aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/xen/xenfs/privcmd.c
diff options
context:
space:
mode:
authorJeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>2009-03-08 07:10:00 -0400
committerJeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>2010-10-20 19:22:32 -0400
commitf31fdf510531333dea95f0a92e6eaa1c3a7541e2 (patch)
tree0a722a5f3ddc104db0b2c57e8ee7f192626aa22f /drivers/xen/xenfs/privcmd.c
parent441c7416b55d3d48b4aaafc5bdd804092387d877 (diff)
xen/privcmd: make sure vma is ours before doing anything to it
Test vma->vm_ops is our operations to make sure we created it. We don't want to stomp on other random vmas. [ Impact: bugfix; prevent ioctl from affecting other mappings ] Signed-off-by: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>
Diffstat (limited to 'drivers/xen/xenfs/privcmd.c')
-rw-r--r--drivers/xen/xenfs/privcmd.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/drivers/xen/xenfs/privcmd.c b/drivers/xen/xenfs/privcmd.c
index 6b602f505363..80526afd3063 100644
--- a/drivers/xen/xenfs/privcmd.c
+++ b/drivers/xen/xenfs/privcmd.c
@@ -310,6 +310,8 @@ static int mmap_return_errors(void *data, void *state)
310 return 0; 310 return 0;
311} 311}
312 312
313static struct vm_operations_struct privcmd_vm_ops;
314
313static long privcmd_ioctl_mmap_batch(void __user *udata) 315static long privcmd_ioctl_mmap_batch(void __user *udata)
314{ 316{
315 int ret; 317 int ret;
@@ -341,6 +343,7 @@ static long privcmd_ioctl_mmap_batch(void __user *udata)
341 vma = find_vma(mm, m.addr); 343 vma = find_vma(mm, m.addr);
342 ret = -EINVAL; 344 ret = -EINVAL;
343 if (!vma || 345 if (!vma ||
346 vma->vm_ops != &privcmd_vm_ops ||
344 (m.addr != vma->vm_start) || 347 (m.addr != vma->vm_start) ||
345 ((m.addr + (nr_pages << PAGE_SHIFT)) != vma->vm_end) || 348 ((m.addr + (nr_pages << PAGE_SHIFT)) != vma->vm_end) ||
346 !privcmd_enforce_singleshot_mapping(vma)) { 349 !privcmd_enforce_singleshot_mapping(vma)) {