diff options
| author | Nicolas Pitre <nico@cam.org> | 2006-03-25 17:44:05 -0500 |
|---|---|---|
| committer | Russell King <rmk+kernel@arm.linux.org.uk> | 2006-03-25 17:44:05 -0500 |
| commit | 2ce9804fbd9d4da75fb5bb53331b46b614a7d5c3 (patch) | |
| tree | 8b5770e7f6910d518227d68db34f1f322f4d69c7 | |
| parent | 0003cedfc577be9d679c16531f8720739e9637ed (diff) | |
[ARM] 3030/2: fix permission check in the obscur cmpxchg syscall
Patch from Nicolas Pitre
Quoting RMK:
|pte_write() just says that the page _may_ be writable. It doesn't say
|that the MMU is programmed to allow writes. If pte_dirty() doesn't
|return true, that means that the page is _not_ writable from userspace.
|If you write to it from kernel mode (without using put_user) you'll
|bypass the MMU read-only protection and may end up writing to a page
|owned by two separate processes.
Signed-off-by: Nicolas Pitre <nico@cam.org>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
| -rw-r--r-- | arch/arm/kernel/traps.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c index 03924bcc6129..d566d5f4574d 100644 --- a/arch/arm/kernel/traps.c +++ b/arch/arm/kernel/traps.c | |||
| @@ -506,7 +506,7 @@ asmlinkage int arm_syscall(int no, struct pt_regs *regs) | |||
| 506 | if (!pmd_present(*pmd)) | 506 | if (!pmd_present(*pmd)) |
| 507 | goto bad_access; | 507 | goto bad_access; |
| 508 | pte = pte_offset_map_lock(mm, pmd, addr, &ptl); | 508 | pte = pte_offset_map_lock(mm, pmd, addr, &ptl); |
| 509 | if (!pte_present(*pte) || !pte_write(*pte)) { | 509 | if (!pte_present(*pte) || !pte_dirty(*pte)) { |
| 510 | pte_unmap_unlock(pte, ptl); | 510 | pte_unmap_unlock(pte, ptl); |
| 511 | goto bad_access; | 511 | goto bad_access; |
| 512 | } | 512 | } |