Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp631221ybt; Fri, 19 Jun 2020 09:45:42 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxNg7ErH/exzZKyygB5MvPveucqlY7eKXKDCaW4gC8uCEc1b3JqVAC5yYyEc29xVNK7AWhZ X-Received: by 2002:a05:6402:b5c:: with SMTP id bx28mr4237058edb.145.1592585142208; Fri, 19 Jun 2020 09:45:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1592585142; cv=none; d=google.com; s=arc-20160816; b=1A6kcbF7XWXLNNK4cxsLxW7c1cAyDd04j9TQldroOdPJ3sjxcT1N+JHtHONqi31kUM DQRjEdOPrOuXZp2Z91IGnei7j3Lr1Lc5mz9I2eC00SsHOJG+Swb5jeSTpAKhJjxXmH2b 2DACJbCLDGcze/huUTQEFsFZO1Xnkr2iUtoT9pJtMdPMJ6QyOzE50hrEtPspwSfTbJ8G exBoWFebSZbeokmskKLQinidCSDwKftjtGlXc25ur65a4pFPJItjmzR8cCdY6fcEwvsd U4JONm/4pjXtScP+yAfRA2e7nVuNhyGPlZ6RIONGADf/PDI0dTcSz/lg5ALKAxFuolIm S7og== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=gf/9z+ghRrpNKHEtPeyuClxRqwqevQak9NF65MFWcAI=; b=gseo153nruOOIB4EmEQhhWSRf/b5LMEMJkEBNORGCxDxtoLokjPkur1jZiQMGE9/Hk hjfK68PyIrJ+qJUbfqCy3MuBtnVGJ+bOvgrdrfyCy0vPXG/PI/1ovGfAfKRsmJXRgqWq IsMfrLFlnYsbiPqoIBHeLcE0g4jJOBGK8ADJTqsiBKn7Djljoomv85IeQBM5ZBT1gP7+ S7TYtE+nlyIwX0tY7N5zojfNTTXqfrBU3p2vFc2Z/SaTJGdbycWPH2wLHorX/G+SuJaG dQVP5iJM5+Xn6udR6fqvBmCf7zqdx8YKgCsjGVkJllonXU3u7IX+VLtwjUonFWEYys3k biLA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="ot+PvC/A"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id v13si4200695eji.498.2020.06.19.09.45.19; Fri, 19 Jun 2020 09:45:42 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="ot+PvC/A"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2395395AbgFSQmf (ORCPT + 99 others); Fri, 19 Jun 2020 12:42:35 -0400 Received: from mail.kernel.org ([198.145.29.99]:35596 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388551AbgFSOoT (ORCPT ); Fri, 19 Jun 2020 10:44:19 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id EF89E21707; Fri, 19 Jun 2020 14:44:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1592577859; bh=YGB3RjlvoFqQ6Gp0s5xKy1Vy0GNUVzaHRZx854z92ug=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ot+PvC/Az55ACdKwqXvRI1XthgWSDTCLlqiVYLeg9BWiL4vYPYu/RXHMLeaKGyAl9 q3NA5hzCnNOa/AMGMngvKQYOfaJK4m+GIgzIa5Ri5UGBeSnCZTEESjgcISWtF9nA3j 4XryfGLz6LtgjcX/Jr9LzdZ0NXUO6glvkOTB97cY= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, stable@kernel.org, Al Viro Subject: [PATCH 4.9 117/128] sparc64: fix misuses of access_process_vm() in genregs32_[sg]et() Date: Fri, 19 Jun 2020 16:33:31 +0200 Message-Id: <20200619141626.312794435@linuxfoundation.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200619141620.148019466@linuxfoundation.org> References: <20200619141620.148019466@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Al Viro commit 142cd25293f6a7ecbdff4fb0af17de6438d46433 upstream. We do need access_process_vm() to access the target's reg_window. However, access to caller's memory (storing the result in genregs32_get(), fetching the new values in case of genregs32_set()) should be done by normal uaccess primitives. Fixes: ad4f95764040 ([SPARC64]: Fix user accesses in regset code.) Cc: stable@kernel.org Signed-off-by: Al Viro Signed-off-by: Greg Kroah-Hartman --- arch/sparc/kernel/ptrace_64.c | 17 +++-------------- 1 file changed, 3 insertions(+), 14 deletions(-) --- a/arch/sparc/kernel/ptrace_64.c +++ b/arch/sparc/kernel/ptrace_64.c @@ -533,19 +533,13 @@ static int genregs32_get(struct task_str for (; count > 0 && pos < 32; count--) { if (access_process_vm(target, (unsigned long) - ®_window[pos], + ®_window[pos++], ®, sizeof(reg), FOLL_FORCE) != sizeof(reg)) return -EFAULT; - if (access_process_vm(target, - (unsigned long) u, - ®, sizeof(reg), - FOLL_FORCE | FOLL_WRITE) - != sizeof(reg)) + if (put_user(reg, u++)) return -EFAULT; - pos++; - u++; } } } @@ -645,12 +639,7 @@ static int genregs32_set(struct task_str } } else { for (; count > 0 && pos < 32; count--) { - if (access_process_vm(target, - (unsigned long) - u, - ®, sizeof(reg), - FOLL_FORCE) - != sizeof(reg)) + if (get_user(reg, u++)) return -EFAULT; if (access_process_vm(target, (unsigned long)