evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

xen/privcmd: make sure vma is ours before doing anything to it

Browse source 
Test vma->vm_ops is our operations to make sure we created it.
We don't want to stomp on other random vmas.

[ Impact: bugfix; prevent ioctl from affecting other mappings ]

Signed-off-by: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>
This commit is contained in:
Jeremy Fitzhardinge 2009-03-08 04:10:00 -07:00
parent 441c7416b5
commit f31fdf5105
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
drivers/xen/xenfs/privcmd.c
View file

@ -310,6 +310,8 @@ static int mmap_return_errors(void *data, void *state)
return 0; return 0;
} }
static struct vm_operations_struct privcmd_vm_ops;
static long privcmd_ioctl_mmap_batch(void __user *udata) static long privcmd_ioctl_mmap_batch(void __user *udata)
{ {
int ret; int ret;
@ -341,6 +343,7 @@ static long privcmd_ioctl_mmap_batch(void __user *udata)
vma = find_vma(mm, m.addr); vma = find_vma(mm, m.addr);
ret = -EINVAL; ret = -EINVAL;
if (!vma || if (!vma ||
vma->vm_ops != &privcmd_vm_ops ||
(m.addr != vma->vm_start) || (m.addr != vma->vm_start) ||
((m.addr + (nr_pages << PAGE_SHIFT)) != vma->vm_end) || ((m.addr + (nr_pages << PAGE_SHIFT)) != vma->vm_end) ||
!privcmd_enforce_singleshot_mapping(vma)) { !privcmd_enforce_singleshot_mapping(vma)) {