From 0440f4f2574e2ec9a83a8b24539e3e2faf02753f Mon Sep 17 00:00:00 2001
From: Andreas Kling <kling@serenityos.org>
Date: Tue, 14 Apr 2020 09:41:49 +0200
Subject: [PATCH] Kernel: Fix little mistakes in ptrace(PT_PEEK)

Output address validation should be done for the tracer's address space
and not the tracee's.

Also use copy_to_user() instead of copy_from_user(). The two are really
identical at the moment, but maybe we can add some assertions to make
sure we're doing what we think we're doing.

Thanks to Sergey for spotting these!
---
 Kernel/Ptrace.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Kernel/Ptrace.cpp b/Kernel/Ptrace.cpp
index ca91e66913c..67a3ef317b0 100644
--- a/Kernel/Ptrace.cpp
+++ b/Kernel/Ptrace.cpp
@@ -113,9 +113,9 @@ KResultOr<u32> handle_syscall(const Kernel::Syscall::SC_ptrace_params& params, P
         auto result = peer->process().peek_user_data(peek_params.address);
         if (result.is_error())
             return -EFAULT;
-        if (!peer->process().validate_write(peek_params.out_data, sizeof(u32)))
+        if (!caller.validate_write(peek_params.out_data, sizeof(u32)))
             return -EFAULT;
-        copy_from_user(peek_params.out_data, &result.value());
+        copy_to_user(peek_params.out_data, &result.value());
         break;
     }