From: Andi Kleen <andi@firstfloor.org>
Date: Tue, 8 Dec 2009 12:19:42 +0000 (+0100)
Subject: futex: Take mmap_sem for get_user_pages in fault_in_user_writeable
X-Git-Tag: v2.6.31.9~80
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7098a7420bc7c75253d785119d91be6ab15e18e5;p=thirdparty%2Fkernel%2Fstable.git

futex: Take mmap_sem for get_user_pages in fault_in_user_writeable

commit 722d0172377a5697919b9f7e5beb95165b1dec4e upstream.

get_user_pages() must be called with mmap_sem held.

Signed-off-by: Andi Kleen <ak@linux.intel.com>
Cc: Andrew Morton <akpm@linuxfoundation.org>
Cc: Nick Piggin <npiggin@suse.de>
Cc: Darren Hart <dvhltc@us.ibm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
LKML-Reference: <20091208121942.GA21298@basil.fritz.box>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---

diff --git a/kernel/futex.c b/kernel/futex.c
index c0a020fcc2462..ba7f0be175319 100644
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -303,8 +303,14 @@ void put_futex_key(int fshared, union futex_key *key)
  */
 static int fault_in_user_writeable(u32 __user *uaddr)
 {
-	int ret = get_user_pages(current, current->mm, (unsigned long)uaddr,
-				 1, 1, 0, NULL, NULL);
+	struct mm_struct *mm = current->mm;
+	int ret;
+
+	down_read(&mm->mmap_sem);
+	ret = get_user_pages(current, mm, (unsigned long)uaddr,
+			     1, 1, 0, NULL, NULL);
+	up_read(&mm->mmap_sem);
+
 	return ret < 0 ? ret : 0;
 }