Hi,
While developping a frontend, I noticed that if I gave a grant on mfn 0
to a backend (which is bogus), that backend would happily be allowed to
map it, and hence Oops...
This is because mfn 0 is considered as iomem, and in that case
gnttab_map_grant_ref only checks that the target domain is allowed to
access it. The patch below makes it check that the source domain was
allowed to access it (and then give the target access to it).
Samuel
Signed-Off-By: Samuel Thibault <samuel.thibault@xxxxxxxxxxxxx>
diff -r 4bf62459d45a xen/common/grant_table.c
--- a/xen/common/grant_table.c Wed Nov 07 11:29:38 2007 +0000
+++ b/xen/common/grant_table.c Fri Nov 09 15:01:57 2007 +0000
@@ -335,7 +335,8 @@ __gnttab_map_grant_ref(
if ( iomem_page_test(frame, mfn_to_page(frame)) )
{
is_iomem = 1;
- if ( iomem_permit_access(ld, frame, frame) )
+ if ( !iomem_access_permitted(rd, frame, frame)
+ || iomem_permit_access(ld, frame, frame) )
{
gdprintk(XENLOG_WARNING,
"Could not permit access to grant frame "
patch
Description: Text document
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
Home