From: Chris Zankel <qvadiz@gmail.com>
To: Oleg Nesterov <oleg@redhat.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Dan Rosenberg <drosenberg@vsecurity.com>,
security@kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [Security] [PATCH] xtensa: prevent arbitrary read in ptrace
Date: Fri, 08 Jul 2011 12:29:15 -0700 [thread overview]
Message-ID: <4E175A8B.2040007@zankel.net> (raw)
In-Reply-To: <20110708184250.GA31307@redhat.com>
Hi,
I'll try to run a build this weekend and will look if that code builds
at all.
Thanks,
-Chris
On 7/8/11 11:42 AM, Oleg Nesterov wrote:
> On 07/08, Andrew Morton wrote:
>>
>> On Thu, 07 Jul 2011 20:03:54 -0400
>> Dan Rosenberg<drosenberg@vsecurity.com> wrote:
>>
>>> Prevent an arbitrary kernel read. Check the user pointer with
>>> access_ok() before copying data in.
>>>
>>> Signed-off-by: Dan Rosenberg<drosenberg@vsecurity.com>
>>> Cc: stable@kernel.org
>>> ---
>>> arch/xtensa/kernel/ptrace.c | 3 +++
>>> 1 files changed, 3 insertions(+), 0 deletions(-)
>>>
>>> diff --git a/arch/xtensa/kernel/ptrace.c b/arch/xtensa/kernel/ptrace.c
>>> index c72c947..ddce75e 100644
>>> --- a/arch/xtensa/kernel/ptrace.c
>>> +++ b/arch/xtensa/kernel/ptrace.c
>>> @@ -147,6 +147,9 @@ int ptrace_setxregs(struct task_struct *child, void __user *uregs)
>>> elf_xtregs_t *xtregs = uregs;
>>> int ret = 0;
>>>
>>> + if (!access_ok(VERIFY_READ, uregs, sizeof(elf_xtregs_t)))
>>> + return -EIO;
>>
>> This should be -EFAULT, methinks?
>
> Also, it seems that ptrace_setxregs/ptrace_getxregs could be static?
>
> The patch looks "obviously correct" but I don't understand this code.
>
> Hmm. We don't read/write the XTENSA_HAVE_COPROCESSORS data, but use
> sizeof(elf_xtregs_t) anyway. This looks a bit strange but I guess
> this doesn't matter.
>
> Oleg.
>
next prev parent reply other threads:[~2011-07-08 19:29 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-07-08 0:03 [PATCH] xtensa: prevent arbitrary read in ptrace Dan Rosenberg
2011-07-08 18:27 ` [Security] " Andrew Morton
2011-07-08 18:42 ` Oleg Nesterov
2011-07-08 19:29 ` Chris Zankel [this message]
-- strict thread matches above, loose matches on Subject: below --
2011-07-08 18:35 Dan Rosenberg
2011-07-08 18:42 ` Andrew Morton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4E175A8B.2040007@zankel.net \
--to=qvadiz@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=drosenberg@vsecurity.com \
--cc=linux-kernel@vger.kernel.org \
--cc=oleg@redhat.com \
--cc=security@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox