• Andrew Morton's avatar
    [PATCH] access_ok() race fix for 80386. · 7c0aceca
    Andrew Morton authored
    From: Manfred Spraul <manfred@colorfullife.com>
    
    Real 80386 cpus ignore the write protected bit in the page tables when
    running in supervisory mode.  Thus the write protected bit must be checked by
    software.  The current implementation does that check during access_ok().
    This can result in data corruptions, if kswapd starts a swap-out between the
    access_ok and the actual write operation.
    
    To fix this, the patch moves the check from access_ok() into
    __copy_to_user_ll(), and redirects all user space writes into
    __copy_to_user_ll().  The patch only affects kernels build for 80386 cpus.
    Additionally, the patch removes the dead prototypes for __put_user_{1,2,4,8}.
    
    Due to the uninlining of access_ok, the .text segment is now ~ 8 kB shorter.
    7c0aceca
usercopy.c 15.5 KB