From d2b2dff7490f2c4b8e91f79940fc46f0361c216c Mon Sep 17 00:00:00 2001
From: Robert Morris <rtm@csail.mit.edu>
Date: Tue, 4 Oct 2022 11:52:57 -0400
Subject: fix copyout() to refuse to write a read-only page

---
 kernel/vm.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'kernel/vm.c')

diff --git a/kernel/vm.c b/kernel/vm.c
index 9f69783..486945e 100644
--- a/kernel/vm.c
+++ b/kernel/vm.c
@@ -352,12 +352,17 @@ int
 copyout(pagetable_t pagetable, uint64 dstva, char *src, uint64 len)
 {
   uint64 n, va0, pa0;
+  pte_t *pte;
 
   while(len > 0){
     va0 = PGROUNDDOWN(dstva);
-    pa0 = walkaddr(pagetable, va0);
-    if(pa0 == 0)
+    if(va0 >= MAXVA)
+      return -1;
+    pte = walk(pagetable, va0, 0);
+    if(pte == 0 || (*pte & PTE_V) == 0 || (*pte & PTE_U) == 0 ||
+       (*pte & PTE_W) == 0)
       return -1;
+    pa0 = PTE2PA(*pte);
     n = PGSIZE - (dstva - va0);
     if(n > len)
       n = len;
-- 
cgit v1.2.3