Home » Mailing list archives » git-commits-head » 2008 » October » 13

Blackfin arch: ptrace - fix off-by-one check on end of memory regions

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Linux Kernel Mailing List
Subject: Blackfin arch: ptrace - fix off-by-one check on end of memory regions
Date: Monday, October 13, 2008 - 11:21 am

Gitweb:     http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d207a8...
Commit:     d207a8c7681f14302e9e80ef5b8202abe39060b5
Parent:     2043f3f7312cc7fbbc2acffb9d87265b0ad9a529
Author:     Mike Frysinger <vapier.adi@gmail.com>
AuthorDate: Fri Oct 10 17:26:57 2008 +0800
Committer:  Bryan Wu <cooloney@kernel.org>
CommitDate: Fri Oct 10 17:26:57 2008 +0800

    Blackfin arch: ptrace - fix off-by-one check on end of memory regions
    
    Signed-off-by: Mike Frysinger <vapier.adi@gmail.com>
    Signed-off-by: Bryan Wu <cooloney@kernel.org>
---
 arch/blackfin/kernel/ptrace.c |   50 +++++++++++++++++-----------------------
 1 files changed, 21 insertions(+), 29 deletions(-)

diff --git a/arch/blackfin/kernel/ptrace.c b/arch/blackfin/kernel/ptrace.c
index e8172ee..7e1f762 100644
--- a/arch/blackfin/kernel/ptrace.c
+++ b/arch/blackfin/kernel/ptrace.c
@@ -161,15 +161,15 @@ static inline int is_user_addr_valid(struct task_struct *child,
 	struct sram_list_struct *sraml;
 
 	for (vml = child->mm->context.vmlist; vml; vml = vml->next)
-		if (start >= vml->vma->vm_start && start + len <= vml->vma->vm_end)
+		if (start >= vml->vma->vm_start && start + len < vml->vma->vm_end)
 			return 0;
 
 	for (sraml = child->mm->context.sram_list; sraml; sraml = sraml->next)
 		if (start >= (unsigned long)sraml->addr
-		    && start + len <= (unsigned long)sraml->addr + sraml->length)
+		    && start + len < (unsigned long)sraml->addr + sraml->length)
 			return 0;
 
-	if (start >= FIXED_CODE_START && start + len <= FIXED_CODE_END)
+	if (start >= FIXED_CODE_START && start + len < FIXED_CODE_END)
 		return 0;
 
 	return -EIO;
@@ -216,34 +216,30 @@ long arch_ptrace(struct task_struct *child, long request, long addr, long data)
 				break;
 			pr_debug("ptrace: user address is valid\n");
 
-#if L1_CODE_LENGTH != 0
-			if (addr >= L1_CODE_START
+			if (L1_CODE_LENGTH != 0 && addr >= L1_CODE_START
 			    && addr + sizeof(tmp) <= L1_CODE_START + L1_CODE_LENGTH) {
 				safe_dma_memcpy (&tmp, (const void *)(addr), sizeof(tmp));
 				copied = sizeof(tmp);
-			} else
-#endif
-#if L1_DATA_A_LENGTH != 0
-			if (addr >= L1_DATA_A_START
+
+			} else if (L1_DATA_A_LENGTH != 0 && addr >= L1_DATA_A_START
 			    && addr + sizeof(tmp) <= L1_DATA_A_START + L1_DATA_A_LENGTH) {
 				memcpy(&tmp, (const void *)(addr), sizeof(tmp));
 				copied = sizeof(tmp);
-			} else
-#endif
-#if L1_DATA_B_LENGTH != 0
-			if (addr >= L1_DATA_B_START
+
+			} else if (L1_DATA_B_LENGTH != 0 && addr >= L1_DATA_B_START
 			    && addr + sizeof(tmp) <= L1_DATA_B_START + L1_DATA_B_LENGTH) {
 				memcpy(&tmp, (const void *)(addr), sizeof(tmp));
 				copied = sizeof(tmp);
-			} else
-#endif
-			if (addr >= FIXED_CODE_START
+
+			} else if (addr >= FIXED_CODE_START
 			    && addr + sizeof(tmp) <= FIXED_CODE_END) {
 				memcpy(&tmp, (const void *)(addr), sizeof(tmp));
 				copied = sizeof(tmp);
+
 			} else
 				copied = access_process_vm(child, addr, &tmp,
 							   sizeof(tmp), 0);
+
 			pr_debug("ptrace: copied size %d [0x%08lx]\n", copied, tmp);
 			if (copied != sizeof(tmp))
 				break;
@@ -300,34 +296,30 @@ long arch_ptrace(struct task_struct *child, long request, long addr, long data)
 				break;
 			pr_debug("ptrace: user address is valid\n");
 
-#if L1_CODE_LENGTH != 0
-			if (addr >= L1_CODE_START
+			if (L1_CODE_LENGTH != 0 && addr >= L1_CODE_START
 			    && addr + sizeof(data) <= L1_CODE_START + L1_CODE_LENGTH) {
 				safe_dma_memcpy ((void *)(addr), &data, sizeof(data));
 				copied = sizeof(data);
-			} else
-#endif
-#if L1_DATA_A_LENGTH != 0
-			if (addr >= L1_DATA_A_START
+
+			} else if (L1_DATA_A_LENGTH != 0 && addr >= L1_DATA_A_START
 			    && addr + sizeof(data) <= L1_DATA_A_START + L1_DATA_A_LENGTH) {
 				memcpy((void *)(addr), &data, sizeof(data));
 				copied = sizeof(data);
-			} else
-#endif
-#if L1_DATA_B_LENGTH != 0
-			if (addr >= L1_DATA_B_START
+
+			} else if (L1_DATA_B_LENGTH != 0 && addr >= L1_DATA_B_START
 			    && addr + sizeof(data) <= L1_DATA_B_START + L1_DATA_B_LENGTH) {
 				memcpy((void *)(addr), &data, sizeof(data));
 				copied = sizeof(data);
-			} else
-#endif
-			if (addr >= FIXED_CODE_START
+
+			} else if (addr >= FIXED_CODE_START
 			    && addr + sizeof(data) <= FIXED_CODE_END) {
 				memcpy((void *)(addr), &data, sizeof(data));
 				copied = sizeof(data);
+
 			} else
 				copied = access_process_vm(child, addr, &data,
 							   sizeof(data), 1);
+
 			pr_debug("ptrace: copied size %d\n", copied);
 			if (copied != sizeof(data))
 				break;
--
To unsubscribe from this list: send the line "unsubscribe git-commits-head" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
Blackfin arch: ptrace - fix off-by-one check on end of mem ..., Linux Kernel Mailing ..., (Mon Oct 13, 11:21 am)