Proper checks for kmem reads beyond _end

2003-10-14 22:33:29 +00:00 · 2003-10-14 22:33:29 +00:00 · 14cdf7ae6d
parent 768b79db69
commit 14cdf7ae6d
2 changed files with 26 additions and 7 deletions
--- a/sys/arch/amd64/amd64/machdep.c
+++ b/sys/arch/amd64/amd64/machdep.c
@ -1,4 +1,4 @@
-/*	$NetBSD: machdep.c,v 1.10 2003/10/13 18:45:59 fvdl Exp $	*/
+/*	$NetBSD: machdep.c,v 1.11 2003/10/14 22:33:29 fvdl Exp $	*/

 /*-
 * Copyright (c) 1996, 1997, 1998, 2000 The NetBSD Foundation, Inc.
@ -72,7 +72,7 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: machdep.c,v 1.10 2003/10/13 18:45:59 fvdl Exp $");
+__KERNEL_RCSID(0, "$NetBSD: machdep.c,v 1.11 2003/10/14 22:33:29 fvdl Exp $");

 #include "opt_user_ldt.h"
 #include "opt_ddb.h"
@ -192,6 +192,7 @@ vaddr_t lkm_start, lkm_end;
 static struct vm_map lkm_map_store;
 extern struct vm_map *lkm_map;
 #endif
+vaddr_t kern_end;

 struct vm_map *exec_map = NULL;
 struct vm_map *mb_map = NULL;
@ -1337,8 +1338,9 @@ init_x86_64(first_avail)
 	/* Make sure the end of the space used by the kernel is rounded. */
 	first_avail = round_page(first_avail);

+	kern_end = KERNBASE + first_avail;
 #ifdef LKM
-	lkm_start = KERNBASE + first_avail;
+	lkm_start = kern_end;
 	lkm_end = KERNBASE + NKL2_KIMG_ENTRIES * NBPD_L2;
 #endif

--- a/sys/arch/amd64/amd64/mem.c
+++ b/sys/arch/amd64/amd64/mem.c
@ -1,4 +1,4 @@
-/*	$NetBSD: mem.c,v 1.3 2003/08/07 16:26:35 agc Exp $	*/
+/*	$NetBSD: mem.c,v 1.4 2003/10/14 22:33:29 fvdl Exp $	*/

 /*
 * Copyright (c) 1982, 1986, 1990, 1993
@ -73,7 +73,7 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: mem.c,v 1.3 2003/08/07 16:26:35 agc Exp $");
+__KERNEL_RCSID(0, "$NetBSD: mem.c,v 1.4 2003/10/14 22:33:29 fvdl Exp $");

 #include "opt_compat_netbsd.h"

@ -89,6 +89,9 @@ __KERNEL_RCSID(0, "$NetBSD: mem.c,v 1.3 2003/08/07 16:26:35 agc Exp $");
 #include <sys/proc.h>
 #include <sys/fcntl.h>
 #include <sys/conf.h>
+#ifdef LKM
+#include <sys/lkm.h>
+#endif

 #include <machine/cpu.h>

@ -97,6 +100,10 @@ __KERNEL_RCSID(0, "$NetBSD: mem.c,v 1.3 2003/08/07 16:26:35 agc Exp $");
 extern char *vmmap;            /* poor name! */
 caddr_t zeropage;
 extern int start, end, etext;
+extern vaddr_t kern_end;
+#ifdef LKM
+extern vaddr_t lkm_start, lkm_end;
+#endif

 dev_type_read(mmrw);
 dev_type_ioctl(mmioctl);
@ -159,11 +166,21 @@ mmrw(dev, uio, flags)
 		case DEV_KMEM:
 			v = uio->uio_offset;
 			c = min(iov->iov_len, MAXPHYS);
-			if (v >= (vaddr_t)&start && (v + c) < (vaddr_t)&end) {
+			if (v >= (vaddr_t)&start && v <
+			    (vaddr_t)kern_end) {
 				if (v < (vaddr_t)&etext &&
 				    uio->uio_rw == UIO_WRITE)
 					return EFAULT;
-			} else {
+			}
+#ifdef LKM
+			else if (v >= lkm_start && v < lkm_end) {
+				if (!uvm_map_checkprot(lkm_map, v, v + c,
+				    uio->uio_rw == UIO_READ ?
+				    VM_PROT_READ: VM_PROT_WRITE))
+					return EFAULT;
+			}
+#endif
+			else {
 				if (!uvm_kernacc((caddr_t)v, c,
 				    uio->uio_rw == UIO_READ ? B_READ : B_WRITE))
 					return EFAULT;