Oleg Drokin <green@...> wrote:
> Since there are architectures where FIXADDR_* stuff is not constant (e.g. UML),
> + fixmap_vma.vm_start = FIXADDR_START;
> + fixmap_vma.vm_end = FIXADDR_TOP;
> + fixmap_vma.vm_page_prot = PAGE_READONLY;
> pgd = pgd_offset_k(pg);
> if (!pgd)
> return i ? : -EFAULT;
That's modifying static storage which other, unrelated processes or CPUs
may be playing with.
The new code in get_user_pages() is rather rude - it's returning a
statically allocated VMA which isn't in the VMA tree - the caller (who
holds mmap_sem()) could reasonably expect that the VMA can be located via
find_vma(), or removed from the tree or whatever. But it cannot.
I think it needs to be redone. Either by stuffing a VMA into every
process's mm which describes the fixmap area, or by failing
get_user_pages() if the caller has passed in a non-NULL `vmas' and is
requesting access to the fixmap area.
Probably the latter. That'll require that access_process_vm() be changed
to not require a vma. It's only using the vma for cache flushing, but the
flishing in there is borked anyway.