diff options
| author | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2011-02-09 18:15:50 -0500 |
|---|---|---|
| committer | Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> | 2011-02-14 14:16:23 -0500 |
| commit | 9960be970cea52c1cb7d7c747ff6da367e1c01b5 (patch) | |
| tree | 24f7ca668f8dc5b354573a784d5ffe69ca7ba3ca /drivers/xen/gntdev.c | |
| parent | 12996fc38a2d760f3b30c9ceae26d0eeb92fe52d (diff) | |
| download | linux-9960be970cea52c1cb7d7c747ff6da367e1c01b5.tar.gz | |
xen-gntdev: prevent using UNMAP_NOTIFY_CLEAR_BYTE on read-only mappings
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Diffstat (limited to 'drivers/xen/gntdev.c')
| -rw-r--r-- | drivers/xen/gntdev.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/drivers/xen/gntdev.c b/drivers/xen/gntdev.c index 2c4cc940c429..2a4733c621c0 100644 --- a/drivers/xen/gntdev.c +++ b/drivers/xen/gntdev.c @@ -294,7 +294,9 @@ static int __unmap_grant_pages(struct grant_map *map, int offset, int pages) if (pgno >= offset && pgno < offset + pages && use_ptemod) { void __user *tmp; tmp = map->vma->vm_start + map->notify.addr; - copy_to_user(tmp, &err, 1); + err = copy_to_user(tmp, &err, 1); + if (err) + return err; map->notify.flags &= ~UNMAP_NOTIFY_CLEAR_BYTE; } else if (pgno >= offset && pgno < offset + pages) { uint8_t *tmp = kmap(map->pages[pgno]); @@ -599,6 +601,12 @@ static long gntdev_ioctl_notify(struct gntdev_priv *priv, void __user *u) goto unlock_out; found: + if ((op.action & UNMAP_NOTIFY_CLEAR_BYTE) && + (map->flags & GNTMAP_readonly)) { + rc = -EINVAL; + goto unlock_out; + } + map->notify.flags = op.action; map->notify.addr = op.index - (map->index << PAGE_SHIFT); map->notify.event = op.event_channel_port; |