diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2008-04-07 17:36:37 +0200 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-04-07 17:36:37 +0200 |
commit | e1c287b992d30dab86f1b1bfe1780d9d3a652b34 (patch) | |
tree | 747f8c58550b21614a3f67d2e8cbc4ca5a817b66 | |
parent | Merge branch 'pci_id_updates' of git://git.kernel.org/pub/scm/linux/kernel/gi... (diff) | |
parent | [SPARC64]: Fix user accesses in regset code. (diff) | |
download | linux-e1c287b992d30dab86f1b1bfe1780d9d3a652b34.tar.xz linux-e1c287b992d30dab86f1b1bfe1780d9d3a652b34.zip |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6:
[SPARC64]: Fix user accesses in regset code.
[SPARC64]: Fix FPU saving in 64-bit signal handling.
-rw-r--r-- | arch/sparc64/kernel/ptrace.c | 136 | ||||
-rw-r--r-- | arch/sparc64/kernel/signal.c | 2 |
2 files changed, 116 insertions, 22 deletions
diff --git a/arch/sparc64/kernel/ptrace.c b/arch/sparc64/kernel/ptrace.c index aaae865e7932..7963595c77cc 100644 --- a/arch/sparc64/kernel/ptrace.c +++ b/arch/sparc64/kernel/ptrace.c @@ -138,8 +138,17 @@ static int genregs64_get(struct task_struct *target, (regs->u_regs[UREG_I6] + STACK_BIAS); unsigned long window[16]; - if (copy_from_user(window, reg_window, sizeof(window))) - return -EFAULT; + if (target == current) { + if (copy_from_user(window, reg_window, sizeof(window))) + return -EFAULT; + } else { + if (access_process_vm(target, + (unsigned long) reg_window, + window, + sizeof(window), 0) != + sizeof(window)) + return -EFAULT; + } ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf, window, @@ -190,16 +199,37 @@ static int genregs64_set(struct task_struct *target, (regs->u_regs[UREG_I6] + STACK_BIAS); unsigned long window[16]; - if (copy_from_user(window, reg_window, sizeof(window))) - return -EFAULT; + if (target == current) { + if (copy_from_user(window, reg_window, sizeof(window))) + return -EFAULT; + } else { + if (access_process_vm(target, + (unsigned long) reg_window, + window, + sizeof(window), 0) != + sizeof(window)) + return -EFAULT; + } ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, window, 16 * sizeof(u64), 32 * sizeof(u64)); - if (!ret && - copy_to_user(reg_window, window, sizeof(window))) - return -EFAULT; + if (!ret) { + if (target == current) { + if (copy_to_user(reg_window, window, + sizeof(window))) + return -EFAULT; + } else { + if (access_process_vm(target, + (unsigned long) + reg_window, + window, + sizeof(window), 1) != + sizeof(window)) + return -EFAULT; + } + } } if (!ret && count > 0) { @@ -412,9 +442,22 @@ static int genregs32_get(struct task_struct *target, *k++ = regs->u_regs[pos++]; reg_window = (compat_ulong_t __user *) regs->u_regs[UREG_I6]; - for (; count > 0 && pos < 32; count--) { - if (get_user(*k++, ®_window[pos++])) - return -EFAULT; + if (target == current) { + for (; count > 0 && pos < 32; count--) { + if (get_user(*k++, ®_window[pos++])) + return -EFAULT; + } + } else { + for (; count > 0 && pos < 32; count--) { + if (access_process_vm(target, + (unsigned long) + ®_window[pos], + k, sizeof(*k), 0) + != sizeof(*k)) + return -EFAULT; + k++; + pos++; + } } } else { for (; count > 0 && pos < 16; count--) { @@ -423,10 +466,28 @@ static int genregs32_get(struct task_struct *target, } reg_window = (compat_ulong_t __user *) regs->u_regs[UREG_I6]; - for (; count > 0 && pos < 32; count--) { - if (get_user(reg, ®_window[pos++]) || - put_user(reg, u++)) - return -EFAULT; + if (target == current) { + for (; count > 0 && pos < 32; count--) { + if (get_user(reg, ®_window[pos++]) || + put_user(reg, u++)) + return -EFAULT; + } + } else { + for (; count > 0 && pos < 32; count--) { + if (access_process_vm(target, + (unsigned long) + ®_window[pos], + ®, sizeof(reg), 0) + != sizeof(reg)) + return -EFAULT; + if (access_process_vm(target, + (unsigned long) u, + ®, sizeof(reg), 1) + != sizeof(reg)) + return -EFAULT; + pos++; + u++; + } } } while (count > 0) { @@ -488,9 +549,23 @@ static int genregs32_set(struct task_struct *target, regs->u_regs[pos++] = *k++; reg_window = (compat_ulong_t __user *) regs->u_regs[UREG_I6]; - for (; count > 0 && pos < 32; count--) { - if (put_user(*k++, ®_window[pos++])) - return -EFAULT; + if (target == current) { + for (; count > 0 && pos < 32; count--) { + if (put_user(*k++, ®_window[pos++])) + return -EFAULT; + } + } else { + for (; count > 0 && pos < 32; count--) { + if (access_process_vm(target, + (unsigned long) + ®_window[pos], + (void *) k, + sizeof(*k), 1) + != sizeof(*k)) + return -EFAULT; + k++; + pos++; + } } } else { for (; count > 0 && pos < 16; count--) { @@ -500,10 +575,29 @@ static int genregs32_set(struct task_struct *target, } reg_window = (compat_ulong_t __user *) regs->u_regs[UREG_I6]; - for (; count > 0 && pos < 32; count--) { - if (get_user(reg, u++) || - put_user(reg, ®_window[pos++])) - return -EFAULT; + if (target == current) { + for (; count > 0 && pos < 32; count--) { + if (get_user(reg, u++) || + put_user(reg, ®_window[pos++])) + return -EFAULT; + } + } else { + for (; count > 0 && pos < 32; count--) { + if (access_process_vm(target, + (unsigned long) + u, + ®, sizeof(reg), 0) + != sizeof(reg)) + return -EFAULT; + if (access_process_vm(target, + (unsigned long) + ®_window[pos], + ®, sizeof(reg), 1) + != sizeof(reg)) + return -EFAULT; + pos++; + u++; + } } } while (count > 0) { diff --git a/arch/sparc64/kernel/signal.c b/arch/sparc64/kernel/signal.c index 94a9d64208ee..9d51956e8e2f 100644 --- a/arch/sparc64/kernel/signal.c +++ b/arch/sparc64/kernel/signal.c @@ -357,7 +357,7 @@ static int invalid_frame_pointer(void __user *fp, int fplen) static inline int save_fpu_state(struct pt_regs *regs, __siginfo_fpu_t __user *fpu) { - unsigned long *fpregs = (unsigned long *)(regs+1); + unsigned long *fpregs = current_thread_info()->fpregs; unsigned long fprs; int err = 0; |