From patchwork Sat May 22 16:54:01 2010
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Oleg Nesterov <oleg@redhat.com>
X-Patchwork-Id: 101640
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by demeter.kernel.org (8.14.3/8.14.3) with ESMTP id o4MEtLJB016585
	for <patchwork-sh@patchwork.kernel.org>; Sat, 22 May 2010 14:55:21 GMT
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1754378Ab0EVOzU (ORCPT
	<rfc822;patchwork-sh@patchwork.kernel.org>);
	Sat, 22 May 2010 10:55:20 -0400
Received: from mx1.redhat.com ([209.132.183.28]:51910 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1754189Ab0EVOzS (ORCPT <rfc822;linux-sh@vger.kernel.org>);
	Sat, 22 May 2010 10:55:18 -0400
Received: from int-mx04.intmail.prod.int.phx2.redhat.com
	(int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.17])
	by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id o4MEt5Ht012992
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
	Sat, 22 May 2010 10:55:05 -0400
Received: from tranklukator.englab.brq.redhat.com
	(dhcp-31-177.brq.redhat.com [10.34.31.177])
	by int-mx04.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with
	SMTP id o4MEt2Au005473; Sat, 22 May 2010 10:55:03 -0400
Received: by tranklukator.englab.brq.redhat.com (nbSMTP-1.00) for uid 500
	onestero@redhat.com; Sat, 22 May 2010 18:54:03 +0200 (CEST)
Date: Sat, 22 May 2010 18:54:01 +0200
From: Oleg Nesterov <oleg@redhat.com>
To: Roland McGrath <roland@redhat.com>,
	Andrew Morton <akpm@linux-foundation.org>
Cc: Mike Frysinger <vapier@gentoo.org>, linux-sh@vger.kernel.org,
	Paul Mundt <lethal@linux-sh.org>,
	uclinux-dist-devel@blackfin.uclinux.org, linux-kernel@vger.kernel.org,
	David Howells <dhowells@redhat.com>
Subject: [PATCH -mm 1/1] ptrace: PTRACE_GETFDPIC: fix the unsafe usage of
	child->mm
Message-ID: <20100522165401.GB19573@redhat.com>
References: <1266280229-18469-1-git-send-email-vapier@gentoo.org>
	<1274431345-22366-1-git-send-email-vapier@gentoo.org>
	<20100521162659.GA16193@redhat.com>
	<20100521183512.4477F40476@magilla.sf.frob.com>
	<20100522165320.GA19573@redhat.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <20100522165320.GA19573@redhat.com>
User-Agent: Mutt/1.5.18 (2008-05-17)
X-Scanned-By: MIMEDefang 2.67 on 10.5.11.17
Sender: linux-sh-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-sh.vger.kernel.org>
X-Mailing-List: linux-sh@vger.kernel.org
X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by
	milter-greylist-4.2.3 (demeter.kernel.org [140.211.167.41]);
	Sat, 22 May 2010 14:55:21 +0000 (UTC)


--- 34-rc1/kernel/ptrace.c~PTRACE_FDPIC	2010-05-22 18:04:47.000000000 +0200
+++ 34-rc1/kernel/ptrace.c	2010-05-22 18:35:35.000000000 +0200
@@ -598,18 +598,24 @@ int ptrace_request(struct task_struct *c
 
 #ifdef CONFIG_BINFMT_ELF_FDPIC
 	case PTRACE_GETFDPIC: {
+		struct mm_struct *mm = get_task_mm(child);
 		unsigned long tmp = 0;
 
+		ret = -ESRCH;
+		if (!mm)
+			break;
+
 		switch (addr) {
 		case PTRACE_GETFDPIC_EXEC:
-			tmp = child->mm->context.exec_fdpic_loadmap;
+			tmp = mm->context.exec_fdpic_loadmap;
 			break;
 		case PTRACE_GETFDPIC_INTERP:
-			tmp = child->mm->context.interp_fdpic_loadmap;
+			tmp = mm->context.interp_fdpic_loadmap;
 			break;
 		default:
 			break;
 		}
+		mmput(mm);
 
 		ret = put_user(tmp, (unsigned long __user *) data);
 		break;