diff options
| author | David Howells <dhowells@redhat.com> | 2006-09-27 01:50:18 -0700 |
|---|---|---|
| committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-09-27 08:26:14 -0700 |
| commit | 7b4d5b8b39fd3701ed3693a89f2bd8f6ef49bce2 (patch) | |
| tree | b1741de6753ec41a45a7b69276eeccb1bcb3e46d | |
| parent | 910e46da4b4e93d56ffea318c64afa41868d5e6d (diff) | |
| download | olio-linux-3.10-7b4d5b8b39fd3701ed3693a89f2bd8f6ef49bce2.tar.xz olio-linux-3.10-7b4d5b8b39fd3701ed3693a89f2bd8f6ef49bce2.zip | |
[PATCH] NOMMU: Check VMA protections
Check the VMA protections in get_user_pages() against what's being asked.
This checks to see that we don't accidentally write on a non-writable VMA or
permit an I/O mapping VMA to be accessed (which may lack page structs).
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
| -rw-r--r-- | mm/nommu.c | 30 |
1 files changed, 25 insertions, 5 deletions
diff --git a/mm/nommu.c b/mm/nommu.c index 2af50831183..2e140a6ae22 100644 --- a/mm/nommu.c +++ b/mm/nommu.c @@ -122,19 +122,35 @@ unsigned int kobjsize(const void *objp) } /* - * The nommu dodgy version :-) + * get a list of pages in an address range belonging to the specified process + * and indicate the VMA that covers each page + * - this is potentially dodgy as we may end incrementing the page count of a + * slab page or a secondary page from a compound page + * - don't permit access to VMAs that don't support it, such as I/O mappings */ int get_user_pages(struct task_struct *tsk, struct mm_struct *mm, unsigned long start, int len, int write, int force, struct page **pages, struct vm_area_struct **vmas) { - int i; struct vm_area_struct *vma; + unsigned long vm_flags; + int i; + + /* calculate required read or write permissions. + * - if 'force' is set, we only require the "MAY" flags. + */ + vm_flags = write ? (VM_WRITE | VM_MAYWRITE) : (VM_READ | VM_MAYREAD); + vm_flags &= force ? (VM_MAYREAD | VM_MAYWRITE) : (VM_READ | VM_WRITE); for (i = 0; i < len; i++) { vma = find_vma(mm, start); - if(!vma) - return i ? : -EFAULT; + if (!vma) + goto finish_or_fault; + + /* protect what we can, including chardevs */ + if (vma->vm_flags & (VM_IO | VM_PFNMAP) || + !(vm_flags & vma->vm_flags)) + goto finish_or_fault; if (pages) { pages[i] = virt_to_page(start); @@ -145,7 +161,11 @@ int get_user_pages(struct task_struct *tsk, struct mm_struct *mm, vmas[i] = vma; start += PAGE_SIZE; } - return(i); + + return i; + +finish_or_fault: + return i ? : -EFAULT; } EXPORT_SYMBOL(get_user_pages); |