Commit 5c3ecd65 authored by Christoph Hellwig's avatar Christoph Hellwig Committed by Paul Mackerras

[POWERPC] spufs: Avoid user-triggered oops in ptrace

When one of the spufs files is mapped into a process address
space, regular users can use ptrace to attempt accessing
them with access_process_vm(). With the way that the
mappings currently work, this likely causes an oops.

Setting the vm_flags to VM_IO makes sure that ptrace can
not access them but returns an error code. This is not
the perfect solution in case of the local store mapping,
but it fixes the oops in a well-defined way.

Also remove leftover VM_RESERVED flags in spufs.  The
VM_RESERVED flag is on it's way out and not checked by
the memory managment code anymore.
Signed-off-by: default avatarArnd Bergmann <arnd.bergmann@de.ibm.com>
Signed-off-by: default avatarChristoph Hellwig <chellwig@de.ibm.com>
Signed-off-by: default avatarPaul Mackerras <paulus@samba.org>
parent 2ebb2477
...@@ -132,7 +132,7 @@ spufs_mem_mmap(struct file *file, struct vm_area_struct *vma) ...@@ -132,7 +132,7 @@ spufs_mem_mmap(struct file *file, struct vm_area_struct *vma)
if (!(vma->vm_flags & VM_SHARED)) if (!(vma->vm_flags & VM_SHARED))
return -EINVAL; return -EINVAL;
/* FIXME: */ vma->vm_flags |= VM_IO;
vma->vm_page_prot = __pgprot(pgprot_val(vma->vm_page_prot) vma->vm_page_prot = __pgprot(pgprot_val(vma->vm_page_prot)
| _PAGE_NO_CACHE); | _PAGE_NO_CACHE);
...@@ -201,7 +201,7 @@ static int spufs_cntl_mmap(struct file *file, struct vm_area_struct *vma) ...@@ -201,7 +201,7 @@ static int spufs_cntl_mmap(struct file *file, struct vm_area_struct *vma)
if (!(vma->vm_flags & VM_SHARED)) if (!(vma->vm_flags & VM_SHARED))
return -EINVAL; return -EINVAL;
vma->vm_flags |= VM_RESERVED; vma->vm_flags |= VM_IO;
vma->vm_page_prot = __pgprot(pgprot_val(vma->vm_page_prot) vma->vm_page_prot = __pgprot(pgprot_val(vma->vm_page_prot)
| _PAGE_NO_CACHE | _PAGE_GUARDED); | _PAGE_NO_CACHE | _PAGE_GUARDED);
...@@ -791,7 +791,7 @@ static int spufs_signal1_mmap(struct file *file, struct vm_area_struct *vma) ...@@ -791,7 +791,7 @@ static int spufs_signal1_mmap(struct file *file, struct vm_area_struct *vma)
if (!(vma->vm_flags & VM_SHARED)) if (!(vma->vm_flags & VM_SHARED))
return -EINVAL; return -EINVAL;
vma->vm_flags |= VM_RESERVED; vma->vm_flags |= VM_IO;
vma->vm_page_prot = __pgprot(pgprot_val(vma->vm_page_prot) vma->vm_page_prot = __pgprot(pgprot_val(vma->vm_page_prot)
| _PAGE_NO_CACHE | _PAGE_GUARDED); | _PAGE_NO_CACHE | _PAGE_GUARDED);
...@@ -889,8 +889,7 @@ static int spufs_signal2_mmap(struct file *file, struct vm_area_struct *vma) ...@@ -889,8 +889,7 @@ static int spufs_signal2_mmap(struct file *file, struct vm_area_struct *vma)
if (!(vma->vm_flags & VM_SHARED)) if (!(vma->vm_flags & VM_SHARED))
return -EINVAL; return -EINVAL;
/* FIXME: */ vma->vm_flags |= VM_IO;
vma->vm_flags |= VM_RESERVED;
vma->vm_page_prot = __pgprot(pgprot_val(vma->vm_page_prot) vma->vm_page_prot = __pgprot(pgprot_val(vma->vm_page_prot)
| _PAGE_NO_CACHE | _PAGE_GUARDED); | _PAGE_NO_CACHE | _PAGE_GUARDED);
...@@ -973,7 +972,7 @@ static int spufs_mss_mmap(struct file *file, struct vm_area_struct *vma) ...@@ -973,7 +972,7 @@ static int spufs_mss_mmap(struct file *file, struct vm_area_struct *vma)
if (!(vma->vm_flags & VM_SHARED)) if (!(vma->vm_flags & VM_SHARED))
return -EINVAL; return -EINVAL;
vma->vm_flags |= VM_RESERVED; vma->vm_flags |= VM_IO;
vma->vm_page_prot = __pgprot(pgprot_val(vma->vm_page_prot) vma->vm_page_prot = __pgprot(pgprot_val(vma->vm_page_prot)
| _PAGE_NO_CACHE | _PAGE_GUARDED); | _PAGE_NO_CACHE | _PAGE_GUARDED);
...@@ -1015,7 +1014,7 @@ static int spufs_psmap_mmap(struct file *file, struct vm_area_struct *vma) ...@@ -1015,7 +1014,7 @@ static int spufs_psmap_mmap(struct file *file, struct vm_area_struct *vma)
if (!(vma->vm_flags & VM_SHARED)) if (!(vma->vm_flags & VM_SHARED))
return -EINVAL; return -EINVAL;
vma->vm_flags |= VM_RESERVED; vma->vm_flags |= VM_IO;
vma->vm_page_prot = __pgprot(pgprot_val(vma->vm_page_prot) vma->vm_page_prot = __pgprot(pgprot_val(vma->vm_page_prot)
| _PAGE_NO_CACHE | _PAGE_GUARDED); | _PAGE_NO_CACHE | _PAGE_GUARDED);
...@@ -1056,7 +1055,7 @@ static int spufs_mfc_mmap(struct file *file, struct vm_area_struct *vma) ...@@ -1056,7 +1055,7 @@ static int spufs_mfc_mmap(struct file *file, struct vm_area_struct *vma)
if (!(vma->vm_flags & VM_SHARED)) if (!(vma->vm_flags & VM_SHARED))
return -EINVAL; return -EINVAL;
vma->vm_flags |= VM_RESERVED; vma->vm_flags |= VM_IO;
vma->vm_page_prot = __pgprot(pgprot_val(vma->vm_page_prot) vma->vm_page_prot = __pgprot(pgprot_val(vma->vm_page_prot)
| _PAGE_NO_CACHE | _PAGE_GUARDED); | _PAGE_NO_CACHE | _PAGE_GUARDED);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment