xen/privcmd: make sure vma is ours before doing anything to it
Test vma->vm_ops is our operations to make sure we created it.
We don't want to stomp on other random vmas.
[ Impact: bugfix; prevent ioctl from affecting other mappings ]
Signed-off-by: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>
diff --git a/drivers/xen/xenfs/privcmd.c b/drivers/xen/xenfs/privcmd.c
index 6b602f5..80526af 100644
--- a/drivers/xen/xenfs/privcmd.c
+++ b/drivers/xen/xenfs/privcmd.c
@@ -310,6 +310,8 @@
return 0;
}
+static struct vm_operations_struct privcmd_vm_ops;
+
static long privcmd_ioctl_mmap_batch(void __user *udata)
{
int ret;
@@ -341,6 +343,7 @@
vma = find_vma(mm, m.addr);
ret = -EINVAL;
if (!vma ||
+ vma->vm_ops != &privcmd_vm_ops ||
(m.addr != vma->vm_start) ||
((m.addr + (nr_pages << PAGE_SHIFT)) != vma->vm_end) ||
!privcmd_enforce_singleshot_mapping(vma)) {