From patchwork Mon Jun  2 10:47:23 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Will Deacon <will.deacon@arm.com>
X-Patchwork-Id: 31279
Return-Path: <patchwork-forward+bncBDUJHMNZY4KRBIVNWGOAKGQE4MSNZAY@linaro.org>
X-Original-To: linaro@patches.linaro.org
Delivered-To: linaro@patches.linaro.org
Received: from mail-yh0-f69.google.com (mail-yh0-f69.google.com
 [209.85.213.69])
 by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 21D64203C2
 for <linaro@patches.linaro.org>; Mon,  2 Jun 2014 10:49:07 +0000 (UTC)
Received: by mail-yh0-f69.google.com with SMTP id i57sf24626373yha.8
 for <linaro@patches.linaro.org>; Mon, 02 Jun 2014 03:49:06 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:delivered-to:from:to:subject:date:message-id:cc
 :precedence:list-id:list-unsubscribe:list-archive:list-post
 :list-help:list-subscribe:mime-version:sender:errors-to
 :x-original-sender:x-original-authentication-results:mailing-list
 :content-type:content-transfer-encoding;
 bh=QGGTNbUYa77Q4PmuoAH0Y0EFkdE8Jw1tzVlzM2ppXEM=;
 b=gBKt89wPmLYfwKSWqsi5Ri1Q2QZHBreUaCcAxsLPt6RcsuYAbLalk8Jka0HZTztjPe
 Wu5cwhuom6e5aQuOw0TdWtgGkEOF6CqsSyt6XZYdxUPC1HAntwo7BpSbmWLCrdttcZFw
 275zYhI1/ijI5txouF19QI/8HkTW3CgVS3cBhOmp+t7c9Bf91Hdz+jWvBfbDorNJo4Gd
 maUgJPmrcrCPqJouCbK84WmuEFbAL8y2I6jWc6l58arUPNjM2V1T9Q2tDqZP3L+DQeRz
 i+kyQln6R5mrlXBq/GayKHYeHOrsbnvAHpHNZojz57Fmlpk0OZkLL5iF+ZMJz+RsDpiS
 84KQ==
X-Gm-Message-State: ALoCoQnshzYiZ2ZuxgmquRC4qYXemU0jCc4EZWQknlbcs+DRC4/QZs1y5n8hz7ZKeS4ZS9b+/PRK
X-Received: by 10.236.203.113 with SMTP id e77mr11157448yho.15.1401706146909; 
 Mon, 02 Jun 2014 03:49:06 -0700 (PDT)
X-BeenThere: patchwork-forward@linaro.org
Received: by 10.140.80.81 with SMTP id b75ls1956400qgd.34.gmail; Mon, 02 Jun
 2014 03:49:06 -0700 (PDT)
X-Received: by 10.52.99.168 with SMTP id er8mr24992913vdb.26.1401706146791; 
 Mon, 02 Jun 2014 03:49:06 -0700 (PDT)
Received: from mail-ve0-f180.google.com (mail-ve0-f180.google.com
 [209.85.128.180]) by mx.google.com with ESMTPS id
 yf17si7657140vdb.9.2014.06.02.03.49.06
 for <patchwork-forward@linaro.org>
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Mon, 02 Jun 2014 03:49:06 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.128.180 as permitted sender) client-ip=209.85.128.180; 
Received: by mail-ve0-f180.google.com with SMTP id db12so4918726veb.39
 for <patchwork-forward@linaro.org>;
 Mon, 02 Jun 2014 03:49:06 -0700 (PDT)
X-Received: by 10.220.59.65 with SMTP id k1mr29535986vch.22.1401706146718;
 Mon, 02 Jun 2014 03:49:06 -0700 (PDT)
X-Forwarded-To: patchwork-forward@linaro.org
X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org
Delivered-To: patch@linaro.org
Received: by 10.220.221.72 with SMTP id ib8csp88050vcb;
 Mon, 2 Jun 2014 03:49:06 -0700 (PDT)
X-Received: by 10.140.88.241 with SMTP id t104mr45030458qgd.29.1401706146357; 
 Mon, 02 Jun 2014 03:49:06 -0700 (PDT)
Received: from bombadil.infradead.org (bombadil.infradead.org.
 [2001:1868:205::9]) by mx.google.com with ESMTPS id
 u8si16849771qgu.44.2014.06.02.03.49.06 for <patch@linaro.org>
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Mon, 02 Jun 2014 03:49:06 -0700 (PDT)
Received-SPF: none (google.com:
 linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org
 does not designate permitted sender hosts)
 client-ip=2001:1868:205::9; 
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
 by bombadil.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux))
 id 1WrPmJ-0007j7-I2; Mon, 02 Jun 2014 10:47:43 +0000
Received: from cam-admin0.cambridge.arm.com ([217.140.96.50])
 by bombadil.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux))
 id 1WrPmG-0007e5-JZ for linux-arm-kernel@lists.infradead.org;
 Mon, 02 Jun 2014 10:47:41 +0000
Received: from edgewater-inn.cambridge.arm.com
 (edgewater-inn.cambridge.arm.com [10.1.203.25])
 by cam-admin0.cambridge.arm.com (8.12.6/8.12.6) with ESMTP id
 s52AlHwo000404; Mon, 2 Jun 2014 11:47:17 +0100 (BST)
Received: by edgewater-inn.cambridge.arm.com (Postfix, from userid 1000)
 id 70FE01AE335F; Mon,  2 Jun 2014 11:47:24 +0100 (BST)
From: Will Deacon <will.deacon@arm.com>
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH] arm64: ptrace: change fs when passing kernel pointer to
 regset code
Date: Mon,  2 Jun 2014 11:47:23 +0100
Message-Id: <1401706043-1741-1-git-send-email-will.deacon@arm.com>
X-Mailer: git-send-email 1.9.2
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3
X-CRM114-CacheID: sfid-20140602_034740_995431_614DE8B5
X-CRM114-Status: GOOD (  11.19  )
X-Spam-Score: -5.7 (-----)
X-Spam-Report: SpamAssassin version 3.3.2 on bombadil.infradead.org summary:
 Content analysis details:   (-5.7 points)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 -5.0 RCVD_IN_DNSWL_HI RBL: Sender listed at http://www.dnswl.org/,
 high trust [217.140.96.50 listed in list.dnswl.org]
 -0.7 RP_MATCHES_RCVD Envelope sender domain matches handover relay
 domain
 -0.0 SPF_PASS               SPF: sender matches SPF record
Cc: catalin.marinas@arm.com, Will Deacon <will.deacon@arm.com>
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <patchwork-forward.linaro.org>
List-Unsubscribe: <http://groups.google.com/a/linaro.org/group/patchwork-forward/subscribe>, 
 <mailto:googlegroups-manage+836684582541+unsubscribe@googlegroups.com>
List-Archive: <http://groups.google.com/a/linaro.org/group/patchwork-forward/>
List-Post: <http://groups.google.com/a/linaro.org/group/patchwork-forward/post>, 
 <mailto:patchwork-forward@linaro.org>
List-Help: <http://support.google.com/a/linaro.org/bin/topic.py?topic=25838>, 
 <mailto:patchwork-forward+help@linaro.org>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>, 
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
MIME-Version: 1.0
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org
X-Removed-Original-Auth: Dkim didn't pass.
X-Original-Sender: will.deacon@arm.com
X-Original-Authentication-Results: mx.google.com; spf=pass (google.com:
 domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.128.180 as permitted sender)
 smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org
Mailing-list: list patchwork-forward@linaro.org;
 contact patchwork-forward+owners@linaro.org
X-Google-Group-Id: 836684582541

