Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/arch Don't allow userland to create 286/386 call gates a...
details: https://anonhg.NetBSD.org/src/rev/f5db2378b337
branches: trunk
changeset: 826374:f5db2378b337
user: maxv <maxv%NetBSD.org@localhost>
date: Wed Aug 30 15:44:01 2017 +0000
description:
Don't allow userland to create 286/386 call gates anymore - they are not
used by Wine. While here, don't allow it to overwrite the static entries
either, don't allow unknown entry types, remove LDT_DEBUG, and style.
diffstat:
sys/arch/amd64/conf/ALL | 5 +-
sys/arch/i386/conf/ALL | 5 +-
sys/arch/x86/x86/sys_machdep.c | 108 ++++++++++------------------------------
3 files changed, 32 insertions(+), 86 deletions(-)
diffs (291 lines):
diff -r 6c1fc23c3b0d -r f5db2378b337 sys/arch/amd64/conf/ALL
--- a/sys/arch/amd64/conf/ALL Wed Aug 30 15:34:57 2017 +0000
+++ b/sys/arch/amd64/conf/ALL Wed Aug 30 15:44:01 2017 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: ALL,v 1.67 2017/08/13 08:48:30 christos Exp $
+# $NetBSD: ALL,v 1.68 2017/08/30 15:44:01 maxv Exp $
# From NetBSD: GENERIC,v 1.787 2006/10/01 18:37:54 bouyer Exp
#
# ALL machine description file
@@ -17,7 +17,7 @@
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "ALL-$Revision: 1.67 $"
+#ident "ALL-$Revision: 1.68 $"
maxusers 64 # estimated number of users
@@ -2078,7 +2078,6 @@
options KUE_DEBUG
options LANA_DEBUG
options LCD_DEBUG
-options LDT_DEBUG
options LEDEBUG
options LE_DEBUG
options LIFDEBUG
diff -r 6c1fc23c3b0d -r f5db2378b337 sys/arch/i386/conf/ALL
--- a/sys/arch/i386/conf/ALL Wed Aug 30 15:34:57 2017 +0000
+++ b/sys/arch/i386/conf/ALL Wed Aug 30 15:44:01 2017 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: ALL,v 1.427 2017/08/13 08:48:30 christos Exp $
+# $NetBSD: ALL,v 1.428 2017/08/30 15:44:01 maxv Exp $
# From NetBSD: GENERIC,v 1.787 2006/10/01 18:37:54 bouyer Exp
#
# ALL machine description file
@@ -17,7 +17,7 @@
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "ALL-$Revision: 1.427 $"
+#ident "ALL-$Revision: 1.428 $"
maxusers 64 # estimated number of users
@@ -2225,7 +2225,6 @@
options KUE_DEBUG
options LANA_DEBUG
options LCD_DEBUG
-options LDT_DEBUG
options LEDEBUG
options LE_DEBUG
options LIFDEBUG
diff -r 6c1fc23c3b0d -r f5db2378b337 sys/arch/x86/x86/sys_machdep.c
--- a/sys/arch/x86/x86/sys_machdep.c Wed Aug 30 15:34:57 2017 +0000
+++ b/sys/arch/x86/x86/sys_machdep.c Wed Aug 30 15:44:01 2017 +0000
@@ -1,11 +1,11 @@
-/* $NetBSD: sys_machdep.c,v 1.37 2017/08/12 07:21:57 maxv Exp $ */
+/* $NetBSD: sys_machdep.c,v 1.38 2017/08/30 15:44:01 maxv Exp $ */
-/*-
- * Copyright (c) 1998, 2007, 2009 The NetBSD Foundation, Inc.
+/*
+ * Copyright (c) 1998, 2007, 2009, 2017 The NetBSD Foundation, Inc.
* All rights reserved.
*
* This code is derived from software contributed to The NetBSD Foundation
- * by Charles M. Hannum, and by Andrew Doran.
