From: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>
Date: Sun, 8 Mar 2009 11:10:00 +0000 (-0700)
Subject: xen/privcmd: make sure vma is ours before doing anything to it
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=f31fdf510531333dea95f0a92e6eaa1c3a7541e2;p=GitHub%2Fexynos8895%2Fandroid_kernel_samsung_universal8895.git

xen/privcmd: make sure vma is ours before doing anything to it

Test vma->vm_ops is our operations to make sure we created it.
We don't want to stomp on other random vmas.

[ Impact: bugfix; prevent ioctl from affecting other mappings ]

Signed-off-by: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>
---

diff --git a/drivers/xen/xenfs/privcmd.c b/drivers/xen/xenfs/privcmd.c
index 6b602f505363..80526afd3063 100644
--- a/drivers/xen/xenfs/privcmd.c
+++ b/drivers/xen/xenfs/privcmd.c
@@ -310,6 +310,8 @@ static int mmap_return_errors(void *data, void *state)
 	return 0;
 }
 
+static struct vm_operations_struct privcmd_vm_ops;
+
 static long privcmd_ioctl_mmap_batch(void __user *udata)
 {
 	int ret;
@@ -341,6 +343,7 @@ static long privcmd_ioctl_mmap_batch(void __user *udata)
 	vma = find_vma(mm, m.addr);
 	ret = -EINVAL;
 	if (!vma ||
+	    vma->vm_ops != &privcmd_vm_ops ||
 	    (m.addr != vma->vm_start) ||
 	    ((m.addr + (nr_pages << PAGE_SHIFT)) != vma->vm_end) ||
 	    !privcmd_enforce_singleshot_mapping(vma)) {