diff options
author | Al Viro <viro@zeniv.linux.org.uk> | 2020-05-17 15:37:50 -0400 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2020-05-17 16:39:18 -0400 |
commit | 142cd25293f6a7ecbdff4fb0af17de6438d46433 (patch) | |
tree | a5abaabc14741dd43fee27548a65a84c015fbeca /arch/sparc/kernel/ptrace_64.c | |
parent | 8f3d9f354286745c751374f5f1fcafee6b3f3136 (diff) | |
download | linux-142cd25293f6a7ecbdff4fb0af17de6438d46433.tar.gz linux-142cd25293f6a7ecbdff4fb0af17de6438d46433.tar.bz2 linux-142cd25293f6a7ecbdff4fb0af17de6438d46433.zip |
sparc64: fix misuses of access_process_vm() in genregs32_[sg]et()
We do need access_process_vm() to access the target's reg_window.
However, access to caller's memory (storing the result in
genregs32_get(), fetching the new values in case of genregs32_set())
should be done by normal uaccess primitives.
Fixes: ad4f95764040 ([SPARC64]: Fix user accesses in regset code.)
Cc: stable@kernel.org
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'arch/sparc/kernel/ptrace_64.c')
-rw-r--r-- | arch/sparc/kernel/ptrace_64.c | 17 |
1 files changed, 3 insertions, 14 deletions
diff --git a/arch/sparc/kernel/ptrace_64.c b/arch/sparc/kernel/ptrace_64.c index c9d41a96468f..3f5930bfab06 100644 --- a/arch/sparc/kernel/ptrace_64.c +++ b/arch/sparc/kernel/ptrace_64.c @@ -572,19 +572,13 @@ static int genregs32_get(struct task_struct *target, for (; count > 0 && pos < 32; count--) { if (access_process_vm(target, (unsigned long) - ®_window[pos], + ®_window[pos++], ®, sizeof(reg), FOLL_FORCE) != sizeof(reg)) return -EFAULT; - if (access_process_vm(target, - (unsigned long) u, - ®, sizeof(reg), - FOLL_FORCE | FOLL_WRITE) - != sizeof(reg)) + if (put_user(reg, u++)) return -EFAULT; - pos++; - u++; } } } @@ -684,12 +678,7 @@ static int genregs32_set(struct task_struct *target, } } else { for (; count > 0 && pos < 32; count--) { - if (access_process_vm(target, - (unsigned long) - u, - ®, sizeof(reg), - FOLL_FORCE) - != sizeof(reg)) + if (get_user(reg, u++)) return -EFAULT; if (access_process_vm(target, (unsigned long) |