Blackfin arch: ptrace - fix off-by-one check on end of memory regions

Signed-off-by: Mike Frysinger <vapier.adi@gmail.com>
Signed-off-by: Bryan Wu <cooloney@kernel.org>
This commit is contained in:
Mike Frysinger 2008-10-10 17:26:57 +08:00 committed by Bryan Wu
parent 2043f3f731
commit d207a8c768
1 changed files with 21 additions and 29 deletions

View File

@ -161,15 +161,15 @@ static inline int is_user_addr_valid(struct task_struct *child,
struct sram_list_struct *sraml; struct sram_list_struct *sraml;
for (vml = child->mm->context.vmlist; vml; vml = vml->next) for (vml = child->mm->context.vmlist; vml; vml = vml->next)
if (start >= vml->vma->vm_start && start + len <= vml->vma->vm_end) if (start >= vml->vma->vm_start && start + len < vml->vma->vm_end)
return 0; return 0;
for (sraml = child->mm->context.sram_list; sraml; sraml = sraml->next) for (sraml = child->mm->context.sram_list; sraml; sraml = sraml->next)
if (start >= (unsigned long)sraml->addr if (start >= (unsigned long)sraml->addr
&& start + len <= (unsigned long)sraml->addr + sraml->length) && start + len < (unsigned long)sraml->addr + sraml->length)
return 0; return 0;
if (start >= FIXED_CODE_START && start + len <= FIXED_CODE_END) if (start >= FIXED_CODE_START && start + len < FIXED_CODE_END)
return 0; return 0;
return -EIO; return -EIO;
@ -216,34 +216,30 @@ long arch_ptrace(struct task_struct *child, long request, long addr, long data)
break; break;
pr_debug("ptrace: user address is valid\n"); pr_debug("ptrace: user address is valid\n");
#if L1_CODE_LENGTH != 0 if (L1_CODE_LENGTH != 0 && addr >= L1_CODE_START
if (addr >= L1_CODE_START
&& addr + sizeof(tmp) <= L1_CODE_START + L1_CODE_LENGTH) { && addr + sizeof(tmp) <= L1_CODE_START + L1_CODE_LENGTH) {
safe_dma_memcpy (&tmp, (const void *)(addr), sizeof(tmp)); safe_dma_memcpy (&tmp, (const void *)(addr), sizeof(tmp));
copied = sizeof(tmp); copied = sizeof(tmp);
} else
#endif } else if (L1_DATA_A_LENGTH != 0 && addr >= L1_DATA_A_START
#if L1_DATA_A_LENGTH != 0
if (addr >= L1_DATA_A_START
&& addr + sizeof(tmp) <= L1_DATA_A_START + L1_DATA_A_LENGTH) { && addr + sizeof(tmp) <= L1_DATA_A_START + L1_DATA_A_LENGTH) {
memcpy(&tmp, (const void *)(addr), sizeof(tmp)); memcpy(&tmp, (const void *)(addr), sizeof(tmp));
copied = sizeof(tmp); copied = sizeof(tmp);
} else
#endif } else if (L1_DATA_B_LENGTH != 0 && addr >= L1_DATA_B_START
#if L1_DATA_B_LENGTH != 0
if (addr >= L1_DATA_B_START
&& addr + sizeof(tmp) <= L1_DATA_B_START + L1_DATA_B_LENGTH) { && addr + sizeof(tmp) <= L1_DATA_B_START + L1_DATA_B_LENGTH) {
memcpy(&tmp, (const void *)(addr), sizeof(tmp)); memcpy(&tmp, (const void *)(addr), sizeof(tmp));
copied = sizeof(tmp); copied = sizeof(tmp);
} else
#endif } else if (addr >= FIXED_CODE_START
if (addr >= FIXED_CODE_START
&& addr + sizeof(tmp) <= FIXED_CODE_END) { && addr + sizeof(tmp) <= FIXED_CODE_END) {
memcpy(&tmp, (const void *)(addr), sizeof(tmp)); memcpy(&tmp, (const void *)(addr), sizeof(tmp));
copied = sizeof(tmp); copied = sizeof(tmp);
} else } else
copied = access_process_vm(child, addr, &tmp, copied = access_process_vm(child, addr, &tmp,
sizeof(tmp), 0); sizeof(tmp), 0);
pr_debug("ptrace: copied size %d [0x%08lx]\n", copied, tmp); pr_debug("ptrace: copied size %d [0x%08lx]\n", copied, tmp);
if (copied != sizeof(tmp)) if (copied != sizeof(tmp))
break; break;
@ -300,34 +296,30 @@ long arch_ptrace(struct task_struct *child, long request, long addr, long data)
break; break;
pr_debug("ptrace: user address is valid\n"); pr_debug("ptrace: user address is valid\n");
#if L1_CODE_LENGTH != 0 if (L1_CODE_LENGTH != 0 && addr >= L1_CODE_START
if (addr >= L1_CODE_START
&& addr + sizeof(data) <= L1_CODE_START + L1_CODE_LENGTH) { && addr + sizeof(data) <= L1_CODE_START + L1_CODE_LENGTH) {
safe_dma_memcpy ((void *)(addr), &data, sizeof(data)); safe_dma_memcpy ((void *)(addr), &data, sizeof(data));
copied = sizeof(data); copied = sizeof(data);
} else
#endif } else if (L1_DATA_A_LENGTH != 0 && addr >= L1_DATA_A_START
#if L1_DATA_A_LENGTH != 0
if (addr >= L1_DATA_A_START
&& addr + sizeof(data) <= L1_DATA_A_START + L1_DATA_A_LENGTH) { && addr + sizeof(data) <= L1_DATA_A_START + L1_DATA_A_LENGTH) {
memcpy((void *)(addr), &data, sizeof(data)); memcpy((void *)(addr), &data, sizeof(data));
copied = sizeof(data); copied = sizeof(data);
} else
#endif } else if (L1_DATA_B_LENGTH != 0 && addr >= L1_DATA_B_START
#if L1_DATA_B_LENGTH != 0
if (addr >= L1_DATA_B_START
&& addr + sizeof(data) <= L1_DATA_B_START + L1_DATA_B_LENGTH) { && addr + sizeof(data) <= L1_DATA_B_START + L1_DATA_B_LENGTH) {
memcpy((void *)(addr), &data, sizeof(data)); memcpy((void *)(addr), &data, sizeof(data));
copied = sizeof(data); copied = sizeof(data);
} else
#endif } else if (addr >= FIXED_CODE_START
if (addr >= FIXED_CODE_START
&& addr + sizeof(data) <= FIXED_CODE_END) { && addr + sizeof(data) <= FIXED_CODE_END) {
memcpy((void *)(addr), &data, sizeof(data)); memcpy((void *)(addr), &data, sizeof(data));
copied = sizeof(data); copied = sizeof(data);
} else } else
copied = access_process_vm(child, addr, &data, copied = access_process_vm(child, addr, &data,
sizeof(data), 1); sizeof(data), 1);
pr_debug("ptrace: copied size %d\n", copied); pr_debug("ptrace: copied size %d\n", copied);
if (copied != sizeof(data)) if (copied != sizeof(data))
break; break;