From mboxrd@z Thu Jan 1 00:00:00 1970 From: Daniel De Graaf Subject: [PATCH v3] xen-gntdev: prevent using UNMAP_NOTIFY_CLEAR_BYTE on read-only mappings Date: Wed, 9 Feb 2011 18:15:50 -0500 Message-ID: <1297293350-16066-1-git-send-email-dgdegra@tycho.nsa.gov> References: <4D5313B5.2030200@goop.org> Return-path: In-Reply-To: <4D5313B5.2030200@goop.org> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: Konrad Rzeszutek Wilk , jeremy@goop.org Cc: Daniel De Graaf , xen-devel@lists.xensource.com, Ian.Campbell@citrix.com List-Id: xen-devel@lists.xenproject.org Signed-off-by: Daniel De Graaf --- drivers/xen/gntdev.c | 10 +++++++++- 1 files changed, 9 insertions(+), 1 deletions(-) diff --git a/drivers/xen/gntdev.c b/drivers/xen/gntdev.c index 2c4cc94..2a4733c 100644 --- a/drivers/xen/gntdev.c +++ b/drivers/xen/gntdev.c @@ -294,7 +294,9 @@ static int __unmap_grant_pages(struct grant_map *map, int offset, int pages) if (pgno >= offset && pgno < offset + pages && use_ptemod) { void __user *tmp; tmp = map->vma->vm_start + map->notify.addr; - copy_to_user(tmp, &err, 1); + err = copy_to_user(tmp, &err, 1); + if (err) + return err; map->notify.flags &= ~UNMAP_NOTIFY_CLEAR_BYTE; } else if (pgno >= offset && pgno < offset + pages) { uint8_t *tmp = kmap(map->pages[pgno]); @@ -599,6 +601,12 @@ static long gntdev_ioctl_notify(struct gntdev_priv *priv, void __user *u) goto unlock_out; found: + if ((op.action & UNMAP_NOTIFY_CLEAR_BYTE) && + (map->flags & GNTMAP_readonly)) { + rc = -EINVAL; + goto unlock_out; + } + map->notify.flags = op.action; map->notify.addr = op.index - (map->index << PAGE_SHIFT); map->notify.event = op.event_channel_port; -- 1.7.3.4