[ARM] 3030/2: fix permission check in the obscur cmpxchg syscall
Patch from Nicolas Pitre Quoting RMK: |pte_write() just says that the page _may_ be writable. It doesn't say |that the MMU is programmed to allow writes. If pte_dirty() doesn't |return true, that means that the page is _not_ writable from userspace. |If you write to it from kernel mode (without using put_user) you'll |bypass the MMU read-only protection and may end up writing to a page |owned by two separate processes. Signed-off-by: Nicolas Pitre <nico@cam.org> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
This commit is contained in:
parent
0003cedfc5
commit
2ce9804fbd
|
@ -506,7 +506,7 @@ asmlinkage int arm_syscall(int no, struct pt_regs *regs)
|
|||
if (!pmd_present(*pmd))
|
||||
goto bad_access;
|
||||
pte = pte_offset_map_lock(mm, pmd, addr, &ptl);
|
||||
if (!pte_present(*pte) || !pte_write(*pte)) {
|
||||
if (!pte_present(*pte) || !pte_dirty(*pte)) {
|
||||
pte_unmap_unlock(pte, ptl);
|
||||
goto bad_access;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue