Commit 02ad5d8d authored Apr 01, 2017 by Richard Weinberger Committed by Greg Kroah-Hartman May 20, 2017

um: Fix PTRACE_POKEUSER on x86_64



commit 9abc74a22d85ab29cef9896a2582a530da7e79bf upstream.

This is broken since ever but sadly nobody noticed.
Recent versions of GDB set DR_CONTROL unconditionally and
UML dies due to a heap corruption. It turns out that
the PTRACE_POKEUSER was copy&pasted from i386 and assumes
that addresses are 4 bytes long.

Fix that by using 8 as address size in the calculation.

Reported-by: jie cao <cj3054@gmail.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

parent 3e576d76

arch/x86/um/ptrace_64.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -120,7 +120,7 @@ int poke_user(struct task_struct *child, long addr, long data)
		else if ((addr >= offsetof(struct user, u_debugreg[0])) &&
		(addr <= offsetof(struct user, u_debugreg[7]))) {
		addr -= offsetof(struct user, u_debugreg[0]);
		addr = addr >> 2;
		addr = addr >> 3;
		if ((addr == 4) \|\| (addr == 5))
		return -EIO;
		child->thread.arch.debugregs[addr] = data;