning Willy Tarreau
2012-03-12  0:20 ` [ 05/12] eCryptfs: Handle failed metadata read in lookup Willy Tarreau
2012-03-12  0:20 ` [ 06/12] [S390] KEYS: Enable the compat keyctl wrapper on s390x Willy Tarreau
2012-03-12  0:20 ` [ 07/12] cifs: fix dentry refcount leak when opening a FIFO on lookup Willy Tarreau
2012-03-12  0:20 ` [ 08/12] mac80211: zero initialize count field in ieee80211_tx_rate Willy Tarreau
2012-03-12  1:57   ` Ben Hutchings
2012-03-12  4:36     ` Mohammed Shafi Shajakhan
2012-03-12  6:34       ` Willy Tarreau
2012-03-12  6:52         ` Mohammed Shafi Shajakhan
2012-03-12 15:23           ` Ben Hutchings
2012-03-12 15:55             ` Mohammed Shafi Shajakhan
2012-03-12 16:10               ` Mohammed Shafi Shajakhan
2012-03-12  6:31     ` Willy Tarreau
2012-03-12  0:20 ` [ 09/12] net/usbnet: avoid recursive locking in usbnet_stop() Willy Tarreau
2012-03-12  0:20 ` Willy Tarreau [this message]
2012-03-12  0:20 ` [ 11/12] regset: Return -EFAULT, not -EIO, on host-side memory fault Willy Tarreau
2012-03-12  0:20 ` [ 12/12] watchdog: hpwdt: clean up set_memory_x call for 32 bit Willy Tarreau

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:bcb884e dfblob:07d096c dfblob:8abee65 dfblob:5150fd1 )
 OR (
bs:"[ 10/12] regset: Prevent null pointer reference on readonly regsets" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20120312002046.363122022@1wt.eu \
    --to=w@1wt.eu \
    --cc=hpa@zytor.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=roland@hack.frob.com \
    --cc=stable@vger.kernel.org \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox