git://git.onelab.eu
/
linux-2.6.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
vserver 2.0-rc4
[linux-2.6.git]
/
arch
/
x86_64
/
kernel
/
ptrace.c
diff --git
a/arch/x86_64/kernel/ptrace.c
b/arch/x86_64/kernel/ptrace.c
index
672637d
..
70ccdd2
100644
(file)
--- a/
arch/x86_64/kernel/ptrace.c
+++ b/
arch/x86_64/kernel/ptrace.c
@@
-129,13
+129,13
@@
static int putreg(struct task_struct *child,
value &= 0xffff;
return 0;
case offsetof(struct user_regs_struct,fs_base):
value &= 0xffff;
return 0;
case offsetof(struct user_regs_struct,fs_base):
- if (
!((value >> 48) == 0 || (value >> 48) == 0xffff)
)
- return -EIO;
+ if (
value >= TASK_SIZE
)
+ return -EIO;
child->thread.fs = value;
return 0;
case offsetof(struct user_regs_struct,gs_base):
child->thread.fs = value;
return 0;
case offsetof(struct user_regs_struct,gs_base):
- if (
!((value >> 48) == 0 || (value >> 48) == 0xffff)
)
- return -EIO;
+ if (
value >= TASK_SIZE
)
+ return -EIO;
child->thread.gs = value;
return 0;
case offsetof(struct user_regs_struct, eflags):
child->thread.gs = value;
return 0;
case offsetof(struct user_regs_struct, eflags):
@@
-149,6
+149,11
@@
static int putreg(struct task_struct *child,
return -EIO;
value &= 0xffff;
break;
return -EIO;
value &= 0xffff;
break;
+ case offsetof(struct user_regs_struct, rip):
+ /* Check if the new RIP address is canonical */
+ if (value >= TASK_SIZE)
+ return -EIO;
+ break;
}
put_stack_long(child, regno - sizeof(struct pt_regs), value);
return 0;
}
put_stack_long(child, regno - sizeof(struct pt_regs), value);
return 0;
@@
-325,6
+330,8
@@
asmlinkage long sys_ptrace(long request, long pid, unsigned long addr, long data
ret = 0;
break;
case offsetof(struct user, u_debugreg[7]):
ret = 0;
break;
case offsetof(struct user, u_debugreg[7]):
+ /* See arch/i386/kernel/ptrace.c for an explanation of
+ * this awkward check.*/
data &= ~DR_CONTROL_RESERVED;
for(i=0; i<4; i++)
if ((0x5454 >> ((data >> (16 + 4*i)) & 0xf)) & 1)
data &= ~DR_CONTROL_RESERVED;
for(i=0; i<4; i++)
if ((0x5454 >> ((data >> (16 + 4*i)) & 0xf)) & 1)
@@
-397,7
+404,7
@@
asmlinkage long sys_ptrace(long request, long pid, unsigned long addr, long data
long tmp;
ret = 0;
long tmp;
ret = 0;
- if (child->
state == TASK_ZOMBIE)
/* already dead */
+ if (child->
exit_state == EXIT_ZOMBIE)
/* already dead */
break;
clear_tsk_thread_flag(child, TIF_SINGLESTEP);
child->exit_code = SIGKILL;
break;
clear_tsk_thread_flag(child, TIF_SINGLESTEP);
child->exit_code = SIGKILL;
@@
-480,7
+487,7
@@
asmlinkage long sys_ptrace(long request, long pid, unsigned long addr, long data
ret = -EIO;
break;
}
ret = -EIO;
break;
}
-
child->used_math = 1
;
+
set_stopped_child_used_math(child)
;
ret = set_fpregs(child, (struct user_i387_struct __user *)data);
break;
}
ret = set_fpregs(child, (struct user_i387_struct __user *)data);
break;
}