Correct a security bug in copyuvm()
copyuvm() should not allow new copied pages to inherit more permissions than the original pages.
This commit is contained in:
parent
241c068066
commit
ff2783442e
1
mmu.h
1
mmu.h
|
@ -142,6 +142,7 @@ struct segdesc {
|
||||||
|
|
||||||
// Address in page table or page directory entry
|
// Address in page table or page directory entry
|
||||||
#define PTE_ADDR(pte) ((uint)(pte) & ~0xFFF)
|
#define PTE_ADDR(pte) ((uint)(pte) & ~0xFFF)
|
||||||
|
#define PTE_FLAGS(pte) ((uint)(pte) & 0xFFF)
|
||||||
|
|
||||||
#ifndef __ASSEMBLER__
|
#ifndef __ASSEMBLER__
|
||||||
typedef uint pte_t;
|
typedef uint pte_t;
|
||||||
|
|
5
vm.c
5
vm.c
|
@ -311,7 +311,7 @@ copyuvm(pde_t *pgdir, uint sz)
|
||||||
{
|
{
|
||||||
pde_t *d;
|
pde_t *d;
|
||||||
pte_t *pte;
|
pte_t *pte;
|
||||||
uint pa, i;
|
uint pa, i, flags;
|
||||||
char *mem;
|
char *mem;
|
||||||
|
|
||||||
if((d = setupkvm()) == 0)
|
if((d = setupkvm()) == 0)
|
||||||
|
@ -322,10 +322,11 @@ copyuvm(pde_t *pgdir, uint sz)
|
||||||
if(!(*pte & PTE_P))
|
if(!(*pte & PTE_P))
|
||||||
panic("copyuvm: page not present");
|
panic("copyuvm: page not present");
|
||||||
pa = PTE_ADDR(*pte);
|
pa = PTE_ADDR(*pte);
|
||||||
|
flags = PTE_FLAGS(*pte);
|
||||||
if((mem = kalloc()) == 0)
|
if((mem = kalloc()) == 0)
|
||||||
goto bad;
|
goto bad;
|
||||||
memmove(mem, (char*)p2v(pa), PGSIZE);
|
memmove(mem, (char*)p2v(pa), PGSIZE);
|
||||||
if(mappages(d, (void*)i, PGSIZE, v2p(mem), PTE_W|PTE_U) < 0)
|
if(mappages(d, (void*)i, PGSIZE, v2p(mem), flags) < 0)
|
||||||
goto bad;
|
goto bad;
|
||||||
}
|
}
|
||||||
return d;
|
return d;
|
||||||
|
|
Loading…
Reference in a new issue