• Laurent Dufour's avatar
    x86/mm: Fix fault error path using unsafe vma pointer · a3c4fb7c
    Laurent Dufour authored
    commit 7b2d0dba ("x86/mm/pkeys: Pass VMA down in to fault signal
    generation code") passes down a vma pointer to the error path, but that is
    done once the mmap_sem is released when calling mm_fault_error() from
    __do_page_fault().
    
    This is dangerous as the vma structure is no more safe to be used once the
    mmap_sem has been released. As only the protection key value is required in
    the error processing, we could just pass down this value.
    
    Fix it by passing a pointer to a protection key value down to the fault
    signal generation code. The use of a pointer allows to keep the check
    generating a warning message in fill_sig_info_pkey() when the vma was not
    known. If the pointer is valid, the protection value can be accessed by
    deferencing the pointer.
    
    [ tglx: Made *pkey u32 as that's the type which is passed in siginfo ]
    
    Fixes: 7b2d0dba ("x86/mm/pkeys: Pass VMA down in to fault signal generation code")
    Signed-off-by: default avatarLaurent Dufour <ldufour@linux.vnet.ibm.com>
    Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
    Cc: linux-mm@kvack.org
    Cc: Dave Hansen <dave.hansen@linux.intel.com>
    Cc: stable@vger.kernel.org
    Link: http://lkml.kernel.org/r/1504513935-12742-1-git-send-email-ldufour@linux.vnet.ibm.com
    a3c4fb7c
fault.c 37.9 KB