Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/arch Don't allow userland to create 286/386 call gates a...



details:   https://anonhg.NetBSD.org/src/rev/cdb426588317
branches:  trunk
changeset: 356073:cdb426588317
user:      maxv <maxv%NetBSD.org@localhost>
date:      Wed Aug 30 15:44:01 2017 +0000

description:
Don't allow userland to create 286/386 call gates anymore - they are not
used by Wine. While here, don't allow it to overwrite the static entries
either, don't allow unknown entry types, remove LDT_DEBUG, and style.

diffstat:

 sys/arch/amd64/conf/ALL        |    5 +-
 sys/arch/i386/conf/ALL         |    5 +-
 sys/arch/x86/x86/sys_machdep.c |  108 ++++++++++------------------------------
 3 files changed, 32 insertions(+), 86 deletions(-)

diffs (291 lines):

diff -r 760a595f73c5 -r cdb426588317 sys/arch/amd64/conf/ALL
--- a/sys/arch/amd64/conf/ALL   Wed Aug 30 15:34:57 2017 +0000
+++ b/sys/arch/amd64/conf/ALL   Wed Aug 30 15:44:01 2017 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: ALL,v 1.67 2017/08/13 08:48:30 christos Exp $
+# $NetBSD: ALL,v 1.68 2017/08/30 15:44:01 maxv Exp $
 # From NetBSD: GENERIC,v 1.787 2006/10/01 18:37:54 bouyer Exp
 #
 # ALL machine description file
@@ -17,7 +17,7 @@
 
 options        INCLUDE_CONFIG_FILE     # embed config file in kernel binary
 
-#ident         "ALL-$Revision: 1.67 $"
+#ident         "ALL-$Revision: 1.68 $"
 
 maxusers       64              # estimated number of users
 
@@ -2078,7 +2078,6 @@
 options KUE_DEBUG
 options LANA_DEBUG
 options LCD_DEBUG
-options LDT_DEBUG
 options LEDEBUG
 options LE_DEBUG
 options LIFDEBUG
diff -r 760a595f73c5 -r cdb426588317 sys/arch/i386/conf/ALL
--- a/sys/arch/i386/conf/ALL    Wed Aug 30 15:34:57 2017 +0000
+++ b/sys/arch/i386/conf/ALL    Wed Aug 30 15:44:01 2017 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: ALL,v 1.427 2017/08/13 08:48:30 christos Exp $
+# $NetBSD: ALL,v 1.428 2017/08/30 15:44:01 maxv Exp $
 # From NetBSD: GENERIC,v 1.787 2006/10/01 18:37:54 bouyer Exp
 #
 # ALL machine description file
@@ -17,7 +17,7 @@
 
 options        INCLUDE_CONFIG_FILE     # embed config file in kernel binary
 
-#ident         "ALL-$Revision: 1.427 $"
+#ident         "ALL-$Revision: 1.428 $"
 
 maxusers       64              # estimated number of users
 
@@ -2225,7 +2225,6 @@
 options KUE_DEBUG
 options LANA_DEBUG
 options LCD_DEBUG
-options LDT_DEBUG
 options LEDEBUG
 options LE_DEBUG
 options LIFDEBUG
diff -r 760a595f73c5 -r cdb426588317 sys/arch/x86/x86/sys_machdep.c
--- a/sys/arch/x86/x86/sys_machdep.c    Wed Aug 30 15:34:57 2017 +0000
+++ b/sys/arch/x86/x86/sys_machdep.c    Wed Aug 30 15:44:01 2017 +0000
@@ -1,11 +1,11 @@
-/*     $NetBSD: sys_machdep.c,v 1.37 2017/08/12 07:21:57 maxv Exp $    */
+/*     $NetBSD: sys_machdep.c,v 1.38 2017/08/30 15:44:01 maxv Exp $    */
 
-/*-
- * Copyright (c) 1998, 2007, 2009 The NetBSD Foundation, Inc.
+/*
+ * Copyright (c) 1998, 2007, 2009, 2017 The NetBSD Foundation, Inc.
  * All rights reserved.
  *
  * This code is derived from software contributed to The NetBSD Foundation
- * by Charles M. Hannum, and by Andrew Doran.
+ * by Charles M. Hannum, by Andrew Doran, and by Maxime Villard.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: sys_machdep.c,v 1.37 2017/08/12 07:21:57 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: sys_machdep.c,v 1.38 2017/08/30 15:44:01 maxv Exp $");
 
 #include "opt_mtrr.h"
 #include "opt_pmc.h"
@@ -110,19 +110,6 @@
 int x86_get_sdbase32(void *, char);
 int x86_get_sdbase(void *, char);
 
-#if defined(USER_LDT) && defined(LDT_DEBUG)
-static void x86_print_ldt(int, const struct segment_descriptor *);
-
-static void
-x86_print_ldt(int i, const struct segment_descriptor *d)
-{
-       printf("[%d] lolimit=0x%x, lobase=0x%x, type=%u, dpl=%u, p=%u, "
-           "hilimit=0x%x, xx=%x, def32=%u, gran=%u, hibase=0x%x\n",
-           i, d->sd_lolimit, d->sd_lobase, d->sd_type, d->sd_dpl, d->sd_p,
-           d->sd_hilimit, d->sd_xx, d->sd_def32, d->sd_gran, d->sd_hibase);
-}
-#endif
-
 int
 x86_get_ldt(struct lwp *l, void *args, register_t *retval)
 {
@@ -165,24 +152,23 @@
        int nldt, num;
        union descriptor *lp;
 
