diff options
| -rw-r--r-- | kernel/futex.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/kernel/futex.c b/kernel/futex.c index 02febad00794..f6ff0191ecf7 100644 --- a/kernel/futex.c +++ b/kernel/futex.c | |||
| @@ -251,6 +251,9 @@ get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw) | |||
| 251 | return -EINVAL; | 251 | return -EINVAL; |
| 252 | address -= key->both.offset; | 252 | address -= key->both.offset; |
| 253 | 253 | ||
| 254 | if (unlikely(!access_ok(rw, uaddr, sizeof(u32)))) | ||
| 255 | return -EFAULT; | ||
| 256 | |||
| 254 | /* | 257 | /* |
| 255 | * PROCESS_PRIVATE futexes are fast. | 258 | * PROCESS_PRIVATE futexes are fast. |
| 256 | * As the mm cannot disappear under us and the 'key' only needs | 259 | * As the mm cannot disappear under us and the 'key' only needs |
| @@ -259,8 +262,6 @@ get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw) | |||
| 259 | * but access_ok() should be faster than find_vma() | 262 | * but access_ok() should be faster than find_vma() |
| 260 | */ | 263 | */ |
| 261 | if (!fshared) { | 264 | if (!fshared) { |
| 262 | if (unlikely(!access_ok(VERIFY_WRITE, uaddr, sizeof(u32)))) | ||
| 263 | return -EFAULT; | ||
| 264 | key->private.mm = mm; | 265 | key->private.mm = mm; |
| 265 | key->private.address = address; | 266 | key->private.address = address; |
| 266 | get_futex_key_refs(key); | 267 | get_futex_key_refs(key); |