CVS commit: [netbsd-9] src/sys/arch/amd64/amd64
Module Name:src Committed By: martin Date: Wed Nov 27 11:11:17 UTC 2019 Modified Files: src/sys/arch/amd64/amd64 [netbsd-9]: netbsd32_machdep.c Log Message: Pull up following revision(s) (requested by msaitoh in ticket #488): sys/arch/amd64/amd64/netbsd32_machdep.c: revision 1.126 Don't depend on #ifdef USER_LDT in cpu_mcontext32_validate(), but rather on whether the proc uses a user-set LDT. Same as check_sigcontext32(). To generate a diff of this commit: cvs rdiff -u -r1.125.2.1 -r1.125.2.2 \ src/sys/arch/amd64/amd64/netbsd32_machdep.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/amd64/amd64/netbsd32_machdep.c diff -u src/sys/arch/amd64/amd64/netbsd32_machdep.c:1.125.2.1 src/sys/arch/amd64/amd64/netbsd32_machdep.c:1.125.2.2 --- src/sys/arch/amd64/amd64/netbsd32_machdep.c:1.125.2.1 Thu Nov 21 14:02:33 2019 +++ src/sys/arch/amd64/amd64/netbsd32_machdep.c Wed Nov 27 11:11:17 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: netbsd32_machdep.c,v 1.125.2.1 2019/11/21 14:02:33 martin Exp $ */ +/* $NetBSD: netbsd32_machdep.c,v 1.125.2.2 2019/11/27 11:11:17 martin Exp $ */ /* * Copyright (c) 2001 Wasabi Systems, Inc. @@ -36,7 +36,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: netbsd32_machdep.c,v 1.125.2.1 2019/11/21 14:02:33 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: netbsd32_machdep.c,v 1.125.2.2 2019/11/27 11:11:17 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_compat_netbsd.h" @@ -905,12 +905,6 @@ startlwp32(void *arg) userret(l); } -/* - * For various reasons, the amd64 port can't do what the i386 port does, - * and relies on catching invalid user contexts on exit from the kernel. - * These functions perform the needed checks. - */ - int check_sigcontext32(struct lwp *l, const struct netbsd32_sigcontext *scp) { @@ -925,21 +919,22 @@ check_sigcontext32(struct lwp *l, const return EINVAL; if (__predict_false(pmap->pm_ldt != NULL)) { - /* Only when the LDT is user-set (with USER_LDT) */ + /* Allow unfamiliar segment register values (USER_LDT). */ if (!USERMODE(scp->sc_cs)) return EINVAL; } else { if (!VALID_USER_CSEL32(scp->sc_cs)) return EINVAL; if (scp->sc_fs != 0 && !VALID_USER_DSEL32(scp->sc_fs) && - !(VALID_USER_FSEL32(scp->sc_fs) && pcb->pcb_fs != 0)) + !(VALID_USER_FSEL32(scp->sc_fs) && pcb->pcb_fs != 0)) return EINVAL; if (scp->sc_gs != 0 && !VALID_USER_DSEL32(scp->sc_gs) && - !(VALID_USER_GSEL32(scp->sc_gs) && pcb->pcb_gs != 0)) + !(VALID_USER_GSEL32(scp->sc_gs) && pcb->pcb_gs != 0)) return EINVAL; if (scp->sc_es != 0 && !VALID_USER_DSEL32(scp->sc_es)) return EINVAL; - if (!VALID_USER_DSEL32(scp->sc_ds) || !VALID_USER_DSEL32(scp->sc_ss)) + if (!VALID_USER_DSEL32(scp->sc_ds) || + !VALID_USER_DSEL32(scp->sc_ss)) return EINVAL; } @@ -952,36 +947,37 @@ check_sigcontext32(struct lwp *l, const int cpu_mcontext32_validate(struct lwp *l, const mcontext32_t *mcp) { + struct pmap *pmap = l->l_proc->p_vmspace->vm_map.pmap; const __greg32_t *gr; struct trapframe *tf; + struct pcb *pcb; gr = mcp->__gregs; tf = l->l_md.md_regs; + pcb = lwp_getpcb(l); if (((gr[_REG32_EFL] ^ tf->tf_rflags) & PSL_USERSTATIC) != 0) return EINVAL; -#ifdef USER_LDT - /* Userland is allowed to have unfamiliar segment register values */ - if (!USERMODE(gr[_REG32_CS])) - return EINVAL; -#else - struct pcb *pcb = lwp_getpcb(l); - - if (!VALID_USER_CSEL32(gr[_REG32_CS])) - return EINVAL; - if (gr[_REG32_FS] != 0 && !VALID_USER_DSEL32(gr[_REG32_FS]) && - !(VALID_USER_FSEL32(gr[_REG32_FS]) && pcb->pcb_fs != 0)) - return EINVAL; - if (gr[_REG32_GS] != 0 && !VALID_USER_DSEL32(gr[_REG32_GS]) && - !