The PTRACE_POKEDATA request writes a word of data to the tracee's memory. In PCuABI the size of the write remains 8 bytes. Currently the kernel erroneously writes 16 bytes, thereby overwriting 8 bytes of unrelated memory. Fix this by restoring the type of the data argument of generic_ptrace_pokedata() to unsigned long.
Fixes: ("kernel/ptrace: Modify ptrace syscall to accept capability arguments") Signed-off-by: Kristina Martsenko kristina.martsenko@arm.com --- include/linux/ptrace.h | 2 +- kernel/ptrace.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/linux/ptrace.h b/include/linux/ptrace.h index a4c84dbbe084..cfdd378636c7 100644 --- a/include/linux/ptrace.h +++ b/include/linux/ptrace.h @@ -108,7 +108,7 @@ static inline void ptrace_unlink(struct task_struct *child) int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr, user_uintptr_t data); int generic_ptrace_pokedata(struct task_struct *tsk, unsigned long addr, - user_uintptr_t data); + unsigned long data);
/** * ptrace_parent - return the task that is tracing the given task diff --git a/kernel/ptrace.c b/kernel/ptrace.c index c278ae0058a6..e5343257131f 100644 --- a/kernel/ptrace.c +++ b/kernel/ptrace.c @@ -1350,7 +1350,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr, }
int generic_ptrace_pokedata(struct task_struct *tsk, unsigned long addr, - user_uintptr_t data) + unsigned long data) { int copied;