summaryrefslogtreecommitdiff
path: root/mm/nommu.c
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2006-09-27 01:50:15 -0700
committerLinus Torvalds <torvalds@g5.osdl.org>2006-09-27 08:26:14 -0700
commit0ec76a110f432e98277e464b82ace8dd66571689 (patch)
tree3ed8de0ea6869fe17bec7689c493a2db02f73f4a /mm/nommu.c
parent361f6ed1d00f666a1a7c33f3e9aaccb713f9b9e4 (diff)
downloadlwn-0ec76a110f432e98277e464b82ace8dd66571689.tar.gz
lwn-0ec76a110f432e98277e464b82ace8dd66571689.zip
[PATCH] NOMMU: Check that access_process_vm() has a valid target
Check that access_process_vm() is accessing a valid mapping in the target process. This limits ptrace() accesses and accesses through /proc/<pid>/maps to only those regions actually mapped by a program. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'mm/nommu.c')
-rw-r--r--mm/nommu.c47
1 files changed, 47 insertions, 0 deletions
diff --git a/mm/nommu.c b/mm/nommu.c
index d99dea31e443..d08acdae0036 100644
--- a/mm/nommu.c
+++ b/mm/nommu.c
@@ -1206,3 +1206,50 @@ struct page *filemap_nopage(struct vm_area_struct *area,
BUG();
return NULL;
}
+
+/*
+ * Access another process' address space.
+ * - source/target buffer must be kernel space
+ */
+int access_process_vm(struct task_struct *tsk, unsigned long addr, void *buf, int len, int write)
+{
+ struct vm_list_struct *vml;
+ struct vm_area_struct *vma;
+ struct mm_struct *mm;
+
+ if (addr + len < addr)
+ return 0;
+
+ mm = get_task_mm(tsk);
+ if (!mm)
+ return 0;
+
+ down_read(&mm->mmap_sem);
+
+ /* the access must start within one of the target process's mappings */
+ for (vml = mm->context.vmlist; vml; vml = vml->next)
+ if (addr >= vml->vma->vm_start && addr < vml->vma->vm_end)
+ break;
+
+ if (vml) {
+ vma = vml->vma;
+
+ /* don't overrun this mapping */
+ if (addr + len >= vma->vm_end)
+ len = vma->vm_end - addr;
+
+ /* only read or write mappings where it is permitted */
+ if (write && vma->vm_flags & VM_WRITE)
+ len -= copy_to_user((void *) addr, buf, len);
+ else if (!write && vma->vm_flags & VM_READ)
+ len -= copy_from_user(buf, (void *) addr, len);
+ else
+ len = 0;
+ } else {
+ len = 0;
+ }
+
+ up_read(&mm->mmap_sem);
+ mmput(mm);
+ return len;
+}