diff options
| author | Oleg Nesterov <oleg@redhat.com> | 2012-09-16 17:20:06 +0200 |
|---|---|---|
| committer | Anton Arapov <anton@redhat.com> | 2012-10-29 11:50:13 +0100 |
| commit | 9251477d8c2aaa36b0b835d9c15ece0fe8320657 (patch) | |
| tree | 4bf24cf66977113d37dac9258f454ccb4b969eb8 /kernel | |
| parent | 8a661b7d1772c6caf07016c42e815e556f09fc38 (diff) | |
| download | kernel-uprobes-9251477d8c2aaa36b0b835d9c15ece0fe8320657.tar.gz kernel-uprobes-9251477d8c2aaa36b0b835d9c15ece0fe8320657.tar.xz kernel-uprobes-9251477d8c2aaa36b0b835d9c15ece0fe8320657.zip | |
uprobes: Change write_opcode() to use FOLL_FORCE
write_opcode()->get_user_pages() needs FOLL_FORCE to ensure we can
read the page even if the probed task did mprotect(PROT_NONE) after
uprobe_register(). Without FOLL_WRITE, FOLL_FORCE doesn't have any
side effect but allows to read the !VM_READ memory.
Otherwiese the subsequent uprobe_unregister()->set_orig_insn() fails
and we leak "int3". If that task does mprotect(PROT_READ | EXEC) and
execute the probed insn later it will be killed.
Note: in fact this is also needed for _register, see the next patch.
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Acked-by: Srikar Dronamraju <srikar@linux.vnet.ibm.com>
Diffstat (limited to 'kernel')
| -rw-r--r-- | kernel/events/uprobes.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/events/uprobes.c b/kernel/events/uprobes.c index 198d732ab90..80e8c7b697b 100644 --- a/kernel/events/uprobes.c +++ b/kernel/events/uprobes.c @@ -221,7 +221,7 @@ static int write_opcode(struct arch_uprobe *auprobe, struct mm_struct *mm, retry: /* Read the page with vaddr into memory */ - ret = get_user_pages(NULL, mm, vaddr, 1, 0, 0, &old_page, &vma); + ret = get_user_pages(NULL, mm, vaddr, 1, 0, 1, &old_page, &vma); if (ret <= 0) return ret; |