diff options
author | Oleg Nesterov <oleg@redhat.com> | 2012-09-16 17:20:06 +0200 |
---|---|---|
committer | Oleg Nesterov <oleg@redhat.com> | 2012-09-29 21:21:53 +0200 |
commit | 75ed82ea53bd0d2d8083261123576250f7ba851e (patch) | |
tree | da2c69d053b7555c15e1adb5e6d901c2afab8ad8 /kernel | |
parent | uprobes: Move clear_thread_flag(TIF_UPROBE) to uprobe_notify_resume() (diff) | |
download | linux-75ed82ea53bd0d2d8083261123576250f7ba851e.tar.xz linux-75ed82ea53bd0d2d8083261123576250f7ba851e.zip |
uprobes: Change write_opcode() to use FOLL_FORCE
write_opcode()->get_user_pages() needs FOLL_FORCE to ensure we can
read the page even if the probed task did mprotect(PROT_NONE) after
uprobe_register(). Without FOLL_WRITE, FOLL_FORCE doesn't have any
side effect but allows to read the !VM_READ memory.
Otherwiese the subsequent uprobe_unregister()->set_orig_insn() fails
and we leak "int3". If that task does mprotect(PROT_READ | EXEC) and
execute the probed insn later it will be killed.
Note: in fact this is also needed for _register, see the next patch.
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Acked-by: Srikar Dronamraju <srikar@linux.vnet.ibm.com>
Diffstat (limited to 'kernel')
-rw-r--r-- | kernel/events/uprobes.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/events/uprobes.c b/kernel/events/uprobes.c index 198d732ab901..80e8c7b697b9 100644 --- a/kernel/events/uprobes.c +++ b/kernel/events/uprobes.c @@ -221,7 +221,7 @@ static int write_opcode(struct arch_uprobe *auprobe, struct mm_struct *mm, retry: /* Read the page with vaddr into memory */ - ret = get_user_pages(NULL, mm, vaddr, 1, 0, 0, &old_page, &vma); + ret = get_user_pages(NULL, mm, vaddr, 1, 0, 1, &old_page, &vma); if (ret <= 0) return ret; |