[PATCH] Fix canonical checking for segment registers in ptrace

Fix canonical checking for segment registers in ptrace

This avoids a local DOS where a process could oops the kernel by
passing bogus values to ptrace. Some versions of UML did this.

Found by Alexander Nyberg

Signed-off-by: Andi Kleen <ak@suse.de>

diff --git a/arch/x86_64/kernel/ptrace.c b/arch/x86_64/kernel/ptrace.c
index 812961f..edaf18b 100644 (file)
--- a/arch/x86_64/kernel/ptrace.c
+++ b/arch/x86_64/kernel/ptrace.c
@@ -114,13 +114,13 @@ static int putreg(struct task_struct *child,
                        child->thread.es = value & 0xffff;
                        return 0;
                case offsetof(struct user_regs_struct,fs_base):
-                       if (!((value >> 48) == 0 || (value >> 48) == 0xffff))
-                               return -EIO; 
+                       if (value >= TASK_SIZE)
+                               return -EIO;
                        child->thread.fs = value;
                        return 0;
                case offsetof(struct user_regs_struct,gs_base):
-                       if (!((value >> 48) == 0 || (value >> 48) == 0xffff))
-                               return -EIO; 
+                       if (value >= TASK_SIZE)
+                               return -EIO;
                        child->thread.gs = value;
                        return 0;
                case offsetof(struct user_regs_struct, eflags):