xen-gntdev: prevent using UNMAP_NOTIFY_CLEAR_BYTE on read-only mappings

author Daniel De Graaf <dgdegra@tycho.nsa.gov>

Wed, 9 Feb 2011 23:15:50 +0000 (18:15 -0500)

committer Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>

Mon, 14 Feb 2011 19:16:23 +0000 (14:16 -0500)
author Daniel De Graaf <dgdegra@tycho.nsa.gov>
Wed, 9 Feb 2011 23:15:50 +0000 (18:15 -0500)
committer Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Mon, 14 Feb 2011 19:16:23 +0000 (14:16 -0500)
diff --git a/drivers/xen/gntdev.c b/drivers/xen/gntdev.c

index 2c4cc94..2a4733c 100644 (file)
--- a/drivers/xen/gntdev.c
+++ b/drivers/xen/gntdev.c
@@ -294,7 +294,9 @@ static int __unmap_grant_pages(struct grant_map *map, int offset, int pages)
                 if (pgno >= offset && pgno < offset + pages && use_ptemod) {
                         void __user *tmp;
                         tmp = map->vma->vm_start + map->notify.addr;
-                       copy_to_user(tmp, &err, 1);
+                       err = copy_to_user(tmp, &err, 1);
+                       if (err)
+                               return err;
                         map->notify.flags &= ~UNMAP_NOTIFY_CLEAR_BYTE;
                 } else if (pgno >= offset && pgno < offset + pages) {
                         uint8_t *tmp = kmap(map->pages[pgno]);
@@ -599,6 +601,12 @@ static long gntdev_ioctl_notify(struct gntdev_priv *priv, void __user *u)
         goto unlock_out;
  
   found:
+       if ((op.action & UNMAP_NOTIFY_CLEAR_BYTE) &&
+                       (map->flags & GNTMAP_readonly)) {
+               rc = -EINVAL;
+               goto unlock_out;
+       }
+
         map->notify.flags = op.action;
         map->notify.addr = op.index - (map->index << PAGE_SHIFT);
         map->notify.event = op.event_channel_port;
author	Daniel De Graaf <dgdegra@tycho.nsa.gov>
	Wed, 9 Feb 2011 23:15:50 +0000 (18:15 -0500)
committer	Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
	Mon, 14 Feb 2011 19:16:23 +0000 (14:16 -0500)