Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755981AbZCJOlJ (ORCPT ); Tue, 10 Mar 2009 10:41:09 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1752971AbZCJOkz (ORCPT ); Tue, 10 Mar 2009 10:40:55 -0400 Received: from mx2.mail.elte.hu ([157.181.151.9]:55488 "EHLO mx2.mail.elte.hu" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752247AbZCJOky (ORCPT ); Tue, 10 Mar 2009 10:40:54 -0400 Date: Tue, 10 Mar 2009 15:40:02 +0100 From: Ingo Molnar To: prasad@linux.vnet.ibm.com Cc: Andrew Morton , Linux Kernel Mailing List , Alan Stern , Roland McGrath Subject: Re: [patch 08/11] Modify Ptrace routines to access breakpoint registers Message-ID: <20090310144002.GF3850@elte.hu> References: <20090305043440.189041194@linux.vnet.ibm.com> <20090305044051.GI17747@in.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20090305044051.GI17747@in.ibm.com> User-Agent: Mutt/1.5.18 (2008-05-17) X-ELTE-VirusStatus: clean X-ELTE-SpamScore: -1.5 X-ELTE-SpamLevel: X-ELTE-SpamCheck: no X-ELTE-SpamVersion: ELTE 2.0 X-ELTE-SpamCheck-Details: score=-1.5 required=5.9 tests=BAYES_00 autolearn=no SpamAssassin version=3.2.3 -1.5 BAYES_00 BODY: Bayesian spam probability is 0 to 1% [score: 0.0000] Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1100 Lines: 35 * prasad@linux.vnet.ibm.com wrote: > -static unsigned long debugreg_addr_limit(struct task_struct *task) > -{ > -#ifdef CONFIG_IA32_EMULATION > - if (test_tsk_thread_flag(task, TIF_IA32)) > - return IA32_PAGE_OFFSET - 3; > -#endif > - return TASK_SIZE_MAX - 7; > -} > - I dont see where this security check has been carried over into the generic code. The new code has: +int arch_check_va_in_userspace(unsigned long va, struct task_struct *tsk) +{ + return (va < TASK_SIZE); +} but i think that misses the detail that it's not just the start address of an x86 breakpoint that has to be considered, but also the end addess of it. For example a hardware breakpoint can be at 0xbfffffff with a length of 4 bytes - thus overlapping into kernel-space by 3 bytes. It is important to not let that happen. Ingo -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/