fix copyout() to refuse to write a read-only page

2 files changed, 8 insertions, 3 deletions

diff --git a/kernel/trampoline.S b/kernel/trampoline.S
index d7308cc..693f8a1 100644
--- a/kernel/trampoline.S
+++ b/kernel/trampoline.S
@@ -15,6 +15,7 @@
 
 .section trampsec
 .globl trampoline
+.globl usertrap
 trampoline:
 .align 4
 .globl uservec
@@ -80,7 +81,6 @@ uservec:
         # load the address of usertrap(), from p->trapframe->kernel_trap
         ld t0, 16(a0)
 
-
         # fetch the kernel page table address, from p->trapframe->kernel_satp.
         ld t1, 0(a0)
 
diff --git a/kernel/vm.c b/kernel/vm.c
index 9f69783..486945e 100644
--- a/kernel/vm.c
+++ b/kernel/vm.c
@@ -352,12 +352,17 @@ int
 copyout(pagetable_t pagetable, uint64 dstva, char *src, uint64 len)
 {
   uint64 n, va0, pa0;
+  pte_t *pte;
 
   while(len > 0){
     va0 = PGROUNDDOWN(dstva);
-    pa0 = walkaddr(pagetable, va0);
-    if(pa0 == 0)
+    if(va0 >= MAXVA)
+      return -1;
+    pte = walk(pagetable, va0, 0);
+    if(pte == 0 || (*pte & PTE_V) == 0 || (*pte & PTE_U) == 0 ||
+       (*pte & PTE_W) == 0)
       return -1;
+    pa0 = PTE2PA(*pte);
     n = PGSIZE - (dstva - va0);
     if(n > len)
       n = len;