+ * by Charles M. Hannum, by Andrew Doran, and by Maxime Villard.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: sys_machdep.c,v 1.37 2017/08/12 07:21:57 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: sys_machdep.c,v 1.38 2017/08/30 15:44:01 maxv Exp $");
#include "opt_mtrr.h"
#include "opt_pmc.h"
@@ -110,19 +110,6 @@
int x86_get_sdbase32(void *, char);
int x86_get_sdbase(void *, char);
-#if defined(USER_LDT) && defined(LDT_DEBUG)
-static void x86_print_ldt(int, const struct segment_descriptor *);
-
-static void
-x86_print_ldt(int i, const struct segment_descriptor *d)
-{
- printf("[%d] lolimit=0x%x, lobase=0x%x, type=%u, dpl=%u, p=%u, "
- "hilimit=0x%x, xx=%x, def32=%u, gran=%u, hibase=0x%x\n",
- i, d->sd_lolimit, d->sd_lobase, d->sd_type, d->sd_dpl, d->sd_p,
- d->sd_hilimit, d->sd_xx, d->sd_def32, d->sd_gran, d->sd_hibase);
-}
-#endif
-
int
x86_get_ldt(struct lwp *l, void *args, register_t *retval)
{
@@ -165,24 +152,23 @@
int nldt, num;
union descriptor *lp;
+#ifdef __x86_64__
+ const size_t min_ldt_size = LDT_SIZE;
+#else
+ const size_t min_ldt_size = NLDT * sizeof(union descriptor);
+#endif
+
error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_LDT_GET,
NULL, NULL, NULL, NULL);
if (error)
- return (error);
-
-#ifdef LDT_DEBUG
- printf("x86_get_ldt: start=%d num=%d descs=%p\n", ua->start,
- ua->num, ua->desc);
-#endif
+ return error;
if (ua->start < 0 || ua->num < 0 || ua->start > 8192 || ua->num > 8192 ||
ua->start + ua->num > 8192)
- return (EINVAL);
+ return EINVAL;
-#ifdef __x86_64__
- if (ua->start * sizeof(union descriptor) < LDT_SIZE)
+ if (ua->start * sizeof(union descriptor) < min_ldt_size)
return EINVAL;
-#endif
mutex_enter(&cpu_lock);
@@ -200,19 +186,12 @@
if (ua->start > nldt) {
mutex_exit(&cpu_lock);
- return (EINVAL);
+ return EINVAL;
}
lp += ua->start;
num = min(ua->num, nldt - ua->start);
ua->num = num;
-#ifdef LDT_DEBUG
- {
- int i;
- for (i = 0; i < num; i++)
- x86_print_ldt(i, &lp[i].sd);
- }
-#endif
memcpy(cp, lp, num * sizeof(union descriptor));
mutex_exit(&cpu_lock);
@@ -232,7 +211,7 @@
int error;
if ((error = copyin(args, &ua, sizeof(ua))) != 0)
- return (error);
+ return error;
if (ua.num < 0 || ua.num > 8192)
return EINVAL;
@@ -273,16 +252,14 @@
error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_LDT_SET,
NULL, NULL, NULL, NULL);
if (error)
- return (error);
+ return error;
if (ua->start < 0 || ua->num < 0 || ua->start > 8192 || ua->num > 8192 ||
ua->start + ua->num > 8192)
- return (EINVAL);
+ return EINVAL;
-#ifdef __x86_64__
- if (ua->start * sizeof(union descriptor) < LDT_SIZE)
+ if (ua->start * sizeof(union descriptor) < min_ldt_size)
return EINVAL;
-#endif
/* Check descriptors for access violations. */
for (i = 0; i < ua->num; i++) {
@@ -292,29 +269,6 @@
case SDT_SYSNULL:
desc->sd.sd_p = 0;
break;
-#ifdef __x86_64__
- case SDT_SYS286CGT:
- case SDT_SYS386CGT:
- /* We don't allow these on amd64. */
- return EACCES;
-#else
- case SDT_SYS286CGT:
- case SDT_SYS386CGT:
- /*
- * Only allow call gates targeting a segment
- * in the LDT or a user segment in the fixed
- * part of the gdt. Segments in the LDT are
- * constrained (below) to be user segments.
- */
- if (desc->gd.gd_p != 0 &&
- !ISLDT(desc->gd.gd_selector) &&
- ((IDXSEL(desc->gd.gd_selector) >= NGDT) ||
- (gdtstore[IDXSEL(desc->gd.gd_selector)].sd.sd_dpl !=
- SEL_UPL))) {
- return EACCES;
- }
- break;
-#endif
case SDT_MEMEC:
case SDT_MEMEAC:
case SDT_MEMERC:
@@ -337,13 +291,7 @@
case SDT_MEMERA:
break;
default:
- /*
- * Make sure that unknown descriptor types are
- * not marked present.
- */
- if (desc->sd.sd_p != 0)
- return EACCES;
- break;
+ return EACCES;
}
if (desc->sd.sd_p != 0) {
@@ -441,7 +389,7 @@
error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_IOPL,
NULL, NULL, NULL, NULL);
if (error)
- return (error);
+ return error;
if ((error = copyin(args, &ua, sizeof(ua))) != 0)
return error;
@@ -492,10 +440,10 @@
error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_IOPERM_GET,
NULL, NULL, NULL, NULL);
if (error)
- return (error);
+ return error;
if ((error = copyin(args, &ua, sizeof(ua))) != 0)
- return (error);
+ return error;
iomap = pcb->pcb_iomap;
if (iomap == NULL) {
@@ -526,10 +474,10 @@
error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_IOPERM_SET,
NULL, NULL, NULL, NULL);
if (error)
- return (error);
+ return error;
if ((error = copyin(args, &ua, sizeof(ua))) != 0)
- return (error);
+ return error;
new = kmem_alloc(IOMAPSIZE, KM_SLEEP);
error = copyin(ua.iomap, new, IOMAPSIZE);
@@ -569,7 +517,7 @@
error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_MTRR_GET,
NULL, NULL, NULL, NULL);
if (error)
- return (error);
+ return error;
error = copyin(args, &ua, sizeof ua);
if (error != 0)
@@ -604,7 +552,7 @@
error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_MTRR_SET,
NULL, NULL, NULL, NULL);
if (error)
- return (error);
+ return error;
error = copyin(args, &ua, sizeof ua);
if (error != 0)
@@ -868,7 +816,7 @@
error = EINVAL;
break;
}
- return (error);
+ return error;
}
int
Home |
Main Index |
Thread Index |
Old Index