ia64/xen-unstable

changeset 575:956f93d4092c

bitkeeper revision 1.318 (3f0c0d32X6-3AFhzwevHsWBPIyJBTg)

Make sure that the page table updates pointed to by the
pgt_update_arr parameter of the DOPGUPDATES ioctl really are
direct mapped. It would also be valid to pin them in memory with
mlock, but it's too much effort to check that as well.
author sos22@labyrinth.cl.cam.ac.uk
date Wed Jul 09 12:40:18 2003 +0000 (2003-07-09)
parents 0ddcd1aeb420
children 17bca2096d98
files xenolinux-2.4.21-sparse/arch/xeno/drivers/dom0/dom0_core.c
line diff
     1.1 --- a/xenolinux-2.4.21-sparse/arch/xeno/drivers/dom0/dom0_core.c	Wed Jul 09 12:19:12 2003 +0000
     1.2 +++ b/xenolinux-2.4.21-sparse/arch/xeno/drivers/dom0/dom0_core.c	Wed Jul 09 12:40:18 2003 +0000
     1.3 @@ -50,6 +50,7 @@ static struct proc_dir_entry *dom_list_i
     1.4  int direct_unmap(struct mm_struct *, unsigned long, unsigned long);
     1.5  unsigned long direct_mmap(unsigned long phys_addr, unsigned long size, 
     1.6  			  pgprot_t prot, int flag, int tot_pages);
     1.7 +struct list_head * find_direct(struct list_head *, unsigned long);
     1.8  
     1.9  static ssize_t dom_usage_read(struct file * file, char * buff, size_t size, loff_t * off)
    1.10  {
    1.11 @@ -350,15 +351,25 @@ static int handle_dom0_cmd_unmapdommem(u
    1.12  
    1.13  static int handle_dom0_cmd_dopgupdates(unsigned long data)
    1.14  {
    1.15 -  struct dom0_dopgupdates_args argbuf;
    1.16 +    struct dom0_dopgupdates_args argbuf;
    1.17 +    struct list_head *entry;
    1.18 +    direct_mmap_node_t *node;
    1.19  
    1.20 -  if (copy_from_user(&argbuf, (void *)data, sizeof(argbuf)))
    1.21 -    return -EFAULT;
    1.22 +    if (copy_from_user(&argbuf, (void *)data, sizeof(argbuf)))
    1.23 +	return -EFAULT;
    1.24  
    1.25 -  /* argbuf.pgt_update_arr had better be direct mapped... */
    1.26 -  /* XXX check this */
    1.27 -  return HYPERVISOR_pt_update((void *)argbuf.pgt_update_arr,
    1.28 -			      argbuf.num_pgt_updates);
    1.29 +    /* argbuf.pgt_update_arr had better be direct mapped... */
    1.30 +    entry = find_direct(&current->mm->context.direct_list,
    1.31 +			argbuf.pgt_update_arr);
    1.32 +    if (entry == &current->mm->context.direct_list)
    1.33 +	return -EINVAL;
    1.34 +    node = list_entry(entry, direct_mmap_node_t, list);
    1.35 +    if (node->vm_start > argbuf.pgt_update_arr ||
    1.36 +	node->vm_end <= argbuf.pgt_update_arr * sizeof(page_update_request_t))
    1.37 +	return -EINVAL;
    1.38 +    
    1.39 +    return HYPERVISOR_pt_update((void *)argbuf.pgt_update_arr,
    1.40 +				argbuf.num_pgt_updates);
    1.41  }
    1.42  
    1.43  static int dom0_cmd_ioctl(struct inode *inode, struct file *file,