diff options
author | Venki Pallipadi <venkatesh.pallipadi@intel.com> | 2008-05-14 19:05:51 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-05-14 22:11:15 -0400 |
commit | 1c12c4cf9411eb130b245fa8d0fbbaf989477c7b (patch) | |
tree | f61d58e955b3159007ef77513c1c4f1ed2c9ec23 /include | |
parent | 44c81433e8b05dbc85985d939046f10f95901184 (diff) |
mprotect: prevent alteration of the PAT bits
There is a defect in mprotect, which lets the user change the page cache
type bits by-passing the kernel reserve_memtype and free_memtype
wrappers. Fix the problem by not letting mprotect change the PAT bits.
Signed-off-by: Venkatesh Pallipadi <venkatesh.pallipadi@intel.com>
Signed-off-by: Suresh Siddha <suresh.b.siddha@intel.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Hugh Dickins <hugh@veritas.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/asm-x86/pgtable.h | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/include/asm-x86/pgtable.h b/include/asm-x86/pgtable.h index 801b31f71452..55c3a0e3a8ce 100644 --- a/include/asm-x86/pgtable.h +++ b/include/asm-x86/pgtable.h | |||
@@ -57,7 +57,8 @@ | |||
57 | #define _KERNPG_TABLE (_PAGE_PRESENT | _PAGE_RW | _PAGE_ACCESSED | \ | 57 | #define _KERNPG_TABLE (_PAGE_PRESENT | _PAGE_RW | _PAGE_ACCESSED | \ |
58 | _PAGE_DIRTY) | 58 | _PAGE_DIRTY) |
59 | 59 | ||
60 | #define _PAGE_CHG_MASK (PTE_MASK | _PAGE_ACCESSED | _PAGE_DIRTY) | 60 | #define _PAGE_CHG_MASK (PTE_MASK | _PAGE_PCD | _PAGE_PWT | \ |
61 | _PAGE_ACCESSED | _PAGE_DIRTY) | ||
61 | 62 | ||
62 | #define _PAGE_CACHE_MASK (_PAGE_PCD | _PAGE_PWT) | 63 | #define _PAGE_CACHE_MASK (_PAGE_PCD | _PAGE_PWT) |
63 | #define _PAGE_CACHE_WB (0) | 64 | #define _PAGE_CACHE_WB (0) |
@@ -288,12 +289,21 @@ static inline pte_t pte_modify(pte_t pte, pgprot_t newprot) | |||
288 | * Chop off the NX bit (if present), and add the NX portion of | 289 | * Chop off the NX bit (if present), and add the NX portion of |
289 | * the newprot (if present): | 290 | * the newprot (if present): |
290 | */ | 291 | */ |
291 | val &= _PAGE_CHG_MASK & ~_PAGE_NX; | 292 | val &= _PAGE_CHG_MASK; |
292 | val |= pgprot_val(newprot) & __supported_pte_mask; | 293 | val |= pgprot_val(newprot) & (~_PAGE_CHG_MASK) & __supported_pte_mask; |
293 | 294 | ||
294 | return __pte(val); | 295 | return __pte(val); |
295 | } | 296 | } |
296 | 297 | ||
298 | /* mprotect needs to preserve PAT bits when updating vm_page_prot */ | ||
299 | #define pgprot_modify pgprot_modify | ||
300 | static inline pgprot_t pgprot_modify(pgprot_t oldprot, pgprot_t newprot) | ||
301 | { | ||
302 | pgprotval_t preservebits = pgprot_val(oldprot) & _PAGE_CHG_MASK; | ||
303 | pgprotval_t addbits = pgprot_val(newprot); | ||
304 | return __pgprot(preservebits | addbits); | ||
305 | } | ||
306 | |||
297 | #define pte_pgprot(x) __pgprot(pte_val(x) & (0xfff | _PAGE_NX)) | 307 | #define pte_pgprot(x) __pgprot(pte_val(x) & (0xfff | _PAGE_NX)) |
298 | 308 | ||
299 | #define canon_pgprot(p) __pgprot(pgprot_val(p) & __supported_pte_mask) | 309 | #define canon_pgprot(p) __pgprot(pgprot_val(p) & __supported_pte_mask) |