(VALID_USER_GSEL32(gr[_REG32_GS]) && pcb->pcb_gs != 0)) - return EINVAL; - if (gr[_REG32_ES] != 0 && !VALID_USER_DSEL32(gr[_REG32_ES])) - return EINVAL; - if (!VALID_USER_DSEL32(gr[_REG32_DS]) || - !VALID_USER_DSEL32(gr[_REG32_SS])) - return EINVAL; -#endif + if (__predict_false(pmap->pm_ldt != NULL)) { + /* Allow unfamiliar segment register values (USER_LDT). */ + if (!USERMODE(gr[_REG32_CS])) + return EINVAL; + } else { + if (!VALID_USER_CSEL32(gr[_REG32_CS])) + return EINVAL; + if (gr[_REG32_FS] != 0 && !VALID_USER_DSEL32(gr[_REG32_FS]) && + !(VALID_USER_FSEL32(gr[_REG32_FS]) && pcb->pcb_fs != 0)) + return EINVAL; + if (gr[_REG32_GS] != 0 && !VALID_USER_DSEL32(gr[_REG32_GS]) && + !(VALID_USER_GSEL32(gr[_REG32_GS]) && pcb->pcb_gs != 0)) + return EINVAL; + if (gr[_REG32_ES] != 0 && !VALID_USER_DSEL32(gr[_REG32_ES])) + return EINVAL; + if (!VALID_USER_DSEL32(gr[_REG32_DS]) || + !VALID_USER_DSEL32(gr[_REG32_SS])) + return EINVAL; + } if (gr[_REG32_EIP] >= VM_MAXUSER_ADDRESS32) return EINVAL;
CVS commit: [netbsd-9] src/sys/arch/amd64/amd64
Module Name:src Committed By: martin Date: Wed Nov 27 11:11:17 UTC 2019 Modified Files: src/sys/arch/amd64/amd64 [netbsd-9]: netbsd32_machdep.c Log Message: Pull up following revision(s) (requested by msaitoh in ticket #488): sys/arch/amd64/amd64/netbsd32_machdep.c: revision 1.126 Don't depend on #ifdef USER_LDT in cpu_mcontext32_validate(), but rather on whether the proc uses a user-set LDT. Same as check_sigcontext32(). To generate a diff of this commit: cvs rdiff -u -r1.125.2.1 -r1.125.2.2 \ src/sys/arch/amd64/amd64/netbsd32_machdep.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-9] src/sys/arch/amd64/amd64
Module Name:src Committed By: martin Date: Thu Nov 21 14:02:33 UTC 2019 Modified Files: src/sys/arch/amd64/amd64 [netbsd-9]: netbsd32_machdep.c Log Message: Pull up following revision(s) (requested by rin in ticket #460): sys/arch/amd64/amd64/netbsd32_machdep.c: revision 1.130 Fix netbsd32_process_write_dbregs() for amd64: - Zero-clear regs64 so that random values are not written into the preserved registers. - Cast 32-bit registers (int) to u_int, in order to avoid undesired sign extension when filled into 64-bit registers (long). XXX pullup to netbsd-9 To generate a diff of this commit: cvs rdiff -u -r1.125 -r1.125.2.1 src/sys/arch/amd64/amd64/netbsd32_machdep.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-9] src/sys/arch/amd64/amd64
Module Name:src Committed By: martin Date: Thu Nov 21 14:02:33 UTC 2019 Modified Files: src/sys/arch/amd64/amd64 [netbsd-9]: netbsd32_machdep.c Log Message: Pull up following revision(s) (requested by rin in ticket #460): sys/arch/amd64/amd64/netbsd32_machdep.c: revision 1.130 Fix netbsd32_process_write_dbregs() for amd64: - Zero-clear regs64 so that random values are not written into the preserved registers. - Cast 32-bit registers (int) to u_int, in order to avoid undesired sign extension when filled into 64-bit registers (long). XXX pullup to netbsd-9 To generate a diff of this commit: cvs rdiff -u -r1.125 -r1.125.2.1 src/sys/arch/amd64/amd64/netbsd32_machdep.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/amd64/amd64/netbsd32_machdep.c diff -u src/sys/arch/amd64/amd64/netbsd32_machdep.c:1.125 src/sys/arch/amd64/amd64/netbsd32_machdep.c:1.125.2.1 --- src/sys/arch/amd64/amd64/netbsd32_machdep.c:1.125 Sat Jul 20 18:25:11 2019 +++ src/sys/arch/amd64/amd64/netbsd32_machdep.c Thu Nov 21 14:02:33 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: netbsd32_machdep.c,v 1.125 2019/07/20 18:25:11 christos Exp $ */ +/* $NetBSD: netbsd32_machdep.c,v 1.125.2.1 2019/11/21 14:02:33 martin Exp $ */ /* * Copyright (c) 2001 Wasabi Systems, Inc. @@ -36,7 +36,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: netbsd32_machdep.c,v 