Correct a security bug in copyuvm()

copyuvm() should not allow new copied pages to inherit more permissions than the original pages.

Correct a security bug in copyuvm()
ff278344 · Stephen Tu · Austin Clements · 241c0680 · ff278344 · ff278344
--- a/mmu.h
+++ b/mmu.h
@@ -142,6 +142,7 @@ struct segdesc {
 // Address in page table or page directory entry
 #define PTE_ADDR(pte)   ((uint)(pte) & ~0xFFF)
+#define PTE_FLAGS(pte)  ((uint)(pte) &  0xFFF)
 #ifndef __ASSEMBLER__
 typedef uint pte_t;

--- a/vm.c
+++ b/vm.c
@@ -311,7 +311,7 @@ copyuvm(pde_t *pgdir, uint sz)
 {
  pde_t *d;
  pte_t *pte;
-  uint pa, i;
+  uint pa, i, flags;
  char *mem;
  if((d = setupkvm()) == 0)
@@ -322,10 +322,11 @@ copyuvm(pde_t *pgdir, uint sz)
    if(!(*pte & PTE_P))
      panic("copyuvm: page not present");
    pa = PTE_ADDR(*pte);
+    flags = PTE_FLAGS(*pte);
    if((mem = kalloc()) == 0)
      goto bad;
    memmove(mem, (char*)p2v(pa), PGSIZE);
-    if(mappages(d, (void*)i, PGSIZE, v2p(mem), PTE_W|PTE_U) < 0)
+    if(mappages(d, (void*)i, PGSIZE, v2p(mem), flags) < 0)
      goto bad;
  }
  return d;