From 14cdf7ae6d7011b9a7f5221081da743fd54b0f13 Mon Sep 17 00:00:00 2001
From: fvdl <fvdl@NetBSD.org>
Date: Tue, 14 Oct 2003 22:33:29 +0000
Subject: [PATCH] Proper checks for kmem reads beyond _end

---
 sys/arch/amd64/amd64/machdep.c |  8 +++++---
 sys/arch/amd64/amd64/mem.c     | 25 +++++++++++++++++++++----
 2 files changed, 26 insertions(+), 7 deletions(-)

diff --git a/sys/arch/amd64/amd64/machdep.c b/sys/arch/amd64/amd64/machdep.c
index f5146bfb0ef3..838d9c601588 100644
--- a/sys/arch/amd64/amd64/machdep.c
+++ b/sys/arch/amd64/amd64/machdep.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: machdep.c,v 1.10 2003/10/13 18:45:59 fvdl Exp $	*/
+/*	$NetBSD: machdep.c,v 1.11 2003/10/14 22:33:29 fvdl Exp $	*/
 
 /*-
  * Copyright (c) 1996, 1997, 1998, 2000 The NetBSD Foundation, Inc.
@@ -72,7 +72,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: machdep.c,v 1.10 2003/10/13 18:45:59 fvdl Exp $");
+__KERNEL_RCSID(0, "$NetBSD: machdep.c,v 1.11 2003/10/14 22:33:29 fvdl Exp $");
 
 #include "opt_user_ldt.h"
 #include "opt_ddb.h"
@@ -192,6 +192,7 @@ vaddr_t lkm_start, lkm_end;
 static struct vm_map lkm_map_store;
 extern struct vm_map *lkm_map;
 #endif
+vaddr_t kern_end;
 
 struct vm_map *exec_map = NULL;
 struct vm_map *mb_map = NULL;
@@ -1337,8 +1338,9 @@ init_x86_64(first_avail)
 	/* Make sure the end of the space used by the kernel is rounded. */
 	first_avail = round_page(first_avail);
 
+	kern_end = KERNBASE + first_avail;
 #ifdef LKM
-	lkm_start = KERNBASE + first_avail;
+	lkm_start = kern_end;
 	lkm_end = KERNBASE + NKL2_KIMG_ENTRIES * NBPD_L2;
 #endif
 
diff --git a/sys/arch/amd64/amd64/mem.c b/sys/arch/amd64/amd64/mem.c
index 3ca756aefcb5..dcb043e291d0 100644
--- a/sys/arch/amd64/amd64/mem.c
+++ b/sys/arch/amd64/amd64/mem.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: mem.c,v 1.3 2003/08/07 16:26:35 agc Exp $	*/
+/*	$NetBSD: mem.c,v 1.4 2003/10/14 22:33:29 fvdl Exp $	*/
 
 /*
  * Copyright (c) 1982, 1986, 1990, 1993
@@ -73,7 +73,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: mem.c,v 1.3 2003/08/07 16:26:35 agc Exp $");
+__KERNEL_RCSID(0, "$NetBSD: mem.c,v 1.4 2003/10/14 22:33:29 fvdl Exp $");
 
 #include "opt_compat_netbsd.h"
 
@@ -89,6 +89,9 @@ __KERNEL_RCSID(0, "$NetBSD: mem.c,v 1.3 2003/08/07 16:26:35 agc Exp $");
 #include <sys/proc.h>
 #include <sys/fcntl.h>
 #include <sys/conf.h>
+#ifdef LKM
+#include <sys/lkm.h>
+#endif
 
 #include <machine/cpu.h>
 
@@ -97,6 +100,10 @@ __KERNEL_RCSID(0, "$NetBSD: mem.c,v 1.3 2003/08/07 16:26:35 agc Exp $");
 extern char *vmmap;            /* poor name! */
 caddr_t zeropage;
 extern int start, end, etext;
+extern vaddr_t kern_end;
+#ifdef LKM
+extern vaddr_t lkm_start, lkm_end;
+#endif
 
 dev_type_read(mmrw);
 dev_type_ioctl(mmioctl);
@@ -159,11 +166,21 @@ mmrw(dev, uio, flags)
 		case DEV_KMEM:
 			v = uio->uio_offset;
 			c = min(iov->iov_len, MAXPHYS);
-			if (v >= (vaddr_t)&start && (v + c) < (vaddr_t)&end) {
+			if (v >= (vaddr_t)&start && v <
+			    (vaddr_t)kern_end) {
 				if (v < (vaddr_t)&etext &&
 				    uio->uio_rw == UIO_WRITE)
 					return EFAULT;
-			} else {
+			}
+#ifdef LKM
+			else if (v >= lkm_start && v < lkm_end) {
+				if (!uvm_map_checkprot(lkm_map, v, v + c,
+				    uio->uio_rw == UIO_READ ?
+				    VM_PROT_READ: VM_PROT_WRITE))
+					return EFAULT;
+			}
+#endif
+			else {
 				if (!uvm_kernacc((caddr_t)v, c,
 				    uio->uio_rw == UIO_READ ? B_READ : B_WRITE))
 					return EFAULT;