Fix canonical checking for segment registers in ptrace
This avoids a local DOS where a process could oops the kernel by
passing bogus values to ptrace. Some versions of UML did this.
Found by Alexander Nyberg
Signed-off-by: Andi Kleen <ak@suse.de>
child->thread.es = value & 0xffff;
return 0;
case offsetof(struct user_regs_struct,fs_base):
- if (!((value >> 48) == 0 || (value >> 48) == 0xffff))
- return -EIO;
+ if (value >= TASK_SIZE)
+ return -EIO;
child->thread.fs = value;
return 0;
case offsetof(struct user_regs_struct,gs_base):
- if (!((value >> 48) == 0 || (value >> 48) == 0xffff))
- return -EIO;
+ if (value >= TASK_SIZE)
+ return -EIO;
child->thread.gs = value;
return 0;
case offsetof(struct user_regs_struct, eflags):