diff options
author | Stephen Tu <[email protected]> | 2013-03-04 16:16:54 -0500 |
---|---|---|
committer | Austin Clements <[email protected]> | 2013-03-04 16:16:54 -0500 |
commit | ff2783442ea2801a4bf6c76f198f36a6e985e7dd (patch) | |
tree | a7f1ac2325465a23c274f1e531ac3b2db376f0d3 /vm.c | |
parent | 241c068066c51e9e06adf6d45834b97a50d029cf (diff) | |
download | xv6-labs-ff2783442ea2801a4bf6c76f198f36a6e985e7dd.tar.gz xv6-labs-ff2783442ea2801a4bf6c76f198f36a6e985e7dd.tar.bz2 xv6-labs-ff2783442ea2801a4bf6c76f198f36a6e985e7dd.zip |
Correct a security bug in copyuvm()
copyuvm() should not allow new copied pages to inherit more
permissions than the original pages.
Diffstat (limited to 'vm.c')
-rw-r--r-- | vm.c | 5 |
1 files changed, 3 insertions, 2 deletions
@@ -311,7 +311,7 @@ copyuvm(pde_t *pgdir, uint sz) { pde_t *d; pte_t *pte; - uint pa, i; + uint pa, i, flags; char *mem; if((d = setupkvm()) == 0) @@ -322,10 +322,11 @@ copyuvm(pde_t *pgdir, uint sz) if(!(*pte & PTE_P)) panic("copyuvm: page not present"); pa = PTE_ADDR(*pte); + flags = PTE_FLAGS(*pte); if((mem = kalloc()) == 0) goto bad; memmove(mem, (char*)p2v(pa), PGSIZE); - if(mappages(d, (void*)i, PGSIZE, v2p(mem), PTE_W|PTE_U) < 0) + if(mappages(d, (void*)i, PGSIZE, v2p(mem), flags) < 0) goto bad; } return d; |