summaryrefslogtreecommitdiffstats
path: root/fs/ncpfs
diff options
context:
space:
mode:
authorThomas Gleixner <tglx@linutronix.de>2009-06-11 23:15:43 +0200
committerThomas Gleixner <tglx@linutronix.de>2009-06-24 21:27:35 +0200
commitd0725992c8a6fb63a16bc9e8b2a50094cc4db3cd (patch)
tree55b52c5bcc051c3b8c2fc3122000925541d5707b /fs/ncpfs
parentc82e6d450fda56cb2d4f68534173d3cd11b32f9f (diff)
downloadlinux-stable-d0725992c8a6fb63a16bc9e8b2a50094cc4db3cd.tar.gz
linux-stable-d0725992c8a6fb63a16bc9e8b2a50094cc4db3cd.tar.bz2
linux-stable-d0725992c8a6fb63a16bc9e8b2a50094cc4db3cd.zip
futex: Fix the write access fault problem for real
commit 64d1304a64 (futex: setup writeable mapping for futex ops which modify user space data) did address only half of the problem of write access faults. The patch was made on two wrong assumptions: 1) access_ok(VERIFY_WRITE,...) would actually check write access. On x86 it does _NOT_. It's a pure address range check. 2) a RW mapped region can not go away under us. That's wrong as well. Nobody can prevent another thread to call mprotect(PROT_READ) on that region where the futex resides. If that call hits between the get_user_pages_fast() verification and the actual write access in the atomic region we are toast again. The solution is to not rely on access_ok and get_user() for any write access related fault on private and shared futexes. Instead we need to fault it in with verification of write access. There is no generic non destructive write mechanism which would fault the user page in trough a #PF, but as we already know that we will fault we can as well call get_user_pages() directly and avoid the #PF overhead. If get_user_pages() returns -EFAULT we know that we can not fix it anymore and need to bail out to user space. Remove a bunch of confusing comments on this issue as well. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Cc: stable@kernel.org
Diffstat (limited to 'fs/ncpfs')
0 files changed, 0 insertions, 0 deletions