• Hugh Dickins's avatar
    [PATCH] mm: pte_offset_map_lock loops · 705e87c0
    Hugh Dickins authored
    Convert those common loops using page_table_lock on the outside and
    pte_offset_map within to use just pte_offset_map_lock within instead.
    
    These all hold mmap_sem (some exclusively, some not), so at no level can a
    page table be whipped away from beneath them.  But whereas pte_alloc loops
    tested with the "atomic" pmd_present, these loops are testing with pmd_none,
    which on i386 PAE tests both lower and upper halves.
    
    That's now unsafe, so add a cast into pmd_none to test only the vital lower
    half: we lose a little sensitivity to a corrupt middle directory, but not
    enough to worry about.  It appears that i386 and UML were the only
    architectures vulnerable in this way, and pgd and pud no problem.
    Signed-off-by: default avatarHugh Dickins <hugh@veritas.com>
    Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
    705e87c0
mprotect.c 6.81 KB