Re: [BUG] binfmt_elf: get_user() called in vma_dump_size() afterset_fs(KERNEL_DS)

From: Roland McGrath
Date: Fri Feb 06 2009 - 17:07:42 EST


The address in question comes from a user vma's vm_start, so by definition
it has to be in the user part of the address space. This code path is
excluded for VM_IO and the like by checks earlier in vma_dump_size.
So, is this problem purely theoretical? I guess not on machines where
set_fs actually changes the meaning of the lower address space.

I think get_user_pages would certainly be overkill for this. It's a check
to decide whether you need to pay the cost of get_user_pages, after all.

set_fs is quite cheap at least on most machines. So a pair of set_fs calls
around that get_user call doesn't seem so bad. OTOH, on the machines where
this actually matters at all (maybe just sparc, arm, s390?) it is
presumably (much?) more costly. But it seems like the best solution, and
certainly is straightforward.


Thanks,
Roland
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/