diff options
author | Venki Pallipadi <venkatesh.pallipadi@intel.com> | 2008-05-14 19:05:51 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-05-14 22:11:15 -0400 |
commit | 1c12c4cf9411eb130b245fa8d0fbbaf989477c7b (patch) | |
tree | f61d58e955b3159007ef77513c1c4f1ed2c9ec23 /mm/mprotect.c | |
parent | 44c81433e8b05dbc85985d939046f10f95901184 (diff) |
mprotect: prevent alteration of the PAT bits
There is a defect in mprotect, which lets the user change the page cache
type bits by-passing the kernel reserve_memtype and free_memtype
wrappers. Fix the problem by not letting mprotect change the PAT bits.
Signed-off-by: Venkatesh Pallipadi <venkatesh.pallipadi@intel.com>
Signed-off-by: Suresh Siddha <suresh.b.siddha@intel.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Hugh Dickins <hugh@veritas.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'mm/mprotect.c')
-rw-r--r-- | mm/mprotect.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/mm/mprotect.c b/mm/mprotect.c index 4de546899dc1..a5bf31c27375 100644 --- a/mm/mprotect.c +++ b/mm/mprotect.c | |||
@@ -26,6 +26,13 @@ | |||
26 | #include <asm/cacheflush.h> | 26 | #include <asm/cacheflush.h> |
27 | #include <asm/tlbflush.h> | 27 | #include <asm/tlbflush.h> |
28 | 28 | ||
29 | #ifndef pgprot_modify | ||
30 | static inline pgprot_t pgprot_modify(pgprot_t oldprot, pgprot_t newprot) | ||
31 | { | ||
32 | return newprot; | ||
33 | } | ||
34 | #endif | ||
35 | |||
29 | static void change_pte_range(struct mm_struct *mm, pmd_t *pmd, | 36 | static void change_pte_range(struct mm_struct *mm, pmd_t *pmd, |
30 | unsigned long addr, unsigned long end, pgprot_t newprot, | 37 | unsigned long addr, unsigned long end, pgprot_t newprot, |
31 | int dirty_accountable) | 38 | int dirty_accountable) |
@@ -192,7 +199,9 @@ success: | |||
192 | * held in write mode. | 199 | * held in write mode. |
193 | */ | 200 | */ |
194 | vma->vm_flags = newflags; | 201 | vma->vm_flags = newflags; |
195 | vma->vm_page_prot = vm_get_page_prot(newflags); | 202 | vma->vm_page_prot = pgprot_modify(vma->vm_page_prot, |
203 | vm_get_page_prot(newflags)); | ||
204 | |||
196 | if (vma_wants_writenotify(vma)) { | 205 | if (vma_wants_writenotify(vma)) { |
197 | vma->vm_page_prot = vm_get_page_prot(newflags & ~VM_SHARED); | 206 | vma->vm_page_prot = vm_get_page_prot(newflags & ~VM_SHARED); |
198 | dirty_accountable = 1; | 207 | dirty_accountable = 1; |