 Home |
Products |
Support |
Community |
News |
xen-changelog
[Xen-changelog] [xen-unstable] [XEN] Add a missing access check to __gnt
| To: | xen-changelog@xxxxxxxxxxxxxxxxxxx |
|---|---|
| Subject: | [Xen-changelog] [xen-unstable] [XEN] Add a missing access check to __gnttab_copy. |
| From: | Xen patchbot-unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx> |
| Date: | Mon, 14 Aug 2006 10:00:35 +0000 |
| Delivery-date: | Mon, 14 Aug 2006 03:03:34 -0700 |
| Envelope-to: | www-data@xxxxxxxxxxxxxxxxxx |
| List-help: | <mailto:xen-changelog-request@lists.xensource.com?subject=help> |
| List-id: | BK change log <xen-changelog.lists.xensource.com> |
| List-post: | <mailto:xen-changelog@lists.xensource.com> |
| List-subscribe: | <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe> |
| List-unsubscribe: | <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe> |
| Reply-to: | xen-devel@xxxxxxxxxxxxxxxxxxx |
| Sender: | xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx |
# HG changeset patch
# User ssmith@xxxxxxxxxxxxxxxxxxxxxxxxxx
# Node ID c0a3f670d0d6b68293ad8f48b768eebcac1bd017
# Parent d4c9a653907ba8d9ef0fa6d4fdf741025c60491a
[XEN] Add a missing access check to __gnttab_copy.
Signed-off-by: Steven Smith <sos22@xxxxxxxxx>
---
xen/common/grant_table.c | 13 +++++++++++--
1 files changed, 11 insertions(+), 2 deletions(-)
diff -r d4c9a653907b -r c0a3f670d0d6 xen/common/grant_table.c
--- a/xen/common/grant_table.c Sun Aug 13 19:10:57 2006 +0100
+++ b/xen/common/grant_table.c Mon Aug 14 10:45:45 2006 +0100
@@ -822,11 +822,20 @@ __gnttab_copy(
char *sp, *dp;
s16 rc = GNTST_okay;
int have_d_grant = 0, have_s_grant = 0;
+ int src_is_gref, dest_is_gref;
if ( ((op->source.offset + op->len) > PAGE_SIZE) ||
((op->dest.offset + op->len) > PAGE_SIZE) )
PIN_FAIL(error_out, GNTST_bad_copy_arg, "copy beyond page area.\n");
+ src_is_gref = op->flags & GNTCOPY_source_gref;
+ dest_is_gref = op->flags & GNTCOPY_dest_gref;
+
+ if ( (op->source.domid != DOMID_SELF && !src_is_gref ) ||
+ (op->dest.domid != DOMID_SELF && !dest_is_gref) )
+ PIN_FAIL(error_out, GNTST_permission_denied,
+ "only allow copy-by-mfn for DOMID_SELF.\n");
+
if ( op->source.domid == DOMID_SELF )
{
sd = current->domain;
@@ -849,7 +858,7 @@ __gnttab_copy(
"couldn't find %d\n", op->dest.domid);
}
- if ( op->flags & GNTCOPY_source_gref )
+ if ( src_is_gref )
{
rc = __acquire_grant_for_copy(sd, op->source.u.ref, 1, &s_frame);
if ( rc != GNTST_okay )
@@ -864,7 +873,7 @@ __gnttab_copy(
PIN_FAIL(error_out, GNTST_general_error,
"could not get source frame %lx.\n", s_frame);
- if ( op->flags & GNTCOPY_dest_gref )
+ if ( dest_is_gref )
{
rc = __acquire_grant_for_copy(dd, op->dest.u.ref, 0, &d_frame);
if ( rc != GNTST_okay )
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | [Xen-changelog] [xen-unstable] [XEN] Explicitly include domain_page.h for map_domain_page() and fix a, Xen patchbot-unstable |
|---|---|
| Next by Date: | [Xen-changelog] [xen-unstable] [XEN] Add some missing put_page()s to __gnttab_copy., Xen patchbot-unstable |
| Previous by Thread: | [Xen-changelog] [xen-unstable] [XEN] Explicitly include domain_page.h for map_domain_page() and fix a, Xen patchbot-unstable |
| Next by Thread: | [Xen-changelog] [xen-unstable] [XEN] Add some missing put_page()s to __gnttab_copy., Xen patchbot-unstable |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
