Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f31fdf51 authored by Jeremy Fitzhardinge's avatar Jeremy Fitzhardinge
Browse files

xen/privcmd: make sure vma is ours before doing anything to it 



Test vma->vm_ops is our operations to make sure we created it.
We don't want to stomp on other random vmas.

[ Impact: bugfix; prevent ioctl from affecting other mappings ]

Signed-off-by: default avatarJeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>
parent 441c7416

drivers/xen/xenfs/privcmd.c

+3 −0
Original line number Diff line number Diff line
@@ -310,6 +310,8 @@ static int mmap_return_errors(void *data, void *state) 
	return 0;

}



static struct vm_operations_struct privcmd_vm_ops;



static long privcmd_ioctl_mmap_batch(void __user *udata)

{

	int ret;
@@ -341,6 +343,7 @@ static long privcmd_ioctl_mmap_batch(void __user *udata) 
	vma = find_vma(mm, m.addr);

	ret = -EINVAL;

	if (!vma ||

	    vma->vm_ops != &privcmd_vm_ops ||

	    (m.addr != vma->vm_start) ||

	    ((m.addr + (nr_pages << PAGE_SHIFT)) != vma->vm_end) ||

	    !privcmd_enforce_singleshot_mapping(vma)) {