diff options
author | Christopher Yeoh <cyeoh@au1.ibm.com> | 2012-02-02 11:34:09 +1030 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2012-02-02 12:55:17 -0800 |
commit | 8cdb878dcb359fd1137e9abdee9322f5e9bcfdf8 (patch) | |
tree | 146afc01f3c1d7cbc944328484d077032bc53bfd /mm/process_vm_access.c | |
parent | 24b36da33c64368775f4ef9386d44dce1d2bc8cf (diff) | |
download | op-kernel-dev-8cdb878dcb359fd1137e9abdee9322f5e9bcfdf8.zip op-kernel-dev-8cdb878dcb359fd1137e9abdee9322f5e9bcfdf8.tar.gz |
Fix race in process_vm_rw_core
This fixes the race in process_vm_core found by Oleg (see
http://article.gmane.org/gmane.linux.kernel/1235667/
for details).
This has been updated since I last sent it as the creation of the new
mm_access() function did almost exactly the same thing as parts of the
previous version of this patch did.
In order to use mm_access() even when /proc isn't enabled, we move it to
kernel/fork.c where other related process mm access functions already
are.
Signed-off-by: Chris Yeoh <yeohc@au1.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'mm/process_vm_access.c')
-rw-r--r-- | mm/process_vm_access.c | 23 |
1 files changed, 9 insertions, 14 deletions
diff --git a/mm/process_vm_access.c b/mm/process_vm_access.c index e920aa3..c20ff48 100644 --- a/mm/process_vm_access.c +++ b/mm/process_vm_access.c @@ -298,23 +298,18 @@ static ssize_t process_vm_rw_core(pid_t pid, const struct iovec *lvec, goto free_proc_pages; } - task_lock(task); - if (__ptrace_may_access(task, PTRACE_MODE_ATTACH)) { - task_unlock(task); - rc = -EPERM; - goto put_task_struct; - } - mm = task->mm; - - if (!mm || (task->flags & PF_KTHREAD)) { - task_unlock(task); - rc = -EINVAL; + mm = mm_access(task, PTRACE_MODE_ATTACH); + if (!mm || IS_ERR(mm)) { + rc = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH; + /* + * Explicitly map EACCES to EPERM as EPERM is a more a + * appropriate error code for process_vw_readv/writev + */ + if (rc == -EACCES) + rc = -EPERM; goto put_task_struct; } - atomic_inc(&mm->mm_users); - task_unlock(task); - for (i = 0; i < riovcnt && iov_l_curr_idx < liovcnt; i++) { rc = process_vm_rw_single_vec( (unsigned long)rvec[i].iov_base, rvec[i].iov_len, |