From 284e6d39516cc7f9fbceebb259849fcb41559a7b Mon Sep 17 00:00:00 2001 From: Richard Weinberger Date: Sun, 20 Jul 2014 13:09:15 +0200 Subject: [PATCH] um: Ensure that a stub page cannot get unmapped MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Trinity discovered an execution path such that a task can unmap his stub page. Reported-by: Toralf Förster Signed-off-by: Richard Weinberger --- arch/um/kernel/tlb.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/um/kernel/tlb.c b/arch/um/kernel/tlb.c index 9472079471bb..1fc619e5dfe9 100644 --- a/arch/um/kernel/tlb.c +++ b/arch/um/kernel/tlb.c @@ -124,6 +124,9 @@ static int add_munmap(unsigned long addr, unsigned long len, struct host_vm_op *last; int ret = 0; + if ((addr >= STUB_START) && (addr < STUB_END)) + return -EINVAL; + if (hvc->index != 0) { last = &hvc->ops[hvc->index - 1]; if ((last->type == MUNMAP) && -- 2.20.1