[src/trunk]: src/sys/arch/i386/i386 - mmrw, mmmmap: reject accesses to unknow...

[yamt <yamt%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/bd6aaf979806
branches:  trunk
changeset: 587296:bd6aaf979806
user:      yamt <yamt%NetBSD.org@localhost>
date:      Thu Jan 19 13:34:11 2006 +0000

description:
- mmrw, mmmmap: reject accesses to unknown pa if securelevel > 0.
- mmmmap: remove physmem check.  it was wrong and superseded by the above.
- mmmmap: remove suser() check.  there's no point to limit the operation
  to root here, given that the almost same thing can be done by
  normal read and write.

diffstat:

 sys/arch/i386/i386/mem.c |  51 +++++++++++++++++++++++++++++++++++++++++------
 1 files changed, 44 insertions(+), 7 deletions(-)

diffs (92 lines):

diff -r 9d5f4c528719 -r bd6aaf979806 sys/arch/i386/i386/mem.c
--- a/sys/arch/i386/i386/mem.c  Thu Jan 19 09:32:37 2006 +0000
+++ b/sys/arch/i386/i386/mem.c  Thu Jan 19 13:34:11 2006 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: mem.c,v 1.61 2005/12/25 18:46:27 rpaulo Exp $  */
+/*     $NetBSD: mem.c,v 1.62 2006/01/19 13:34:11 yamt Exp $    */
 
 /*
  * Copyright (c) 1982, 1986, 1990, 1993
@@ -77,7 +77,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: mem.c,v 1.61 2005/12/25 18:46:27 rpaulo Exp $");
+__KERNEL_RCSID(0, "$NetBSD: mem.c,v 1.62 2006/01/19 13:34:11 yamt Exp $");
 
 #include "opt_compat_netbsd.h"
 
@@ -109,6 +109,7 @@
        nostop, notty, nopoll, mmmmap, nokqfilter,
 };
 
+static int check_pa_acc(paddr_t, vm_prot_t);
 
 /*ARGSUSED*/
 int
@@ -169,6 +170,10 @@
                        v = uio->uio_offset;
                        prot = uio->uio_rw == UIO_READ ? VM_PROT_READ :
                            VM_PROT_WRITE;
+                       error = check_pa_acc(uio->uio_offset, prot);
+                       if (error) {
+                               break;
+                       }
                        pmap_enter(pmap_kernel(), (vaddr_t)vmmap,
                            trunc_page(v), prot, PMAP_WIRED|prot);
                        pmap_update(pmap_kernel());
@@ -223,7 +228,6 @@
 paddr_t
 mmmmap(dev_t dev, off_t off, int prot)
 {
-       struct proc *p = curproc;       /* XXX */
 
        /*
         * /dev/mem is the only one that makes sense through this
@@ -234,9 +238,42 @@
         * pager in mmap().
         */
        if (minor(dev) != DEV_MEM)
-               return (-1);
+               return -1;
+
+       if (check_pa_acc(off, prot) != 0) {
+               return -1;
+       }
+
+       return x86_btop(off);
+}
+
+/* ---------------------------------------- */
+
+#include <sys/kcore.h>
+
+/*
+ * check_pa_acc: check if given pa is accessible.
+ */
 
-       if ((u_int)off > ctob(physmem) && suser(p->p_ucred, &p->p_acflag) != 0)
-               return (-1);
-       return (x86_btop((u_int)off));
+static int
+check_pa_acc(paddr_t pa, vm_prot_t prot)
+{
+       extern phys_ram_seg_t mem_clusters[VM_PHYSSEG_MAX];
+       extern int mem_cluster_cnt;
+       int i;
+
+       if (securelevel <= 0) {
+               return 0;
+       }
+
+       for (i = 0; i < mem_cluster_cnt; i++) {
+               const phys_ram_seg_t *seg = &mem_clusters[i];
+               paddr_t start = seg->start;
+
+               if (start <= pa && pa - start <= seg->size) {
+                       return 0;
+               }
+       }
+
+       return EPERM;
 }