direct-io.hg

changeset 11074:c0a3f670d0d6

[XEN] Add a missing access check to __gnttab_copy.

Signed-off-by: Steven Smith <sos22@cam.ac.uk>
author ssmith@weybridge.uk.xensource.com
date Mon Aug 14 10:45:45 2006 +0100 (2006-08-14)
parents d4c9a653907b
children eb66b68db7b1
files xen/common/grant_table.c
line diff
     1.1 --- a/xen/common/grant_table.c	Sun Aug 13 19:10:57 2006 +0100
     1.2 +++ b/xen/common/grant_table.c	Mon Aug 14 10:45:45 2006 +0100
     1.3 @@ -822,11 +822,20 @@ static void
     1.4      char *sp, *dp;
     1.5      s16 rc = GNTST_okay;
     1.6      int have_d_grant = 0, have_s_grant = 0;
     1.7 +    int src_is_gref, dest_is_gref;
     1.8  
     1.9      if ( ((op->source.offset + op->len) > PAGE_SIZE) ||
    1.10           ((op->dest.offset + op->len) > PAGE_SIZE) )
    1.11          PIN_FAIL(error_out, GNTST_bad_copy_arg, "copy beyond page area.\n");
    1.12  
    1.13 +    src_is_gref = op->flags & GNTCOPY_source_gref;
    1.14 +    dest_is_gref = op->flags & GNTCOPY_dest_gref;
    1.15 +
    1.16 +    if ( (op->source.domid != DOMID_SELF && !src_is_gref ) ||
    1.17 +         (op->dest.domid   != DOMID_SELF && !dest_is_gref)   )
    1.18 +        PIN_FAIL(error_out, GNTST_permission_denied,
    1.19 +                 "only allow copy-by-mfn for DOMID_SELF.\n");
    1.20 +
    1.21      if ( op->source.domid == DOMID_SELF )
    1.22      {
    1.23          sd = current->domain;
    1.24 @@ -849,7 +858,7 @@ static void
    1.25                   "couldn't find %d\n", op->dest.domid);
    1.26      }
    1.27  
    1.28 -    if ( op->flags & GNTCOPY_source_gref )
    1.29 +    if ( src_is_gref )
    1.30      {
    1.31          rc = __acquire_grant_for_copy(sd, op->source.u.ref, 1, &s_frame);
    1.32          if ( rc != GNTST_okay )
    1.33 @@ -864,7 +873,7 @@ static void
    1.34          PIN_FAIL(error_out, GNTST_general_error,
    1.35                   "could not get source frame %lx.\n", s_frame);
    1.36  
    1.37 -    if ( op->flags & GNTCOPY_dest_gref )
    1.38 +    if ( dest_is_gref )
    1.39      {
    1.40          rc = __acquire_grant_for_copy(dd, op->dest.u.ref, 0, &d_frame);
    1.41          if ( rc != GNTST_okay )