On Mon, Dec 8, 2014 at 11:28 AM, Al Viro <viro@xxxxxxxxxxxxxxxxxx> wrote:
>
> On x86 it does, but I don't see anything obvious in generic version in
> mm/gup.c, so the old code might still have a problem on some architectures.
> What am I missing here?
Hmm. You may be right. The "access_ok()" is supposed to protect
things, but for cases like finit_module() that has explicitly said
"kernel addresses are ok", that check doesn't work.
Maybe something like this..
diff --git a/mm/gup.c b/mm/gup.c
index cd62c8c90d4a..6234b1e6ced9 100644
--- a/mm/gup.c
+++ b/mm/gup.c
@@ -951,6 +951,9 @@ int __get_user_pages_fast(unsigned long start,
int nr_pages, int write,
len = (unsigned long) nr_pages << PAGE_SHIFT;
end = start + len;
+ if (unlikely(segment_eq(get_fs(), KERNEL_DS)))
+ return 0;
+
if (unlikely(!access_ok(write ? VERIFY_WRITE : VERIFY_READ,
start, len)))
return 0;
Completely untested, obviously. That code isn't even compiled on x86.
Adding linux-arch for more comments.
(Background: the generic non-x86 "get_user_pages_fast()" function
cannot check that the page tables are actually *user* page tables,
so..)
Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
