futex: Take mmap_sem for get_user_pages in fault_in_user_writeable

get_user_pages() must be called with mmap_sem held. Signed-off-by: Andi Kleen <ak@linux.intel.com> Cc: stable@kernel.org Cc: Andrew Morton <akpm@linuxfoundation.org> Cc: Nick Piggin <npiggin@suse.de> Cc: Darren Hart <dvhltc@us.ibm.com> Cc: Peter Zijlstra <peterz@infradead.org> LKML-Reference: <20091208121942.GA21298@basil.fritz.box> Signed-off-by: Thomas Gleixner <tglx@linutronix.de>

futex: Take mmap_sem for get_user_pages in fault_in_user_writeable
get_user_pages() must be called with mmap_sem held. Signed-off-by: Andi Kleen <ak@linux.intel.com> Cc: stable@kernel.org Cc: Andrew Morton <akpm@linuxfoundation.org> Cc: Nick Piggin <npiggin@suse.de> Cc: Darren Hart <dvhltc@us.ibm.com> Cc: Peter Zijlstra <peterz@infradead.org> LKML-Reference: <20091208121942.GA21298@basil.fritz.box> Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Andi Kleen · Thomas Gleixner
1 parent f5754bfd10
Showing 1 changed file with 8 additions and 2 deletions Side-by-side Diff
kernel/futex.c
@@ -304,8 +304,14 @@
  */
 static int fault_in_user_writeable(u32 __user *uaddr)
 {
-	int ret = get_user_pages(current, current->mm, (unsigned long)uaddr,
-				 1, 1, 0, NULL, NULL);
+	struct mm_struct *mm = current->mm;
+	int ret;
+
+	down_read(&mm->mmap_sem);
+	ret = get_user_pages(current, mm, (unsigned long)uaddr,
+			     1, 1, 0, NULL, NULL);
+	up_read(&mm->mmap_sem);
+
 	return ret < 0 ? ret : 0;
 }
...	...	@@ -304,8 +304,14 @@
304	304	*/
305	305	static int fault_in_user_writeable(u32 __user *uaddr)
306	306	{
307		- int ret = get_user_pages(current, current->mm, (unsigned long)uaddr,
308		- 1, 1, 0, NULL, NULL);
	307	+ struct mm_struct *mm = current->mm;
	308	+ int ret;
	309	+
	310	+ down_read(&mm->mmap_sem);
	311	+ ret = get_user_pages(current, mm, (unsigned long)uaddr,
	312	+ 1, 1, 0, NULL, NULL);
	313	+ up_read(&mm->mmap_sem);
	314	+
309	315	return ret < 0 ? ret : 0;
310	316	}
311	317