[POWERPC] PowerPC: Prevent data exception in kernel space (32-bit)

The "is_exec" branch of the protection check in do_page_fault()
didn't do anything on 32-bit PowerPC.  So if a userland program
jumps to a page with Linux protection flags "---p", all the tests
happily fall through, and handle_mm_fault() is called, which in
turn calls handle_pte_fault(), which calls update_mmu_cache(),
which goes flush the dcache to a page with no access rights.

Boom.

This fixes it.

Signed-off-by: Segher Boessenkool <segher@kernel.crashing.org>
Cc: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Paul Mackerras <paulus@samba.org>

diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c
index bfe901353142f9d835eafa01cbf37b58868d0e10..115b25f50bf83786965380f041d301bad44218e0 100644 (file)
--- a/arch/powerpc/mm/fault.c
+++ b/arch/powerpc/mm/fault.c
@@ -279,14 +279,13 @@ good_area:
 #endif /* CONFIG_8xx */
 
        if (is_exec) {
-#ifdef CONFIG_PPC64
+#if !(defined(CONFIG_4xx) || defined(CONFIG_BOOKE))
                /* protection fault */
                if (error_code & DSISR_PROTFAULT)
                        goto bad_area;
                if (!(vma->vm_flags & VM_EXEC))
                        goto bad_area;
-#endif
-#if defined(CONFIG_4xx) || defined(CONFIG_BOOKE)
+#else
                pte_t *ptep;
                pmd_t *pmdp;