Correct a security bug in copyuvm()

copyuvm() should not allow new copied pages to inherit more permissions than the original pages.
author: Stephen Tu <[email protected]> 2013-03-04 16:16:54 -0500
committer: Austin Clements <[email protected]> 2013-03-04 16:16:54 -0500
commit: ff2783442ea2801a4bf6c76f198f36a6e985e7dd (patch)
tree: a7f1ac2325465a23c274f1e531ac3b2db376f0d3 /vm.c
parent: 241c068066c51e9e06adf6d45834b97a50d029cf (diff)
download: xv6-labs-ff2783442ea2801a4bf6c76f198f36a6e985e7dd.tar.gz
xv6-labs-ff2783442ea2801a4bf6c76f198f36a6e985e7dd.tar.bz2
xv6-labs-ff2783442ea2801a4bf6c76f198f36a6e985e7dd.zip
1 files changed, 3 insertions, 2 deletions
diff --git a/vm.c b/vm.c
index dde56b7..4cffb58 100644
--- a/vm.c
+++ b/vm.c
@@ -311,7 +311,7 @@ copyuvm(pde_t *pgdir, uint sz)
 {
   pde_t *d;
   pte_t *pte;
-  uint pa, i;
+  uint pa, i, flags;
   char *mem;
 
   if((d = setupkvm()) == 0)
@@ -322,10 +322,11 @@ copyuvm(pde_t *pgdir, uint sz)
     if(!(*pte & PTE_P))
       panic("copyuvm: page not present");
     pa = PTE_ADDR(*pte);
+    flags = PTE_FLAGS(*pte);
     if((mem = kalloc()) == 0)
       goto bad;
     memmove(mem, (char*)p2v(pa), PGSIZE);
-    if(mappages(d, (void*)i, PGSIZE, v2p(mem), PTE_W|PTE_U) < 0)
+    if(mappages(d, (void*)i, PGSIZE, v2p(mem), flags) < 0)
       goto bad;
   }
   return d;
author	Stephen Tu <[email protected]>	2013-03-04 16:16:54 -0500
committer	Austin Clements <[email protected]>	2013-03-04 16:16:54 -0500
commit	ff2783442ea2801a4bf6c76f198f36a6e985e7dd (patch)
tree	a7f1ac2325465a23c274f1e531ac3b2db376f0d3 /vm.c
parent	241c068066c51e9e06adf6d45834b97a50d029cf (diff)
download	xv6-labs-ff2783442ea2801a4bf6c76f198f36a6e985e7dd.tar.gz xv6-labs-ff2783442ea2801a4bf6c76f198f36a6e985e7dd.tar.bz2 xv6-labs-ff2783442ea2801a4bf6c76f198f36a6e985e7dd.zip