WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

[Xen-devel] [PATCH v3] xen-gntdev: prevent using UNMAP_NOTIFY_CLEAR_BYTE

To: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, jeremy@xxxxxxxx
Subject: [Xen-devel] [PATCH v3] xen-gntdev: prevent using UNMAP_NOTIFY_CLEAR_BYTE on read-only mappings
From: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
Date: Wed, 9 Feb 2011 18:15:50 -0500
Cc: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxx, Ian.Campbell@xxxxxxxxxx
Delivery-date: Wed, 09 Feb 2011 15:16:30 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4D5313B5.2030200@xxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <4D5313B5.2030200@xxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
---
 drivers/xen/gntdev.c |   10 +++++++++-
 1 files changed, 9 insertions(+), 1 deletions(-)

diff --git a/drivers/xen/gntdev.c b/drivers/xen/gntdev.c
index 2c4cc94..2a4733c 100644
--- a/drivers/xen/gntdev.c
+++ b/drivers/xen/gntdev.c
@@ -294,7 +294,9 @@ static int __unmap_grant_pages(struct grant_map *map, int 
offset, int pages)
                if (pgno >= offset && pgno < offset + pages && use_ptemod) {
                        void __user *tmp;
                        tmp = map->vma->vm_start + map->notify.addr;
-                       copy_to_user(tmp, &err, 1);
+                       err = copy_to_user(tmp, &err, 1);
+                       if (err)
+                               return err;
                        map->notify.flags &= ~UNMAP_NOTIFY_CLEAR_BYTE;
                } else if (pgno >= offset && pgno < offset + pages) {
                        uint8_t *tmp = kmap(map->pages[pgno]);
@@ -599,6 +601,12 @@ static long gntdev_ioctl_notify(struct gntdev_priv *priv, 
void __user *u)
        goto unlock_out;
 
  found:
+       if ((op.action & UNMAP_NOTIFY_CLEAR_BYTE) &&
+                       (map->flags & GNTMAP_readonly)) {
+               rc = -EINVAL;
+               goto unlock_out;
+       }
+
        map->notify.flags = op.action;
        map->notify.addr = op.index - (map->index << PAGE_SHIFT);
        map->notify.event = op.event_channel_port;
-- 
1.7.3.4


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread] Current Thread [Next in Thread>