[PATCH] missing ->mmap_sem around find_vma() in swp

linux-arm-kernel.lists.infradead.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] missing ->mmap_sem around find_vma() in swp_emulate.c
@ 2012-12-16  0:25 Al Viro
  2012-12-20  7:15 ` Dirk Behme
  0 siblings, 1 reply; 3+ messages in thread
From: Al Viro @ 2012-12-16  0:25 UTC (permalink / raw)
  To: linux-arm-kernel

find_vma() is *not* safe when somebody else is removing vmas.  Not just
the return value might get bogus just as you are getting it (this instance
doesn't try to dereference the resulting vma), the search itself can get
buggered in rather spectacular ways.  IOW, ->mmap_sem really, really is
not optional here.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
diff --git a/arch/arm/kernel/swp_emulate.c b/arch/arm/kernel/swp_emulate.c
index df74518..ab1017b 100644
--- a/arch/arm/kernel/swp_emulate.c
+++ b/arch/arm/kernel/swp_emulate.c
@@ -109,10 +109,12 @@ static void set_segfault(struct pt_regs *regs, unsigned long addr)
 {
 	siginfo_t info;
 
+	down_read(&current->mm->mmap_sem);
 	if (find_vma(current->mm, addr) == NULL)
 		info.si_code = SEGV_MAPERR;
 	else
 		info.si_code = SEGV_ACCERR;
+	up_read(&current->mm->mmap_sem);
 
 	info.si_signo = SIGSEGV;
 	info.si_errno = 0;

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* [PATCH] missing ->mmap_sem around find_vma() in swp_emulate.c
  2012-12-16  0:25 [PATCH] missing ->mmap_sem around find_vma() in swp_emulate.c Al Viro
@ 2012-12-20  7:15 ` Dirk Behme
  2012-12-20 10:03   ` Russell King - ARM Linux
  0 siblings, 1 reply; 3+ messages in thread
From: Dirk Behme @ 2012-12-20  7:15 UTC (permalink / raw)
  To: linux-arm-kernel

Am 16.12.2012 01:25, schrieb Al Viro:
> find_vma() is *not* safe when somebody else is removing vmas.  Not just
> the return value might get bogus just as you are getting it (this instance
> doesn't try to dereference the resulting vma), the search itself can get
> buggered in rather spectacular ways.  IOW, ->mmap_sem really, really is
> not optional here.
>
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
> ---
> diff --git a/arch/arm/kernel/swp_emulate.c b/arch/arm/kernel/swp_emulate.c
> index df74518..ab1017b 100644
> --- a/arch/arm/kernel/swp_emulate.c
> +++ b/arch/arm/kernel/swp_emulate.c
> @@ -109,10 +109,12 @@ static void set_segfault(struct pt_regs *regs, unsigned long addr)
>   {
>   	siginfo_t info;
>
> +	down_read(&current->mm->mmap_sem);
>   	if (find_vma(current->mm, addr) == NULL)
>   		info.si_code = SEGV_MAPERR;
>   	else
>   		info.si_code = SEGV_ACCERR;
> +	up_read(&current->mm->mmap_sem);
>
>   	info.si_signo = SIGSEGV;
>   	info.si_errno = 0;

Any comment on this?

Thanks

Dirk

^ permalink raw reply	[flat|nested] 3+ messages in thread

* [PATCH] missing ->mmap_sem around find_vma() in swp_emulate.c
  2012-12-20  7:15 ` Dirk Behme
@ 2012-12-20 10:03   ` Russell King - ARM Linux
  0 siblings, 0 replies; 3+ messages in thread
From: Russell King - ARM Linux @ 2012-12-20 10:03 UTC (permalink / raw)
  To: linux-arm-kernel

On Thu, Dec 20, 2012 at 08:15:47AM +0100, Dirk Behme wrote:
> Am 16.12.2012 01:25, schrieb Al Viro:
>> find_vma() is *not* safe when somebody else is removing vmas.  Not just
>> the return value might get bogus just as you are getting it (this instance
>> doesn't try to dereference the resulting vma), the search itself can get
>> buggered in rather spectacular ways.  IOW, ->mmap_sem really, really is
>> not optional here.
>>
>> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
>> ---
>> diff --git a/arch/arm/kernel/swp_emulate.c b/arch/arm/kernel/swp_emulate.c
>> index df74518..ab1017b 100644
>> --- a/arch/arm/kernel/swp_emulate.c
>> +++ b/arch/arm/kernel/swp_emulate.c
>> @@ -109,10 +109,12 @@ static void set_segfault(struct pt_regs *regs, unsigned long addr)
>>   {
>>   	siginfo_t info;
>>
>> +	down_read(&current->mm->mmap_sem);
>>   	if (find_vma(current->mm, addr) == NULL)
>>   		info.si_code = SEGV_MAPERR;
>>   	else
>>   		info.si_code = SEGV_ACCERR;
>> +	up_read(&current->mm->mmap_sem);
>>
>>   	info.si_signo = SIGSEGV;
>>   	info.si_errno = 0;
>
> Any comment on this?

Any comment required on this?  No, it's from Al Viro, which means it's
(mostly) always correct.  I'll look at merging it soon.

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2012-12-20 10:03 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-12-16  0:25 [PATCH] missing ->mmap_sem around find_vma() in swp_emulate.c Al Viro
2012-12-20  7:15 ` Dirk Behme
2012-12-20 10:03   ` Russell King - ARM Linux

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).