[Qemu-devel] [PATCH] efault - verify pages are in cache and are read/write

Wed, 31 Oct 2007 14:38:40 -0800 

This patch adds the function page_check_range() to verify that pages are
in the cache and that they are appropriately readable/writable.  It also
hooks up access_ok() to page_check_range() so that code patterns are
similar to kernel code.

When copying data from user space access_ok() is used to check that
pages are readable.  When copying data to user space access_ok() is used
to check that pages are writable.

Index: qemu/exec.c
===================================================================
--- qemu.orig/exec.c	2007-10-31 10:49:10.000000000 -0600
+++ qemu/exec.c	2007-10-31 10:55:50.000000000 -0600
@@ -1875,6 +1875,33 @@
     spin_unlock(&tb_lock);
 }
 
+int page_check_range(target_ulong start, target_ulong len, int flags)
+{
+    PageDesc *p;
+    target_ulong end;
+    target_ulong addr;
+
+    end = TARGET_PAGE_ALIGN(start+len); /* must do before we loose bits in the next step */
+    start = start & TARGET_PAGE_MASK;
+
+    if( end < start )
+        /* we've wrapped around */
+        return -1;
+    for(addr = start; addr < end; addr += TARGET_PAGE_SIZE) {
+        p = page_find(addr >> TARGET_PAGE_BITS);
+        if( !p )
+            return -1;
+        if( !(p->flags & PAGE_VALID) )
+            return -1;
+
+        if (!(p->flags & PAGE_READ) && (flags & PAGE_READ) )
+            return -1;
+        if (!(p->flags & PAGE_WRITE) && (flags & PAGE_WRITE) )
+            return -1;
+    }
+    return 0;
+}
+
 /* called from signal handler: invalidate the code and unprotect the
    page. Return TRUE if the fault was succesfully handled. */
 int page_unprotect(target_ulong address, unsigned long pc, void *puc)
Index: qemu/cpu-all.h
===================================================================
--- qemu.orig/cpu-all.h	2007-10-31 10:49:10.000000000 -0600
+++ qemu/cpu-all.h	2007-10-31 10:55:50.000000000 -0600
@@ -691,6 +691,7 @@
 int page_get_flags(target_ulong address);
 void page_set_flags(target_ulong start, target_ulong end, int flags);
 void page_unprotect_range(target_ulong data, target_ulong data_size);
+int page_check_range(target_ulong start, target_ulong len, int flags);
 
 CPUState *cpu_copy(CPUState *env);
 
Index: qemu/linux-user/qemu.h
===================================================================
--- qemu.orig/linux-user/qemu.h	2007-10-31 10:55:48.000000000 -0600
+++ qemu/linux-user/qemu.h	2007-10-31 10:55:50.000000000 -0600
@@ -185,7 +185,8 @@
 #define VERIFY_READ 0
 #define VERIFY_WRITE 1
 
-#define access_ok(type,addr,size) (1)
+#define access_ok(type,addr,size) \
+    (page_check_range((target_ulong)addr,size,(type==VERIFY_READ)?PAGE_READ:PAGE_WRITE)==0)
 
 /* NOTE get_user and put_user use host addresses.  */
 #define __put_user(x,ptr)\

Reply via email to