From: Bodo Stroesser <[email protected]>
For security reasons, UML in is_syscall() needs to have access to code
in vsyscall-page. The current implementation grants this access by
explicitly allowing access to vsyscall in access_ok_skas(). With this
change, copy_from_user() may be used to read the code.
Ptrace access to vsyscall-page for debugging already was implemented
in get_user_pages() by mainline.
In i386, copy_from_user can't access vsyscall-page, but returns EFAULT.
To make UML behave as i386 does, I changed is_syscall to use
access_process_vm(current) to read the code from vsyscall-page.
This doesn't hurt security, but simplifies the code and prepares
implementation of stub-vmas.
Signed-off-by: Bodo Stroesser <[email protected]>
Signed-off-by: Jeff Dike <[email protected]>
Index: linux-2.6.15/arch/um/sys-i386/ptrace.c
===================================================================
--- linux-2.6.15.orig/arch/um/sys-i386/ptrace.c 2005-08-28 19:41:01.000000000 -0400
+++ linux-2.6.15/arch/um/sys-i386/ptrace.c 2006-03-23 12:17:52.000000000 -0500
@@ -6,6 +6,7 @@
#include <linux/config.h>
#include <linux/compiler.h>
#include "linux/sched.h"
+#include "linux/mm.h"
#include "asm/elf.h"
#include "asm/ptrace.h"
#include "asm/uaccess.h"
@@ -26,9 +27,17 @@ int is_syscall(unsigned long addr)
n = copy_from_user(&instr, (void __user *) addr, sizeof(instr));
if(n){
- printk("is_syscall : failed to read instruction from 0x%lx\n",
- addr);
- return(0);
+ /* access_process_vm() grants access to vsyscall and stub,
+ * while copy_from_user doesn't. Maybe access_process_vm is
+ * slow, but that doesn't matter, since it will be called only
+ * in case of singlestepping, if copy_from_user failed.
+ */
+ n = access_process_vm(current, addr, &instr, sizeof(instr), 0);
+ if(n != sizeof(instr)) {
+ printk("is_syscall : failed to read instruction from "
+ "0x%lx\n", addr);
+ return(1);
+ }
}
/* int 0x80 or sysenter */
return((instr == 0x80cd) || (instr == 0x340f));
Index: linux-2.6.15/arch/um/sys-x86_64/ptrace.c
===================================================================
--- linux-2.6.15.orig/arch/um/sys-x86_64/ptrace.c 2006-03-23 12:50:15.000000000 -0500
+++ linux-2.6.15/arch/um/sys-x86_64/ptrace.c 2006-03-23 12:50:23.000000000 -0500
@@ -8,6 +8,7 @@
#include <asm/ptrace.h>
#include <linux/sched.h>
#include <linux/errno.h>
+#include <linux/mm.h>
#include <asm/uaccess.h>
#include <asm/elf.h>
@@ -136,9 +137,28 @@ void arch_switch(void)
*/
}
+/* XXX Mostly copied from sys-i386 */
int is_syscall(unsigned long addr)
{
- panic("is_syscall");
+ unsigned short instr;
+ int n;
+
+ n = copy_from_user(&instr, (void __user *) addr, sizeof(instr));
+ if(n){
+ /* access_process_vm() grants access to vsyscall and stub,
+ * while copy_from_user doesn't. Maybe access_process_vm is
+ * slow, but that doesn't matter, since it will be called only
+ * in case of singlestepping, if copy_from_user failed.
+ */
+ n = access_process_vm(current, addr, &instr, sizeof(instr), 0);
+ if(n != sizeof(instr)) {
+ printk("is_syscall : failed to read instruction from "
+ "0x%lx\n", addr);
+ return(1);
+ }
+ }
+ /* sysenter */
+ return(instr == 0x050f);
}
int dump_fpu(struct pt_regs *regs, elf_fpregset_t *fpu )
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]