From patchwork Mon Jun 30 11:52:21 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jiri Slaby <jslaby@suse.cz>
X-Patchwork-Id: 32705
Return-Path: <patchwork-forward+bncBCHN3LUNYYJBB5FRYWOQKGQEN4JOHCY@linaro.org>
X-Original-To: linaro@patches.linaro.org
Delivered-To: linaro@patches.linaro.org
Received: from mail-yh0-f69.google.com (mail-yh0-f69.google.com
 [209.85.213.69])
 by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 3170C203C0
 for <linaro@patches.linaro.org>; Mon, 30 Jun 2014 12:32:52 +0000 (UTC)
Received: by mail-yh0-f69.google.com with SMTP id b6sf18303625yha.0
 for <linaro@patches.linaro.org>; Mon, 30 Jun 2014 05:32:52 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:delivered-to:from:to:cc:subject
 :date:message-id:in-reply-to:references:in-reply-to:references
 :sender:precedence:list-id:x-original-sender
 :x-original-authentication-results:mailing-list:list-post:list-help
 :list-archive:list-unsubscribe;
 bh=8p2/m+DbH5xO/AvALKHZ3su9YCqd2L81Da+VrAIQiu0=;
 b=fsBkpko7Mx7CbIFmCOTBLWffQyGWZqh5Zl9Xhki8BWJVqju/J5U4B5ZC7aR9D5MdsV
 ultL9Ko2fOnGpiHy/xEagqi5ZoGGr5nHYy4o3wBUUiqLp27Edk6Cde++eIfSiZLfQB3c
 4Gfyu4B81qsM8rlkFQP3lfxP6i9rAN7QxUjmw6HCCblOi+sFES5g/lWIjxtbkLBYbBk7
 WoNZzfVQpwcZAdIbe7qqbydN37mQj7MvvrKxxi3UihZimDW+/dEi5pF4omBj7NRYXrDo
 t4AOzFWJ0DEY9qEEbkeVrGvJ2Z/0STwgUWYJpyz0oVsqUze46uEl5vLKcOTyr79ZmaW8
 Q6Ag==
X-Gm-Message-State: ALoCoQmU0on4DkiBnr+qJDEQp2pbRsmLDQyFtRtUjLnKwl1Dk57yYosT6w3ZQsPhBRP3goTPVP5c
X-Received: by 10.236.161.8 with SMTP id v8mr404213yhk.0.1404131572043;
 Mon, 30 Jun 2014 05:32:52 -0700 (PDT)
MIME-Version: 1.0
X-BeenThere: patchwork-forward@linaro.org
Received: by 10.140.84.239 with SMTP id l102ls1422218qgd.81.gmail;
 Mon, 30 Jun 2014 05:32:52 -0700 (PDT)
X-Received: by 10.220.50.138 with SMTP id z10mr114402vcf.75.1404131571982;
 Mon, 30 Jun 2014 05:32:51 -0700 (PDT)
Received: from mail-ve0-f172.google.com (mail-ve0-f172.google.com
 [209.85.128.172])
 by mx.google.com with ESMTPS id 7si9965552vcu.41.2014.06.30.05.32.51
 for <patchwork-forward@linaro.org>
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Mon, 30 Jun 2014 05:32:51 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.128.172 as permitted sender) client-ip=209.85.128.172; 
Received: by mail-ve0-f172.google.com with SMTP id jz11so8142635veb.3
 for <patchwork-forward@linaro.org>;
 Mon, 30 Jun 2014 05:32:51 -0700 (PDT)
X-Received: by 10.53.7.204 with SMTP id de12mr2033830vdd.41.1404131571881;
 Mon, 30 Jun 2014 05:32:51 -0700 (PDT)
X-Forwarded-To: patchwork-forward@linaro.org
X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org
Delivered-To: patch@linaro.org
Received: by 10.221.37.5 with SMTP id tc5csp134329vcb;
 Mon, 30 Jun 2014 05:32:51 -0700 (PDT)
X-Received: by 10.68.192.106 with SMTP id hf10mr51664272pbc.30.1404131571041; 
 Mon, 30 Jun 2014 05:32:51 -0700 (PDT)
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
 by mx.google.com with ESMTP id
 tk10si22949767pab.212.2014.06.30.05.32.50; 
 Mon, 30 Jun 2014 05:32:50 -0700 (PDT)
Received-SPF: none (google.com: linux-kernel-owner@vger.kernel.org does not
 designate permitted sender hosts) client-ip=209.132.180.67; 
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S1755446AbaF3McO (ORCPT <rfc822;mturquette@linaro.org>
 + 27 others); Mon, 30 Jun 2014 08:32:14 -0400
Received: from ip4-83-240-18-248.cust.nbox.cz ([83.240.18.248]:53045 "EHLO
 ip4-83-240-18-248.cust.nbox.cz" rhost-flags-OK-OK-OK-OK)
 by vger.kernel.org with ESMTP id S1755337AbaF3McF (ORCPT
 <rfc822;linux-kernel@vger.kernel.org>);
 Mon, 30 Jun 2014 08:32:05 -0400
Received: from ku by ip4-83-240-18-248.cust.nbox.cz with local (Exim 4.80.1)
 (envelope-from <jslaby@suse.cz>)
 id 1X1a9F-0000mh-2w; Mon, 30 Jun 2014 13:53:25 +0200
From: Jiri Slaby <jslaby@suse.cz>
To: stable@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, Will Deacon <will.deacon@arm.com>,
 Catalin Marinas <catalin.marinas@arm.com>, Jiri Slaby <jslaby@suse.cz>
Subject: [PATCH 3.12 120/181] arm64: ptrace: change fs when passing kernel
 pointer to regset code
Date: Mon, 30 Jun 2014 13:52:21 +0200
Message-Id: <bd44b0890d0e2ff4b0f59a1ac310dd9f401a4141.1404128998.git.jslaby@suse.cz>
X-Mailer: git-send-email 2.0.0
In-Reply-To: <61844d8e25eb8899b0836afa9796fa239db80f1f.1404128997.git.jslaby@suse.cz>
References: <61844d8e25eb8899b0836afa9796fa239db80f1f.1404128997.git.jslaby@suse.cz>
In-Reply-To: <cover.1404128997.git.jslaby@suse.cz>
References: <cover.1404128997.git.jslaby@suse.cz>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: list
List-ID: <patchwork-forward.linaro.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Removed-Original-Auth: Dkim didn't pass.
X-Original-Sender: linux-kernel-owner@vger.kernel.org
X-Original-Authentication-Results: mx.google.com; spf=pass (google.com:
 domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.128.172 as permitted sender)
 smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org
Mailing-list: list patchwork-forward@linaro.org;
 contact patchwork-forward+owners@linaro.org
X-Google-Group-Id: 836684582541
List-Post: <http://groups.google.com/a/linaro.org/group/patchwork-forward/post>, 
 <mailto:patchwork-forward@linaro.org>
List-Help: <http://support.google.com/a/linaro.org/bin/topic.py?topic=25838>, 
 <mailto:patchwork-forward+help@linaro.org>
List-Archive: <http://groups.google.com/a/linaro.org/group/patchwork-forward/>
List-Unsubscribe: <http://groups.google.com/a/linaro.org/group/patchwork-forward/subscribe>, 
 <mailto:googlegroups-manage+836684582541+unsubscribe@googlegroups.com>

