aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2006-09-27 04:50:18 -0400
committerLinus Torvalds <torvalds@g5.osdl.org>2006-09-27 11:26:14 -0400
commit7b4d5b8b39fd3701ed3693a89f2bd8f6ef49bce2 (patch)
treeb1741de6753ec41a45a7b69276eeccb1bcb3e46d
parent910e46da4b4e93d56ffea318c64afa41868d5e6d (diff)
[PATCH] NOMMU: Check VMA protections
Check the VMA protections in get_user_pages() against what's being asked. This checks to see that we don't accidentally write on a non-writable VMA or permit an I/O mapping VMA to be accessed (which may lack page structs). Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r--mm/nommu.c30
1 files changed, 25 insertions, 5 deletions
diff --git a/mm/nommu.c b/mm/nommu.c
index 2af50831183f..2e140a6ae22e 100644
--- a/mm/nommu.c
+++ b/mm/nommu.c
@@ -122,19 +122,35 @@ unsigned int kobjsize(const void *objp)
122} 122}
123 123
124/* 124/*
125 * The nommu dodgy version :-) 125 * get a list of pages in an address range belonging to the specified process
126 * and indicate the VMA that covers each page
127 * - this is potentially dodgy as we may end incrementing the page count of a
128 * slab page or a secondary page from a compound page
129 * - don't permit access to VMAs that don't support it, such as I/O mappings
126 */ 130 */
127int get_user_pages(struct task_struct *tsk, struct mm_struct *mm, 131int get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
128 unsigned long start, int len, int write, int force, 132 unsigned long start, int len, int write, int force,
129 struct page **pages, struct vm_area_struct **vmas) 133 struct page **pages, struct vm_area_struct **vmas)
130{ 134{
131 int i;
132 struct vm_area_struct *vma; 135 struct vm_area_struct *vma;
136 unsigned long vm_flags;
137 int i;
138
139 /* calculate required read or write permissions.
140 * - if 'force' is set, we only require the "MAY" flags.
141 */
142 vm_flags = write ? (VM_WRITE | VM_MAYWRITE) : (VM_READ | VM_MAYREAD);
143 vm_flags &= force ? (VM_MAYREAD | VM_MAYWRITE) : (VM_READ | VM_WRITE);
133 144
134 for (i = 0; i < len; i++) { 145 for (i = 0; i < len; i++) {
135 vma = find_vma(mm, start); 146 vma = find_vma(mm, start);
136 if(!vma) 147 if (!vma)
137 return i ? : -EFAULT; 148 goto finish_or_fault;
149
150 /* protect what we can, including chardevs */
151 if (vma->vm_flags & (VM_IO | VM_PFNMAP) ||
152 !(vm_flags & vma->vm_flags))
153 goto finish_or_fault;
138 154
139 if (pages) { 155 if (pages) {
140 pages[i] = virt_to_page(start); 156 pages[i] = virt_to_page(start);
@@ -145,7 +161,11 @@ int get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
145 vmas[i] = vma; 161 vmas[i] = vma;
146 start += PAGE_SIZE; 162 start += PAGE_SIZE;
147 } 163 }
148 return(i); 164
165 return i;
166
167finish_or_fault:
168 return i ? : -EFAULT;
149} 169}
150 170
151EXPORT_SYMBOL(get_user_pages); 171EXPORT_SYMBOL(get_user_pages);