64 lines
2.1 KiB
Diff
64 lines
2.1 KiB
Diff
From c8e252586f8d5de906385d8cf6385fee289a825e Mon Sep 17 00:00:00 2001
|
|
From: "H. Peter Anvin" <hpa@zytor.com>
|
|
Date: Fri, 2 Mar 2012 10:43:48 -0800
|
|
Subject: [PATCH 1/2] regset: Prevent null pointer reference on readonly
|
|
regsets
|
|
|
|
The regset common infrastructure assumed that regsets would always
|
|
have .get and .set methods, but not necessarily .active methods.
|
|
Unfortunately people have since written regsets without .set methods.
|
|
|
|
Rather than putting in stub functions everywhere, handle regsets with
|
|
null .get or .set methods explicitly.
|
|
|
|
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
|
|
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
|
|
Acked-by: Roland McGrath <roland@hack.frob.com>
|
|
Cc: <stable@vger.kernel.org>
|
|
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
---
|
|
fs/binfmt_elf.c | 2 +-
|
|
include/linux/regset.h | 6 ++++++
|
|
2 files changed, 7 insertions(+), 1 deletions(-)
|
|
|
|
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
|
|
index bcb884e..07d096c 100644
|
|
--- a/fs/binfmt_elf.c
|
|
+++ b/fs/binfmt_elf.c
|
|
@@ -1421,7 +1421,7 @@ static int fill_thread_core_info(struct elf_thread_core_info *t,
|
|
for (i = 1; i < view->n; ++i) {
|
|
const struct user_regset *regset = &view->regsets[i];
|
|
do_thread_regset_writeback(t->task, regset);
|
|
- if (regset->core_note_type &&
|
|
+ if (regset->core_note_type && regset->get &&
|
|
(!regset->active || regset->active(t->task, regset))) {
|
|
int ret;
|
|
size_t size = regset->n * regset->size;
|
|
diff --git a/include/linux/regset.h b/include/linux/regset.h
|
|
index 8abee65..5150fd1 100644
|
|
--- a/include/linux/regset.h
|
|
+++ b/include/linux/regset.h
|
|
@@ -335,6 +335,9 @@ static inline int copy_regset_to_user(struct task_struct *target,
|
|
{
|
|
const struct user_regset *regset = &view->regsets[setno];
|
|
|
|
+ if (!regset->get)
|
|
+ return -EOPNOTSUPP;
|
|
+
|
|
if (!access_ok(VERIFY_WRITE, data, size))
|
|
return -EIO;
|
|
|
|
@@ -358,6 +361,9 @@ static inline int copy_regset_from_user(struct task_struct *target,
|
|
{
|
|
const struct user_regset *regset = &view->regsets[setno];
|
|
|
|
+ if (!regset->set)
|
|
+ return -EOPNOTSUPP;
|
|
+
|
|
if (!access_ok(VERIFY_READ, data, size))
|
|
return -EIO;
|
|
|
|
--
|
|
1.7.7.6
|
|
|