(10/2/13 10:27 AM), Jan Kara wrote:
> Signed-off-by: Jan Kara <jack@xxxxxxx>
> ---
> mm/process_vm_access.c | 8 ++------
> 1 file changed, 2 insertions(+), 6 deletions(-)
>
> diff --git a/mm/process_vm_access.c b/mm/process_vm_access.c
> index fd26d0433509..c1bc47d8ed90 100644
> --- a/mm/process_vm_access.c
> +++ b/mm/process_vm_access.c
> @@ -64,12 +64,8 @@ static int process_vm_rw_pages(struct task_struct *task,
> *bytes_copied = 0;
>
> /* Get the pages we're interested in */
> - down_read(&mm->mmap_sem);
> - pages_pinned = get_user_pages(task, mm, pa,
> - nr_pages_to_copy,
> - vm_write, 0, process_pages, NULL);
> - up_read(&mm->mmap_sem);
> -
> + pages_pinned = get_user_pages_unlocked(task, mm, pa, nr_pages_to_copy,
> + vm_write, 0, process_pages);
> if (pages_pinned != nr_pages_to_copy) {
> rc = -EFAULT;
> goto end;
This is wrong because original code is wrong. In this function, page may be pointed to
anon pages. Then, you should keep to take mmap_sem until finish to copying. Otherwise
concurrent fork() makes nasty COW issue.
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>