Eric Lee / smarc-fsl-linux-kernel

Download as
Browse Code ยป

Commit e0129ef91ed758c06b6557c36124acfb2e1c7305

Authored by Oleg Nesterov
Committed by Linus Torvalds
1 parent 9c1a125921
Exists in master and in 39 other branches 8mp-imx_5.4.70_2.3.0, 8qm-imx_5.4.70_2.3.0, emb_imx_lf-5.15.y, emb_lf-6.1.y, imx_3.0.35_4.1.0, imx_3.10.17_1.0.1_ga, imx_3.10.53_1.1.0_ga, imx_3.14.28_1.0.0_ga, imx_4.1.15_1.0.0_ga, pitx_8mp_lf-5.10.y, rt-smarc-imx_4.1.15_1.0.0_ga, rt_linux_5.15.71, smarc-8m-android-11.0.0_2.0.0, smarc-imx6_4.14.98_2.0.0_ga, smarc-imx6_4.9.88_2.0.0_ga, smarc-imx7_4.14.98_2.0.0_ga, smarc-imx7_4.9.11_1.0.0_ga, smarc-imx7_4.9.88_2.0.0_ga, smarc-imx_3.10.53_1.1.0_ga, smarc-imx_3.14.28_1.0.0_ga, smarc-imx_4.1.15_1.0.0_ga, smarc-imx_4.9.11_1.0.0_ga, smarc-imx_4.9.51_imx8m_ga, smarc-imx_4.9.88_2.0.0_ga, smarc-m6.0.1_2.1.0-ga, smarc-n7.1.2_2.0.0-ga, smarc-rel_imx_4.1.15_1.2.0_ga, smarc_8m_00d0_imx_4.14.98_2.0.0_ga, smarc_8m_imx_4.14.78_1.0.0_ga, smarc_8m_imx_4.14.98_2.0.0_ga, smarc_8m_imx_4.19.35_1.1.0, smarc_8mm_imx_4.14.78_1.0.0_ga, smarc_8mm_imx_4.14.98_2.0.0_ga, smarc_8mm_imx_4.19.35_1.1.0, smarc_8mm_imx_5.4.24_2.1.0, smarc_8mp_lf-5.10.y, smarc_8mq_imx_5.4.24_2.1.0, smarc_8mq_lf-5.10.y, smarc_imx_lf-5.15.y

ptrace: PTRACE_GETFDPIC: fix the unsafe usage of child->mm 

Now that Mike Frysinger unified the FDPIC ptrace code, we can fix the
unsafe usage of child->mm in ptrace_request(PTRACE_GETFDPIC).

We have the reference to task_struct, and ptrace_check_attach() verified
the tracee is stopped.  But nothing can protect from SIGKILL after that,
we must not assume child->mm != NULL.

Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Acked-by: Mike Frysinger <vapier.adi@gmail.com>
Acked-by: David Howells <dhowells@redhat.com>
Cc: Paul Mundt <lethal@linux-sh.org>
Cc: Greg Ungerer <gerg@snapgear.com>
Acked-by: Roland McGrath <roland@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

Showing 1 changed file with 8 additions and 2 deletions Side-by-side Diff

... ... @@ -596,18 +596,24 @@
596 596  
597 597 #ifdef CONFIG_BINFMT_ELF_FDPIC
598 598 case PTRACE_GETFDPIC: {
  599 + struct mm_struct *mm = get_task_mm(child);
599 600 unsigned long tmp = 0;
600 601  
  602 + ret = -ESRCH;
  603 + if (!mm)
  604 + break;
  605 +
601 606 switch (addr) {
602 607 case PTRACE_GETFDPIC_EXEC:
603   - tmp = child->mm->context.exec_fdpic_loadmap;
  608 + tmp = mm->context.exec_fdpic_loadmap;
604 609 break;
605 610 case PTRACE_GETFDPIC_INTERP:
606   - tmp = child->mm->context.interp_fdpic_loadmap;
  611 + tmp = mm->context.interp_fdpic_loadmap;
607 612 break;
608 613 default:
609 614 break;
610 615 }
  616 + mmput(mm);
611 617  
612 618 ret = put_user(tmp, (unsigned long __user *) data);
613 619 break;