[ARM] 3030/2: fix permission check in the obscur cmpxchg syscall

Patch from Nicolas Pitre Quoting RMK: |pte_write() just says that the page _may_ be writable. It doesn't say |that the MMU is programmed to allow writes. If pte_dirty() doesn't |return true, that means that the page is _not_ writable from userspace. |If you write to it from kernel mode (without using put_user) you'll |bypass the MMU read-only protection and may end up writing to a page |owned by two separate processes. Signed-off-by: N Nicolas Pitre <nico@cam.org> Signed-off-by: N Russell King <rmk+kernel@arm.linux.org.uk>

[ARM] 3030/2: fix permission check in the obscur cmpxchg syscall
Patch from Nicolas Pitre Quoting RMK: |pte_write() just says that the page _may_ be writable. It doesn't say |that the MMU is programmed to allow writes. If pte_dirty() doesn't |return true, that means that the page is _not_ writable from userspace. |If you write to it from kernel mode (without using put_user) you'll |bypass the MMU read-only protection and may end up writing to a page |owned by two separate processes. Signed-off-by: N Nicolas Pitre <nico@cam.org> Signed-off-by: N Russell King <rmk+kernel@arm.linux.org.uk>
2ce9804f · Nicolas Pitre · Russell King · 0003cedf · 2ce9804f
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

arch/arm/kernel/traps.c arch/arm/kernel/traps.c +1 -1

未找到文件。
--- a/arch/arm/kernel/traps.c
+++ b/arch/arm/kernel/traps.c
@@ -506,7 +506,7 @@ asmlinkage int arm_syscall(int no, struct pt_regs *regs)
 		if (!pmd_present(*pmd))
 			goto bad_access;
 		pte = pte_offset_map_lock(mm, pmd, addr, &ptl);
-		if (!pte_present(*pte) || !pte_write(*pte)) {
+		if (!pte_present(*pte) || !pte_dirty(*pte)) {
 			pte_unmap_unlock(pte, ptl);
 			goto bad_access;
 		}