Kasper Dupont wrote:
>I just get another idea, that might be easier to get right. If
>the only problem is one process changing the mm while another
>process is doing a copy_to_user, we should be able to fix it by
>placing a readlock on the mm while the copy_to_user is in progress.
>
>
Yes, that would work. copy_to_user is never called with the mmap
semaphore locked, i.e.
#define copy_to_user(...) \
down(¤t->mm->mmap_sem); \
check_wp_bit(); \
real_copy_to_user(); \
up(¤t->mm->mmap_sem)
verify_area would just check that the pointer is below TASK_SIZE, and
the wp bit is checked within copy_to_user().
But how many 80386 Linux systems that run the 2.4 kernel exist?
--
Manfred
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Aug 07 2002 - 22:00:31 EST