Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp80548pxb; Sun, 15 Aug 2021 23:58:33 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwyStf3U97WAXuhZ4/Rq79zTsMvOhnP4vhAuv3M0mzlHbV/sk2TMYpiOrw7lHYP2vwz/0dp X-Received: by 2002:aa7:c6c3:: with SMTP id b3mr18136932eds.217.1629097113575; Sun, 15 Aug 2021 23:58:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1629097113; cv=none; d=google.com; s=arc-20160816; b=bQox4bW3+xgKfBrncL5G5xDR5uwfyRbdhpelxJ+vvYCbAl78nA24i8Hwbg678NmUW2 KbHyUg/zuJZ0XrVhh/VylZWC5aSN1GAkicFyhMrNbT4xCTKAjf5HVO/2mMYXV4t2U6t8 hUWzG1pMS3o8bz/5Mx8/RjGdTLavZKfp/1WwOb29yBnzbTRhjGfKbgCvfIW2Zw1p9qem zMSX8nLU7tAtSi6Qjccub4lotUWGHgh7NM6+Hxm7etSjTYxY5gix0voVOgkFBxYB5PEp 624HjuQ4Gj0q2+H03+1aSK2XMS0ZBx5UpfXdVAAnIO11kG8gf7MXLs3JF7A4IF8FE7Hj zWNw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=iinsmAm8yb79NSp9PWADnxcWk4Z4xRbPCY+XiFcTqQU=; b=ACZXRiQ8A425em47VWyEbta5B97CwqUnBBJrRUIvCMwuZgDdm39mOHOUBR0pIC/cXE CV7qiq4Ig7jmWo7YbjZH4U0Uaw+gDy8taCIVstENIplmryBY+in+TIUKaIPc2ZXypfAa 2qa1GQt+JstiBhZc8it2hy+xoSH6knThxKGqCgQMykapZJcxcBuFc8qHb9cDjEMT9jUR QLea42i8C/yXA3jSshpv0dijAZsMzpfkj+IBDNKO3k6OEGvBvK2cI/tcaFF3QOT7MPc9 c1gotSONB8VGX8lbS6jKjK2fNXa2HnO3jfM13CTQTIEkYybTefJGfwvBJgda+E5AyYiy q4GA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id hg14si8880744ejc.653.2021.08.15.23.58.11; Sun, 15 Aug 2021 23:58:33 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233687AbhHPGzV (ORCPT + 99 others); Mon, 16 Aug 2021 02:55:21 -0400 Received: from mail.kernel.org ([198.145.29.99]:55274 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233459AbhHPGzU (ORCPT ); Mon, 16 Aug 2021 02:55:20 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 7748761A6E; Mon, 16 Aug 2021 06:54:46 +0000 (UTC) From: Huacai Chen To: Thomas Gleixner , Ingo Molnar , Peter Zijlstra , Darren Hart , Davidlohr Bueso , Thomas Bogendoerfer Cc: linux-mips@vger.kernel.org, linux-kernel@vger.kernel.org, Xuefeng Li , Huacai Chen , Jiaxun Yang , Huacai Chen , Hongchen Zhang Subject: [PATCH] futex: Fix fault_in_user_writeable() Date: Mon, 16 Aug 2021 14:54:17 +0800 Message-Id: <20210816065417.3987596-1-chenhuacai@loongson.cn> X-Mailer: git-send-email 2.27.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org fault_in_user_writeable() should verify R/W access but only verify W. In most archs W implies R, but not true in MIPS and LoongArch, so fix it. Signed-off-by: Huacai Chen Signed-off-by: Hongchen Zhang --- kernel/futex.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/kernel/futex.c b/kernel/futex.c index 2ecb07575055..c3b68be31bf3 100644 --- a/kernel/futex.c +++ b/kernel/futex.c @@ -672,10 +672,15 @@ static int get_futex_key(u32 __user *uaddr, bool fshared, union futex_key *key, */ static int fault_in_user_writeable(u32 __user *uaddr) { - struct mm_struct *mm = current->mm; int ret; + struct mm_struct *mm = current->mm; + struct vm_area_struct *vma; mmap_read_lock(mm); + vma = find_vma(mm, (unsigned long)uaddr); + if (!(vma->vm_flags & VM_READ)) + ret = -EFAULT; + ret = fixup_user_fault(mm, (unsigned long)uaddr, FAULT_FLAG_WRITE, NULL); mmap_read_unlock(mm); -- 2.27.0