Re: A question about PROT_NONE on ARM and ARM26

From: Jamie Lokier
Date: Thu Jul 01 2004 - 18:56:07 EST

Next message: linas: "Re: [PATCH] [2.6] PPC64: log firmware errors during boot."
Previous message: Mike Kravetz: "Re: [PATCH] task name handling in proc fs"
In reply to: Scott Wood: "Re: A question about PROT_NONE on ARM and ARM26"
Next in thread: Scott Wood: "Re: A question about PROT_NONE on ARM and ARM26"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Scott Wood wrote:
> > However, plain ldr and str instructions will access the page, but
> > get_user/put_user doesn't use them, and copy_from_user/copy_to_user
> > are carefully crafted to ensure that we hit the necessary permission
> > checks for each page it touches on the first access.
>
> What if CONFIG_PREEMPT is enabled, and you get preempted after that
> first access, and another thread unmaps the page before you're
> finished with it?

The code in uaccess.S:__arch_copy_{from,to}_user doesn't disable
pre-emption, and neither does its caller.

Pages can be unmapped just due to background paging. I.e. it's a
normal occurrence, it doesn't require anything contrived.

So I think you're right: that looks like a bug.

The ARM uaccess code was written before CONFIG_PREEMPT was added, and
this couldn't happen then. It could panic a kernel now. I wonder why
it hasn't been noticed. Maybe nobody turns on CONFIG_PREEMPT on ARM?

-- Jamie
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: linas: "Re: [PATCH] [2.6] PPC64: log firmware errors during boot."
Previous message: Mike Kravetz: "Re: [PATCH] task name handling in proc fs"
In reply to: Scott Wood: "Re: A question about PROT_NONE on ARM and ARM26"
Next in thread: Scott Wood: "Re: A question about PROT_NONE on ARM and ARM26"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]