Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1763428AbYF0U5Q (ORCPT ); Fri, 27 Jun 2008 16:57:16 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1761159AbYF0U4b (ORCPT ); Fri, 27 Jun 2008 16:56:31 -0400 Received: from mx1.redhat.com ([66.187.233.31]:49257 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1759777AbYF0U4a (ORCPT ); Fri, 27 Jun 2008 16:56:30 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit From: Roland McGrath To: stable@kernel.org X-Fcc: ~/Mail/linus Cc: Jeff Dike , Joris van Rantwijk , linux-kernel@vger.kernel.org, Pekka Enberg , Thorsten Knabe Subject: [PATCH 2.6.25-stable] x86_64 ptrace: fix sys32_ptrace task_struct leak In-Reply-To: Jeff Dike's message of Friday, 27 June 2008 16:00:50 -0400 <20080627200050.GA10859@c2.user-mode-linux.org> References: <20080627183045.GA18801@xs4all.nl> <20080627200050.GA10859@c2.user-mode-linux.org> X-Windows: a mistake carried out to perfection. Message-Id: <20080627204953.B2E8A154088@magilla.localdomain> Date: Fri, 27 Jun 2008 13:18:33 -0700 (PDT) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 3004 Lines: 87 Commit 5a4646a4efed8c835f76c3b88f3155f6ab5b8d9b introduced a leak of task_struct refs into sys32_ptrace. This bug has already gone away in for 2.6.26 in commit 562b80bafffaf42a6d916b0a2ee3d684220a1c10. Signed-off-by: Roland McGrath --- arch/x86/kernel/ptrace.c | 45 ++++++++++++++++++++++++++------------------- 1 files changed, 26 insertions(+), 19 deletions(-) diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c index 9003e0b..a10ba65 100644 --- a/arch/x86/kernel/ptrace.c +++ b/arch/x86/kernel/ptrace.c @@ -1309,42 +1309,49 @@ asmlinkage long sys32_ptrace(long request, u32 pid, u32 addr, u32 data) break; case PTRACE_GETREGS: /* Get all gp regs from the child. */ - return copy_regset_to_user(child, &user_x86_32_view, - REGSET_GENERAL, - 0, sizeof(struct user_regs_struct32), - datap); + ret = copy_regset_to_user(child, &user_x86_32_view, + REGSET_GENERAL, + 0, sizeof(struct user_regs_struct32), + datap); + break; case PTRACE_SETREGS: /* Set all gp regs in the child. */ - return copy_regset_from_user(child, &user_x86_32_view, - REGSET_GENERAL, 0, - sizeof(struct user_regs_struct32), - datap); + ret = copy_regset_from_user(child, &user_x86_32_view, + REGSET_GENERAL, 0, + sizeof(struct user_regs_struct32), + datap); + break; case PTRACE_GETFPREGS: /* Get the child FPU state. */ - return copy_regset_to_user(child, &user_x86_32_view, - REGSET_FP, 0, - sizeof(struct user_i387_ia32_struct), - datap); + ret = copy_regset_to_user(child, &user_x86_32_view, + REGSET_FP, 0, + sizeof(struct user_i387_ia32_struct), + datap); + break; case PTRACE_SETFPREGS: /* Set the child FPU state. */ - return copy_regset_from_user( + ret = copy_regset_from_user( child, &user_x86_32_view, REGSET_FP, 0, sizeof(struct user_i387_ia32_struct), datap); + break; case PTRACE_GETFPXREGS: /* Get the child extended FPU state. */ - return copy_regset_to_user(child, &user_x86_32_view, - REGSET_XFP, 0, - sizeof(struct user32_fxsr_struct), - datap); + ret = copy_regset_to_user(child, &user_x86_32_view, + REGSET_XFP, 0, + sizeof(struct user32_fxsr_struct), + datap); + break; case PTRACE_SETFPXREGS: /* Set the child extended FPU state. */ - return copy_regset_from_user(child, &user_x86_32_view, + ret = copy_regset_from_user(child, &user_x86_32_view, REGSET_XFP, 0, sizeof(struct user32_fxsr_struct), datap); + break; default: - return compat_ptrace_request(child, request, addr, data); + ret = compat_ptrace_request(child, request, addr, data); + break; } out: -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/