From mboxrd@z Thu Jan 1 00:00:00 1970 From: Daniel De Graaf Subject: [PATCH] xen-gntdev: Avoid double-mapping memory Date: Wed, 9 Feb 2011 16:11:32 -0500 Message-ID: <1297285892-15131-1-git-send-email-dgdegra@tycho.nsa.gov> References: <1296753544-13323-1-git-send-email-dgdegra@tycho.nsa.gov> Return-path: In-Reply-To: <1296753544-13323-1-git-send-email-dgdegra@tycho.nsa.gov> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: Konrad Rzeszutek Wilk Cc: Daniel De Graaf , jeremy@goop.org, xen-devel@lists.xensource.com, Ian.Campbell@citrix.com List-Id: xen-devel@lists.xenproject.org If an already-mapped area of the device was mapped into userspace a second time, a hypercall was incorrectly made to remap the memory again. Avoid the hypercall on later mmap calls, and fail the mmap call if a writable mapping is attempted on a read-only range. Signed-off-by: Daniel De Graaf --- drivers/xen/gntdev.c | 15 ++++++++++++--- 1 files changed, 12 insertions(+), 3 deletions(-) diff --git a/drivers/xen/gntdev.c b/drivers/xen/gntdev.c index 00e4644..e9d9180 100644 --- a/drivers/xen/gntdev.c +++ b/drivers/xen/gntdev.c @@ -258,6 +258,9 @@ static int map_grant_pages(struct grant_map *map) phys_addr_t addr; if (!use_ptemod) { + /* Note: it could already be mapped */ + if (map->map_ops[0].handle) + return 0; for (i = 0; i < map->count; i++) { addr = (phys_addr_t) pfn_to_kaddr(page_to_pfn(map->pages[i])); @@ -674,9 +677,15 @@ static int gntdev_mmap(struct file *flip, struct vm_area_struct *vma) if (use_ptemod) map->vma = vma; - map->flags = GNTMAP_host_map; - if (!(vma->vm_flags & VM_WRITE)) - map->flags |= GNTMAP_readonly; + if (map->flags) { + if ((vma->vm_flags & VM_WRITE) && + (map->flags & GNTMAP_readonly)) + return -EINVAL; + } else { + map->flags = GNTMAP_host_map; + if (!(vma->vm_flags & VM_WRITE)) + map->flags |= GNTMAP_readonly; + } spin_unlock(&priv->lock); -- 1.7.3.4