aboutsummaryrefslogtreecommitdiff
path: root/scripts/cleanpatch
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2014-04-22 13:49:40 -0700
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2014-06-07 10:28:08 -0700
commite83c667a1f451b1ae47a27d5e2ef0acb5f2c5b3d (patch)
tree07429221321badd1cd48f1a51ef38948a716840e /scripts/cleanpatch
parentef4c3729e2561dd90c2faaa05309f3419d271a99 (diff)
mm: make fixup_user_fault() check the vma access rights too
commit 1b17844b29ae042576bea588164f2f1e9590a8bc upstream. fixup_user_fault() is used by the futex code when the direct user access fails, and the futex code wants it to either map in the page in a usable form or return an error. It relied on handle_mm_fault() to map the page, and correctly checked the error return from that, but while that does map the page, it doesn't actually guarantee that the page will be mapped with sufficient permissions to be then accessed. So do the appropriate tests of the vma access rights by hand. [ Side note: arguably handle_mm_fault() could just do that itself, but we have traditionally done it in the caller, because some callers - notably get_user_pages() - have been able to access pages even when they are mapped with PROT_NONE. Maybe we should re-visit that design decision, but in the meantime this is the minimal patch. ] Found by Dave Jones running his trinity tool. Reported-by: Dave Jones <davej@redhat.com> Acked-by: Hugh Dickins <hughd@google.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'scripts/cleanpatch')
0 files changed, 0 insertions, 0 deletions