Home Explore Help
Register Sign In
phyus
/
linux-vybrid_public
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

[ARM] 3030/2: fix permission check in the obscur cmpxchg syscall

Patch from Nicolas Pitre

Quoting RMK:

|pte_write() just says that the page _may_ be writable. It doesn't say
|that the MMU is programmed to allow writes. If pte_dirty() doesn't
|return true, that means that the page is _not_ writable from userspace.
|If you write to it from kernel mode (without using put_user) you'll
|bypass the MMU read-only protection and may end up writing to a page
|owned by two separate processes.

Signed-off-by: Nicolas Pitre <nico@cam.org>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Nicolas Pitre 19 years ago
parent
0003cedfc5
commit
2ce9804fbd
1 changed files with 1 additions and 1 deletions
Unified View Show Diff Stats
  1. 1 1
      arch/arm/kernel/traps.c

+ 1 - 1
arch/arm/kernel/traps.c
View File 

@@ -506,7 +506,7 @@ asmlinkage int arm_syscall(int no, struct pt_regs *regs)
 
 		if (!pmd_present(*pmd))
 
 		if (!pmd_present(*pmd))
 
 			goto bad_access;
 
 			goto bad_access;
 
 		pte = pte_offset_map_lock(mm, pmd, addr, &ptl);
 
 		pte = pte_offset_map_lock(mm, pmd, addr, &ptl);
 
-		if (!pte_present(*pte) || !pte_write(*pte)) {
 
+		if (!pte_present(*pte) || !pte_dirty(*pte)) {
 
 			pte_unmap_unlock(pte, ptl);
 
 			pte_unmap_unlock(pte, ptl);
 
 			goto bad_access;
 
 			goto bad_access;
 
 		}
 
 		}