Commit-ID: 75ed82ea53bd0d2d8083261123576250f7ba851e Gitweb: http://git.kernel.org/tip/75ed82ea53bd0d2d8083261123576250f7ba851e Author: Oleg Nesterov <oleg@xxxxxxxxxx> AuthorDate: Sun, 16 Sep 2012 17:20:06 +0200 Committer: Oleg Nesterov <oleg@xxxxxxxxxx> CommitDate: Sat, 29 Sep 2012 21:21:53 +0200 uprobes: Change write_opcode() to use FOLL_FORCE write_opcode()->get_user_pages() needs FOLL_FORCE to ensure we can read the page even if the probed task did mprotect(PROT_NONE) after uprobe_register(). Without FOLL_WRITE, FOLL_FORCE doesn't have any side effect but allows to read the !VM_READ memory. Otherwiese the subsequent uprobe_unregister()->set_orig_insn() fails and we leak "int3". If that task does mprotect(PROT_READ | EXEC) and execute the probed insn later it will be killed. Note: in fact this is also needed for _register, see the next patch. Signed-off-by: Oleg Nesterov <oleg@xxxxxxxxxx> Acked-by: Srikar Dronamraju <srikar@xxxxxxxxxxxxxxxxxx> --- kernel/events/uprobes.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/kernel/events/uprobes.c b/kernel/events/uprobes.c index 198d732..80e8c7b 100644 --- a/kernel/events/uprobes.c +++ b/kernel/events/uprobes.c @@ -221,7 +221,7 @@ static int write_opcode(struct arch_uprobe *auprobe, struct mm_struct *mm, retry: /* Read the page with vaddr into memory */ - ret = get_user_pages(NULL, mm, vaddr, 1, 0, 0, &old_page, &vma); + ret = get_user_pages(NULL, mm, vaddr, 1, 0, 1, &old_page, &vma); if (ret <= 0) return ret; -- To unsubscribe from this list: send the line "unsubscribe linux-tip-commits" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
|