WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

[Xen-devel] [PATCH v2] xen-gntdev: prevent using UNMAP_NOTIFY_CLEAR_BYTE

To: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
Subject: [Xen-devel] [PATCH v2] xen-gntdev: prevent using UNMAP_NOTIFY_CLEAR_BYTE on read-only mappings
From: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
Date: Wed, 09 Feb 2011 16:09:36 -0500
Cc: jeremy@xxxxxxxx, xen-devel@xxxxxxxxxxxxxxxxxxx, Ian.Campbell@xxxxxxxxxx
Delivery-date: Wed, 09 Feb 2011 13:10:45 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4D52FA23.5060905@xxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Organization: National Security Agency
References: <1296753544-13323-1-git-send-email-dgdegra@xxxxxxxxxxxxx> <20110207231416.GA12956@xxxxxxxxxxxx> <4D514FAE.4000709@xxxxxxxxxxxxx> <20110208225856.GA9714@xxxxxxxxxxxx> <4D52FA23.5060905@xxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101209 Fedora/3.1.7-0.35.b3pre.fc13 Thunderbird/3.1.7
Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>

diff --git a/drivers/xen/gntdev.c b/drivers/xen/gntdev.c
index 4687cd5..00e4644 100644
--- a/drivers/xen/gntdev.c
+++ b/drivers/xen/gntdev.c
@@ -291,7 +291,7 @@ static int __unmap_grant_pages(struct grant_map *map, int 
offset, int pages)
                if (pgno >= offset && pgno < offset + pages && use_ptemod) {
                        void __user *tmp;
                        tmp = map->vma->vm_start + map->notify.addr;
-                       copy_to_user(tmp, &err, 1);
+                       WARN_ON(copy_to_user(tmp, &err, 1));
                        map->notify.flags &= ~UNMAP_NOTIFY_CLEAR_BYTE;
                } else if (pgno >= offset && pgno < offset + pages) {
                        uint8_t *tmp = kmap(map->pages[pgno]);
@@ -596,6 +596,12 @@ static long gntdev_ioctl_notify(struct gntdev_priv *priv, 
void __user *u)
        goto unlock_out;
 
  found:
+       if ((op.action & UNMAP_NOTIFY_CLEAR_BYTE) &&
+                       (map->flags & GNTMAP_readonly)) {
+               rc = -EINVAL;
+               goto unlock_out;
+       }
+
        map->notify.flags = op.action;
        map->notify.addr = op.index - (map->index << PAGE_SHIFT);
        map->notify.event = op.event_channel_port;

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread] Current Thread [Next in Thread>