ia64/xen-unstable
changeset 11095:c0a3f670d0d6
[XEN] Add a missing access check to __gnttab_copy.
Signed-off-by: Steven Smith <sos22@cam.ac.uk>
Signed-off-by: Steven Smith <sos22@cam.ac.uk>
| author | ssmith@weybridge.uk.xensource.com |
|---|---|
| date | Mon Aug 14 10:45:45 2006 +0100 (2006-08-14) |
| parents | d4c9a653907b |
| children | eb66b68db7b1 |
| files | xen/common/grant_table.c |
line diff
1.1 --- a/xen/common/grant_table.c Sun Aug 13 19:10:57 2006 +0100 1.2 +++ b/xen/common/grant_table.c Mon Aug 14 10:45:45 2006 +0100 1.3 @@ -822,11 +822,20 @@ static void 1.4 char *sp, *dp; 1.5 s16 rc = GNTST_okay; 1.6 int have_d_grant = 0, have_s_grant = 0; 1.7 + int src_is_gref, dest_is_gref; 1.8 1.9 if ( ((op->source.offset + op->len) > PAGE_SIZE) || 1.10 ((op->dest.offset + op->len) > PAGE_SIZE) ) 1.11 PIN_FAIL(error_out, GNTST_bad_copy_arg, "copy beyond page area.\n"); 1.12 1.13 + src_is_gref = op->flags & GNTCOPY_source_gref; 1.14 + dest_is_gref = op->flags & GNTCOPY_dest_gref; 1.15 + 1.16 + if ( (op->source.domid != DOMID_SELF && !src_is_gref ) || 1.17 + (op->dest.domid != DOMID_SELF && !dest_is_gref) ) 1.18 + PIN_FAIL(error_out, GNTST_permission_denied, 1.19 + "only allow copy-by-mfn for DOMID_SELF.\n"); 1.20 + 1.21 if ( op->source.domid == DOMID_SELF ) 1.22 { 1.23 sd = current->domain; 1.24 @@ -849,7 +858,7 @@ static void 1.25 "couldn't find %d\n", op->dest.domid); 1.26 } 1.27 1.28 - if ( op->flags & GNTCOPY_source_gref ) 1.29 + if ( src_is_gref ) 1.30 { 1.31 rc = __acquire_grant_for_copy(sd, op->source.u.ref, 1, &s_frame); 1.32 if ( rc != GNTST_okay ) 1.33 @@ -864,7 +873,7 @@ static void 1.34 PIN_FAIL(error_out, GNTST_general_error, 1.35 "could not get source frame %lx.\n", s_frame); 1.36 1.37 - if ( op->flags & GNTCOPY_dest_gref ) 1.38 + if ( dest_is_gref ) 1.39 { 1.40 rc = __acquire_grant_for_copy(dd, op->dest.u.ref, 0, &d_frame); 1.41 if ( rc != GNTST_okay )