arm64: sanitize compat_ptrace_write_user()

don't bother with copy_regset_from_user() (not to mention set_fs()) Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

arm64: sanitize compat_ptrace_write_user()
don't bother with copy_regset_from_user() (not to mention set_fs()) Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
d547175b · Al Viro · b44f3840 · d547175b
Commit d547175b authored Jun 06, 2020 by Al Viro
Hide whitespace changes
Inline Side-by-side

Showing with 20 additions and 9 deletions

arch/arm64/kernel/ptrace.c arch/arm64/kernel/ptrace.c +20 -9

No files found.
--- a/arch/arm64/kernel/ptrace.c
+++ b/arch/arm64/kernel/ptrace.c
@@ -1553,8 +1553,8 @@ static int compat_ptrace_read_user(struct task_struct *tsk, compat_ulong_t off,
 static int compat_ptrace_write_user(struct task_struct *tsk, compat_ulong_t off,
 				    compat_ulong_t val)
 {
-	int ret;
+	struct pt_regs newregs = *task_pt_regs(tsk);
-	mm_segment_t old_fs = get_fs();
+	unsigned int idx = off / 4;
 	if (off & 3 || off >= COMPAT_USER_SZ)
 		return -EIO;
@@ -1562,14 +1562,25 @@ static int compat_ptrace_write_user(struct task_struct *tsk, compat_ulong_t off,
 	if (off >= sizeof(compat_elf_gregset_t))
 		return 0;
-	set_fs(KERNEL_DS);
+	switch (idx) {
-	ret = copy_regset_from_user(tsk, &user_aarch32_view,
+	case 15:
-				    REGSET_COMPAT_GPR, off,
+		newregs.pc = val;
-				    sizeof(compat_ulong_t),
+		break;
-				    &val);
+	case 16:
-	set_fs(old_fs);
+		newregs.pstate = compat_psr_to_pstate(val);
+		break;
+	case 17:
+		newregs.orig_x0 = val;
+		break;
+	default:
+		newregs.regs[idx] = val;
+	}
+	if (!valid_user_regs(&newregs.user_regs, tsk))
+		return -EINVAL;
-	return ret;
+	*task_pt_regs(tsk) = newregs;
+	return 0;
 }
 #ifdef CONFIG_HAVE_HW_BREAKPOINT