+#ifdef __x86_64__
+       const size_t min_ldt_size = LDT_SIZE;
+#else
+       const size_t min_ldt_size = NLDT * sizeof(union descriptor);
+#endif
+
        error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_LDT_GET,
            NULL, NULL, NULL, NULL);
        if (error)
-               return (error);
-
-#ifdef LDT_DEBUG
-       printf("x86_get_ldt: start=%d num=%d descs=%p\n", ua->start,
-           ua->num, ua->desc);
-#endif
+               return error;
 
        if (ua->start < 0 || ua->num < 0 || ua->start > 8192 || ua->num > 8192 ||
            ua->start + ua->num > 8192)
-               return (EINVAL);
+               return EINVAL;
 
-#ifdef __x86_64__
-       if (ua->start * sizeof(union descriptor) < LDT_SIZE)
+       if (ua->start * sizeof(union descriptor) < min_ldt_size)
                return EINVAL;
-#endif
 
        mutex_enter(&cpu_lock);
 
@@ -200,19 +186,12 @@
 
        if (ua->start > nldt) {
                mutex_exit(&cpu_lock);
-               return (EINVAL);
+               return EINVAL;
        }
 
        lp += ua->start;
        num = min(ua->num, nldt - ua->start);
        ua->num = num;
-#ifdef LDT_DEBUG
-       {
-               int i;
-               for (i = 0; i < num; i++)
-                       x86_print_ldt(i, &lp[i].sd);
-       }
-#endif
 
        memcpy(cp, lp, num * sizeof(union descriptor));
        mutex_exit(&cpu_lock);
@@ -232,7 +211,7 @@
        int error;
 
        if ((error = copyin(args, &ua, sizeof(ua))) != 0)
-               return (error);
+               return error;
 
        if (ua.num < 0 || ua.num > 8192)
                return EINVAL;
@@ -273,16 +252,14 @@
        error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_LDT_SET,
            NULL, NULL, NULL, NULL);
        if (error)
-               return (error);
+               return error;
 
        if (ua->start < 0 || ua->num < 0 || ua->start > 8192 || ua->num > 8192 ||
            ua->start + ua->num > 8192)
-               return (EINVAL);
+               return EINVAL;
 
-#ifdef __x86_64__
-       if (ua->start * sizeof(union descriptor) < LDT_SIZE)
+       if (ua->start * sizeof(union descriptor) < min_ldt_size)
                return EINVAL;
-#endif
 
        /* Check descriptors for access violations. */
        for (i = 0; i < ua->num; i++) {
@@ -292,29 +269,6 @@
                case SDT_SYSNULL:
                        desc->sd.sd_p = 0;
                        break;
-#ifdef __x86_64__
-               case SDT_SYS286CGT:
-               case SDT_SYS386CGT:
-                       /* We don't allow these on amd64. */
-                       return EACCES;
-#else
-               case SDT_SYS286CGT:
-               case SDT_SYS386CGT:
-                       /*
-                        * Only allow call gates targeting a segment
-                        * in the LDT or a user segment in the fixed
-                        * part of the gdt.  Segments in the LDT are
-                        * constrained (below) to be user segments.
-                        */
-                       if (desc->gd.gd_p != 0 &&
-                           !ISLDT(desc->gd.gd_selector) &&
-                           ((IDXSEL(desc->gd.gd_selector) >= NGDT) ||
-                            (gdtstore[IDXSEL(desc->gd.gd_selector)].sd.sd_dpl !=
-                                SEL_UPL))) {
-                               return EACCES;
-                       }
-                       break;
-#endif
                case SDT_MEMEC:
                case SDT_MEMEAC:
                case SDT_MEMERC:
@@ -337,13 +291,7 @@
                case SDT_MEMERA:
                        break;
                default:
-                       /*
-                        * Make sure that unknown descriptor types are
-                        * not marked present.
-                        */
-                       if (desc->sd.sd_p != 0)
-                               return EACCES;
-                       break;
+                       return EACCES;
                }
 
                if (desc->sd.sd_p != 0) {
@@ -441,7 +389,7 @@
        error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_IOPL,
            NULL, NULL, NULL, NULL);
        if (error)
-               return (error);
+               return error;
 
        if ((error = copyin(args, &ua, sizeof(ua))) != 0)
                return error;
@@ -492,10 +440,10 @@
        error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_IOPERM_GET,
            NULL, NULL, NULL, NULL);
        if (error)
-               return (error);
+               return error;
 
        if ((error = copyin(args, &ua, sizeof(ua))) != 0)
-               return (error);
+               return error;
 
        iomap = pcb->pcb_iomap;
        if (iomap == NULL) {
@@ -526,10 +474,10 @@
        error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_IOPERM_SET,
            NULL, NULL, NULL, NULL);
        if (error)
-               return (error);
+               return error;
 
        if ((error = copyin(args, &ua, sizeof(ua))) != 0)
-               return (error);
+               return error;
 
        new = kmem_alloc(IOMAPSIZE, KM_SLEEP);
        error = copyin(ua.iomap, new, IOMAPSIZE);
@@ -569,7 +517,7 @@
        error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_MTRR_GET,
            NULL, NULL, NULL, NULL);
        if (error)
-               return (error);
+               return error;
 
        error = copyin(args, &ua, sizeof ua);
        if (error != 0)
@@ -604,7 +552,7 @@
        error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_MTRR_SET,
            NULL, NULL, NULL, NULL);
        if (error)
-               return (error);
+               return error;
 
        error = copyin(args, &ua, sizeof ua);
        if (error != 0)
@@ -868,7 +816,7 @@
                error = EINVAL;
                break;
        }
-       return (error);
+       return error;
 }
 
 int



Home | Main Index | Thread Index | Old Index