Our compat PTRACE_POKEUSR implementation simply passes the user data to
regset_copy_from_user after some simple range checking. Unfortunately,
the data in question has already been copied to the kernel stack by this
point, so the subsequent access_ok check fails and the ptrace request
returns -EFAULT. This causes problems tracing fork() with older versions
of strace.

This patch briefly changes the fs to KERNEL_DS, so that the access_ok
check passes even with a kernel address.

Signed-off-by: Will Deacon <will.deacon@arm.com>
---
 arch/arm64/kernel/ptrace.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c
index 6a8928bba03c..bf288e443a9f 100644
--- a/arch/arm64/kernel/ptrace.c
+++ b/arch/arm64/kernel/ptrace.c
@@ -821,6 +821,7 @@ static int compat_ptrace_write_user(struct task_struct *tsk, compat_ulong_t off,
 				    compat_ulong_t val)
 {
 	int ret;
+	mm_segment_t old_fs = get_fs();
 
 	if (off & 3 || off >= COMPAT_USER_SZ)
 		return -EIO;
@@ -828,10 +829,13 @@ static int compat_ptrace_write_user(struct task_struct *tsk, compat_ulong_t off,
 	if (off >= sizeof(compat_elf_gregset_t))
 		return 0;
 
+	set_fs(KERNEL_DS);
 	ret = copy_regset_from_user(tsk, &user_aarch32_view,
 				    REGSET_COMPAT_GPR, off,
 				    sizeof(compat_ulong_t),
 				    &val);
+	set_fs(old_fs);
+
 	return ret;
 }