aboutsummaryrefslogtreecommitdiff
path: root/include
diff options
context:
space:
mode:
authorVenki Pallipadi <venkatesh.pallipadi@intel.com>2008-05-14 16:05:51 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2008-05-14 19:11:15 -0700
commit1c12c4cf9411eb130b245fa8d0fbbaf989477c7b (patch)
treef61d58e955b3159007ef77513c1c4f1ed2c9ec23 /include
parent44c81433e8b05dbc85985d939046f10f95901184 (diff)
mprotect: prevent alteration of the PAT bits
There is a defect in mprotect, which lets the user change the page cache type bits by-passing the kernel reserve_memtype and free_memtype wrappers. Fix the problem by not letting mprotect change the PAT bits. Signed-off-by: Venkatesh Pallipadi <venkatesh.pallipadi@intel.com> Signed-off-by: Suresh Siddha <suresh.b.siddha@intel.com> Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Hugh Dickins <hugh@veritas.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'include')
-rw-r--r--include/asm-x86/pgtable.h16
1 files changed, 13 insertions, 3 deletions
diff --git a/include/asm-x86/pgtable.h b/include/asm-x86/pgtable.h
index 801b31f7145..55c3a0e3a8c 100644
--- a/include/asm-x86/pgtable.h
+++ b/include/asm-x86/pgtable.h
@@ -57,7 +57,8 @@
#define _KERNPG_TABLE (_PAGE_PRESENT | _PAGE_RW | _PAGE_ACCESSED | \
_PAGE_DIRTY)
-#define _PAGE_CHG_MASK (PTE_MASK | _PAGE_ACCESSED | _PAGE_DIRTY)
+#define _PAGE_CHG_MASK (PTE_MASK | _PAGE_PCD | _PAGE_PWT | \
+ _PAGE_ACCESSED | _PAGE_DIRTY)
#define _PAGE_CACHE_MASK (_PAGE_PCD | _PAGE_PWT)
#define _PAGE_CACHE_WB (0)
@@ -288,12 +289,21 @@ static inline pte_t pte_modify(pte_t pte, pgprot_t newprot)
* Chop off the NX bit (if present), and add the NX portion of
* the newprot (if present):
*/
- val &= _PAGE_CHG_MASK & ~_PAGE_NX;
- val |= pgprot_val(newprot) & __supported_pte_mask;
+ val &= _PAGE_CHG_MASK;
+ val |= pgprot_val(newprot) & (~_PAGE_CHG_MASK) & __supported_pte_mask;
return __pte(val);
}
+/* mprotect needs to preserve PAT bits when updating vm_page_prot */
+#define pgprot_modify pgprot_modify
+static inline pgprot_t pgprot_modify(pgprot_t oldprot, pgprot_t newprot)
+{
+ pgprotval_t preservebits = pgprot_val(oldprot) & _PAGE_CHG_MASK;
+ pgprotval_t addbits = pgprot_val(newprot);
+ return __pgprot(preservebits | addbits);
+}
+
#define pte_pgprot(x) __pgprot(pte_val(x) & (0xfff | _PAGE_NX))
#define canon_pgprot(p) __pgprot(pgprot_val(p) & __supported_pte_mask)