1.125 2019/07/20 18:25:11 christos Exp $"); +__KERNEL_RCSID(0, "$NetBSD: netbsd32_machdep.c,v 1.125.2.1 2019/11/21 14:02:33 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_compat_netbsd.h" @@ -489,13 +489,15 @@ netbsd32_process_write_dbregs(struct lwp return EINVAL; } - regs64.dr[0] = regs->dr[0]; - regs64.dr[1] = regs->dr[1]; - regs64.dr[2] = regs->dr[2]; - regs64.dr[3] = regs->dr[3]; + memset(, 0, sizeof(regs64)); - regs64.dr[6] = regs->dr[6]; - regs64.dr[7] = regs->dr[7]; + regs64.dr[0] = (u_int)regs->dr[0]; + regs64.dr[1] = (u_int)regs->dr[1]; + regs64.dr[2] = (u_int)regs->dr[2]; + regs64.dr[3] = (u_int)regs->dr[3]; + + regs64.dr[6] = (u_int)regs->dr[6]; + regs64.dr[7] = (u_int)regs->dr[7]; x86_dbregs_write(l, ); return 0;
CVS commit: [netbsd-9] src/sys/arch/amd64/amd64
Module Name:src Committed By: martin Date: Tue Aug 6 16:14:33 UTC 2019 Modified Files: src/sys/arch/amd64/amd64 [netbsd-9]: process_machdep.c Log Message: Pull up following revision(s) (requested by kamil in ticket #19): sys/arch/amd64/amd64/process_machdep.c: revision 1.44 Do not dereference user pointer in ptrace_machdep_dorequest()/amd64 Always use copyin(9) for reading user memory. This fixes SMAP crash on some amd64 machines. Reported by To generate a diff of this commit: cvs rdiff -u -r1.43 -r1.43.2.1 src/sys/arch/amd64/amd64/process_machdep.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/amd64/amd64/process_machdep.c diff -u src/sys/arch/amd64/amd64/process_machdep.c:1.43 src/sys/arch/amd64/amd64/process_machdep.c:1.43.2.1 --- src/sys/arch/amd64/amd64/process_machdep.c:1.43 Wed Jul 24 16:36:47 2019 +++ src/sys/arch/amd64/amd64/process_machdep.c Tue Aug 6 16:14:33 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: process_machdep.c,v 1.43 2019/07/24 16:36:47 bouyer Exp $ */ +/* $NetBSD: process_machdep.c,v 1.43.2.1 2019/08/06 16:14:33 martin Exp $ */ /* * Copyright (c) 1998, 2000 The NetBSD Foundation, Inc. @@ -74,7 +74,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: process_machdep.c,v 1.43 2019/07/24 16:36:47 bouyer Exp $"); +__KERNEL_RCSID(0, "$NetBSD: process_machdep.c,v 1.43.2.1 2019/08/06 16:14:33 martin Exp $"); #include "opt_xen.h" #include @@ -327,14 +327,21 @@ ptrace_machdep_dorequest( if (!process_machdep_validxstate(lt->l_proc)) return EINVAL; if (__predict_false(l->l_proc->p_flag & PK_32)) { - struct netbsd32_iovec *user_iov = addr; - iov.iov_base = NETBSD32PTR64(user_iov->iov_base); - iov.iov_len = user_iov->iov_len; + struct netbsd32_iovec user_iov; + if ((error = copyin(addr, _iov, sizeof(user_iov))) + != 0) +return error; + + iov.iov_base = NETBSD32PTR64(user_iov.iov_base); + iov.iov_len = user_iov.iov_len; } else { - struct iovec *user_iov; - user_iov = (struct iovec*)addr; - iov.iov_base = user_iov->iov_base; - iov.iov_len = user_iov->iov_len; + struct iovec user_iov; + if ((error = copyin(addr, _iov, sizeof(user_iov))) + != 0) +return error; + + iov.iov_base = user_iov.iov_base; + iov.iov_len = user_iov.iov_len; } error = proc_vmspace_getref(l->l_proc, );
CVS commit: [netbsd-9] src/sys/arch/amd64/amd64
Module Name:src Committed By: martin Date: Tue Aug 6 16:14:33 UTC 2019 Modified Files: src/sys/arch/amd64/amd64 [netbsd-9]: process_machdep.c Log Message: Pull up following revision(s) (requested by kamil in ticket #19): sys/arch/amd64/amd64/process_machdep.c: revision 1.44 Do not dereference user pointer in ptrace_machdep_dorequest()/amd64 Always use copyin(9) for reading user memory. This fixes SMAP crash on some amd64 machines. Reported by To generate a diff of this commit: cvs rdiff -u -r1.43 -r1.43.2.1 src/sys/arch/amd64/amd64/process_machdep.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.