|
|
@@ -27,6 +27,35 @@
|
|
|
#include <linux/cn_proc.h>
|
|
|
#include <linux/compat.h>
|
|
|
|
|
|
+/*
|
|
|
+ * Access another process' address space via ptrace.
|
|
|
+ * Source/target buffer must be kernel space,
|
|
|
+ * Do not walk the page table directly, use get_user_pages
|
|
|
+ */
|
|
|
+int ptrace_access_vm(struct task_struct *tsk, unsigned long addr,
|
|
|
+ void *buf, int len, unsigned int gup_flags)
|
|
|
+{
|
|
|
+ struct mm_struct *mm;
|
|
|
+ int ret;
|
|
|
+
|
|
|
+ mm = get_task_mm(tsk);
|
|
|
+ if (!mm)
|
|
|
+ return 0;
|
|
|
+
|
|
|
+ if (!tsk->ptrace ||
|
|
|
+ (current != tsk->parent) ||
|
|
|
+ ((get_dumpable(mm) != SUID_DUMP_USER) &&
|
|
|
+ !ptracer_capable(tsk, mm->user_ns))) {
|
|
|
+ mmput(mm);
|
|
|
+ return 0;
|
|
|
+ }
|
|
|
+
|
|
|
+ ret = __access_remote_vm(tsk, mm, addr, buf, len, gup_flags);
|
|
|
+ mmput(mm);
|
|
|
+
|
|
|
+ return ret;
|
|
|
+}
|
|
|
+
|
|
|
|
|
|
/*
|
|
|
* ptrace a task: make the debugger its new parent and
|
|
|
@@ -535,7 +564,8 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst
|
|
|
int this_len, retval;
|
|
|
|
|
|
this_len = (len > sizeof(buf)) ? sizeof(buf) : len;
|
|
|
- retval = access_process_vm(tsk, src, buf, this_len, FOLL_FORCE);
|
|
|
+ retval = ptrace_access_vm(tsk, src, buf, this_len, FOLL_FORCE);
|
|
|
+
|
|
|
if (!retval) {
|
|
|
if (copied)
|
|
|
break;
|
|
|
@@ -562,7 +592,7 @@ int ptrace_writedata(struct task_struct *tsk, char __user *src, unsigned long ds
|
|
|
this_len = (len > sizeof(buf)) ? sizeof(buf) : len;
|
|
|
if (copy_from_user(buf, src, this_len))
|
|
|
return -EFAULT;
|
|
|
- retval = access_process_vm(tsk, dst, buf, this_len,
|
|
|
+ retval = ptrace_access_vm(tsk, dst, buf, this_len,
|
|
|
FOLL_FORCE | FOLL_WRITE);
|
|
|
if (!retval) {
|
|
|
if (copied)
|
|
|
@@ -1126,7 +1156,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr,
|
|
|
unsigned long tmp;
|
|
|
int copied;
|
|
|
|
|
|
- copied = access_process_vm(tsk, addr, &tmp, sizeof(tmp), FOLL_FORCE);
|
|
|
+ copied = ptrace_access_vm(tsk, addr, &tmp, sizeof(tmp), FOLL_FORCE);
|
|
|
if (copied != sizeof(tmp))
|
|
|
return -EIO;
|
|
|
return put_user(tmp, (unsigned long __user *)data);
|
|
|
@@ -1137,7 +1167,7 @@ int generic_ptrace_pokedata(struct task_struct *tsk, unsigned long addr,
|
|
|
{
|
|
|
int copied;
|
|
|
|
|
|
- copied = access_process_vm(tsk, addr, &data, sizeof(data),
|
|
|
+ copied = ptrace_access_vm(tsk, addr, &data, sizeof(data),
|
|
|
FOLL_FORCE | FOLL_WRITE);
|
|
|
return (copied == sizeof(data)) ? 0 : -EIO;
|
|
|
}
|
|
|
@@ -1155,7 +1185,7 @@ int compat_ptrace_request(struct task_struct *child, compat_long_t request,
|
|
|
switch (request) {
|
|
|
case PTRACE_PEEKTEXT:
|
|
|
case PTRACE_PEEKDATA:
|
|
|
- ret = access_process_vm(child, addr, &word, sizeof(word),
|
|
|
+ ret = ptrace_access_vm(child, addr, &word, sizeof(word),
|
|
|
FOLL_FORCE);
|
|
|
if (ret != sizeof(word))
|
|
|
ret = -EIO;
|
|
|
@@ -1165,7 +1195,7 @@ int compat_ptrace_request(struct task_struct *child, compat_long_t request,
|
|
|
|
|
|
case PTRACE_POKETEXT:
|
|
|
case PTRACE_POKEDATA:
|
|
|
- ret = access_process_vm(child, addr, &data, sizeof(data),
|
|
|
+ ret = ptrace_access_vm(child, addr, &data, sizeof(data),
|
|
|
FOLL_FORCE | FOLL_WRITE);
|
|
|
ret = (ret != sizeof(data) ? -EIO : 0);
|
|
|
break;
|
Eric W. Biederman