From: Will Deacon <will.deacon@arm.com>

3.12-stable review patch.  If anyone has any objections, please let me know.

===============

commit c168870704bcde6bb63d05f7882b620dd3985a46 upstream.

Our compat PTRACE_POKEUSR implementation simply passes the user data to
regset_copy_from_user after some simple range checking. Unfortunately,
the data in question has already been copied to the kernel stack by this
point, so the subsequent access_ok check fails and the ptrace request
returns -EFAULT. This causes problems tracing fork() with older versions
of strace.

This patch briefly changes the fs to KERNEL_DS, so that the access_ok
check passes even with a kernel address.

Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
 arch/arm64/kernel/ptrace.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c
index c484d5625ffb..9fa78cd0f092 100644
--- a/arch/arm64/kernel/ptrace.c
+++ b/arch/arm64/kernel/ptrace.c
@@ -823,6 +823,7 @@ static int compat_ptrace_write_user(struct task_struct *tsk, compat_ulong_t off,
 				    compat_ulong_t val)
 {
 	int ret;
+	mm_segment_t old_fs = get_fs();
 
 	if (off & 3 || off >= COMPAT_USER_SZ)
 		return -EIO;
@@ -830,10 +831,13 @@ static int compat_ptrace_write_user(struct task_struct *tsk, compat_ulong_t off,
 	if (off >= sizeof(compat_elf_gregset_t))
 		return 0;
 
+	set_fs(KERNEL_DS);
 	ret = copy_regset_from_user(tsk, &user_aarch32_view,
 				    REGSET_COMPAT_GPR, off,
 				    sizeof(compat_ulong_t),
 				    &val);
+	set_fs(old_fs);
+
 	return ret;
 }