Commit 9960be97 authored by Daniel De Graaf's avatar Daniel De Graaf Committed by Konrad Rzeszutek Wilk

xen-gntdev: prevent using UNMAP_NOTIFY_CLEAR_BYTE on read-only mappings

Signed-off-by: default avatarDaniel De Graaf <dgdegra@tycho.nsa.gov>
Signed-off-by: default avatarKonrad Rzeszutek Wilk <konrad.wilk@oracle.com>
parent 12996fc3
...@@ -294,7 +294,9 @@ static int __unmap_grant_pages(struct grant_map *map, int offset, int pages) ...@@ -294,7 +294,9 @@ static int __unmap_grant_pages(struct grant_map *map, int offset, int pages)
if (pgno >= offset && pgno < offset + pages && use_ptemod) { if (pgno >= offset && pgno < offset + pages && use_ptemod) {
void __user *tmp; void __user *tmp;
tmp = map->vma->vm_start + map->notify.addr; tmp = map->vma->vm_start + map->notify.addr;
copy_to_user(tmp, &err, 1); err = copy_to_user(tmp, &err, 1);
if (err)
return err;
map->notify.flags &= ~UNMAP_NOTIFY_CLEAR_BYTE; map->notify.flags &= ~UNMAP_NOTIFY_CLEAR_BYTE;
} else if (pgno >= offset && pgno < offset + pages) { } else if (pgno >= offset && pgno < offset + pages) {
uint8_t *tmp = kmap(map->pages[pgno]); uint8_t *tmp = kmap(map->pages[pgno]);
...@@ -599,6 +601,12 @@ static long gntdev_ioctl_notify(struct gntdev_priv *priv, void __user *u) ...@@ -599,6 +601,12 @@ static long gntdev_ioctl_notify(struct gntdev_priv *priv, void __user *u)
goto unlock_out; goto unlock_out;
found: found:
if ((op.action & UNMAP_NOTIFY_CLEAR_BYTE) &&
(map->flags & GNTMAP_readonly)) {
rc = -EINVAL;
goto unlock_out;
}
map->notify.flags = op.action; map->notify.flags = op.action;
map->notify.addr = op.index - (map->index << PAGE_SHIFT); map->notify.addr = op.index - (map->index << PAGE_SHIFT);
map->notify.event = op.event_channel_port; map->notify.event = op.event_channel_port;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment