Prev: [PATCH -mm 0/1] (Was: ptrace: unify FDPIC implementations)
Next: linux-next: build warning after merge of the final tree (Linus' tree related)
From: Oleg Nesterov on 22 May 2010 11:00
Now that Mike Frysinger unified the FDPIC ptrace code, we can fix
the unsafe usage of child->mm in ptrace_request(PTRACE_GETFDPIC).

We have the reference to task_struct, and ptrace_check_attach()
verified the tracee is stopped. But nothing can protect from
SIGKILL after that, we must not assume child->mm != NULL.

Signed-off-by: Oleg Nesterov <oleg(a)redhat.com>
---

kernel/ptrace.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)

--- 34-rc1/kernel/ptrace.c~PTRACE_FDPIC 2010-05-22 18:04:47.000000000 +0200
+++ 34-rc1/kernel/ptrace.c 2010-05-22 18:35:35.000000000 +0200
@@ -598,18 +598,24 @@ int ptrace_request(struct task_struct *c

#ifdef CONFIG_BINFMT_ELF_FDPIC
case PTRACE_GETFDPIC: {
+ struct mm_struct *mm = get_task_mm(child);
unsigned long tmp = 0;

+ ret = -ESRCH;
+ if (!mm)
+ break;
+
switch (addr) {
case PTRACE_GETFDPIC_EXEC:
- tmp = child->mm->context.exec_fdpic_loadmap;
+ tmp = mm->context.exec_fdpic_loadmap;
break;
case PTRACE_GETFDPIC_INTERP:
- tmp = child->mm->context.interp_fdpic_loadmap;
+ tmp = mm->context.interp_fdpic_loadmap;
break;
default:
break;
}
+ mmput(mm);

ret = put_user(tmp, (unsigned long __user *) data);
break;

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo(a)vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
 | 
Pages: 1
Prev: [PATCH -mm 0/1] (Was: ptrace: unify FDPIC implementations)
Next: linux-next: build warning after merge of the final tree (Linus' tree related)