diff mbox

[lucid,lucid/fsl-imx51,maverick,maverick/ti-omap4,natty,natty/ti-omap4,oneiric,precise,CVE,2/2] regset: Return -EFAULT, not -EIO, on host-side memory fault

Message ID 1331222934-18007-3-git-send-email-apw@canonical.com
State New
Headers show

Commit Message

Andy Whitcroft March 8, 2012, 4:08 p.m. UTC
From: "H. Peter Anvin" <hpa@zytor.com>

There is only one error code to return for a bad user-space buffer
pointer passed to a system call in the same address space as the
system call is executed, and that is EFAULT.  Furthermore, the
low-level access routines, which catch most of the faults, return
EFAULT already.

Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Acked-by: Roland McGrath <roland@hack.frob.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

(cherry picked from commit 5189fa19a4b2b4c3bec37c3a019d446148827717)
BugLink: http://bugs.launchpad.net/bugs/949905
Signed-off-by: Andy Whitcroft <apw@canonical.com>
 include/linux/regset.h |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)
diff mbox


diff --git a/include/linux/regset.h b/include/linux/regset.h
index 5150fd1..686f373 100644
--- a/include/linux/regset.h
+++ b/include/linux/regset.h
@@ -339,7 +339,7 @@  static inline int copy_regset_to_user(struct task_struct *target,
 		return -EOPNOTSUPP;
 	if (!access_ok(VERIFY_WRITE, data, size))
-		return -EIO;
+		return -EFAULT;
 	return regset->get(target, regset, offset, size, NULL, data);
@@ -365,7 +365,7 @@  static inline int copy_regset_from_user(struct task_struct *target,
 		return -EOPNOTSUPP;
 	if (!access_ok(VERIFY_READ, data, size))
-		return -EIO;
+		return -EFAULT;
 	return regset->set(target, regset, offset, size, NULL, data);