• Thomas Gleixner's avatar
    futex: setup writeable mapping for futex ops which modify user space data · 64d1304a
    Thomas Gleixner authored
    The futex code installs a read only mapping via get_user_pages_fast()
    even if the futex op function has to modify user space data. The
    eventual fault was fixed up by futex_handle_fault() which walked the
    VMA with mmap_sem held.
    
    After the cleanup patches which removed the mmap_sem dependency of the
    futex code commit 4dc5b7a36a49eff97050894cf1b3a9a02523717 (futex:
    clean up fault logic) removed the private VMA walk logic from the
    futex code. This change results in a stale RO mapping which is not
    fixed up.
    
    Instead of reintroducing the previous fault logic we set up the
    mapping in get_user_pages_fast() read/write for all operations which
    modify user space data. Also handle private futexes in the same way
    and make the current unconditional access_ok(VERIFY_WRITE) depend on
    the futex op.
    Reported-by: default avatarAndreas Schwab <schwab@linux-m68k.org>
    Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
    CC: stable@kernel.org
    64d1304a
futex.c 48.4 KB