aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNicolas Pitre <nico@cam.org>2006-03-25 17:44:05 -0500
committerRussell King <rmk+kernel@arm.linux.org.uk>2006-03-25 17:44:05 -0500
commit2ce9804fbd9d4da75fb5bb53331b46b614a7d5c3 (patch)
tree8b5770e7f6910d518227d68db34f1f322f4d69c7
parent0003cedfc577be9d679c16531f8720739e9637ed (diff)
[ARM] 3030/2: fix permission check in the obscur cmpxchg syscall
Patch from Nicolas Pitre Quoting RMK: |pte_write() just says that the page _may_ be writable. It doesn't say |that the MMU is programmed to allow writes. If pte_dirty() doesn't |return true, that means that the page is _not_ writable from userspace. |If you write to it from kernel mode (without using put_user) you'll |bypass the MMU read-only protection and may end up writing to a page |owned by two separate processes. Signed-off-by: Nicolas Pitre <nico@cam.org> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
-rw-r--r--arch/arm/kernel/traps.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c
index 03924bcc6129..d566d5f4574d 100644
--- a/arch/arm/kernel/traps.c
+++ b/arch/arm/kernel/traps.c
@@ -506,7 +506,7 @@ asmlinkage int arm_syscall(int no, struct pt_regs *regs)
506 if (!pmd_present(*pmd)) 506 if (!pmd_present(*pmd))
507 goto bad_access; 507 goto bad_access;
508 pte = pte_offset_map_lock(mm, pmd, addr, &ptl); 508 pte = pte_offset_map_lock(mm, pmd, addr, &ptl);
509 if (!pte_present(*pte) || !pte_write(*pte)) { 509 if (!pte_present(*pte) || !pte_dirty(*pte)) {
510 pte_unmap_unlock(pte, ptl); 510 pte_unmap_unlock(pte, ptl);
511 goto bad_access; 511 goto bad_access;
512 } 512 }