Module Name:    src
Committed By:   maxv
Date:           Fri Sep 16 11:48:10 UTC 2016

Modified Files:
        src/sys/arch/amd64/amd64: trap.c
        src/sys/arch/i386/i386: trap.c

Log Message:
Put two KASSERTs, to make sure the fault is happening in the correct
half of the vm space when using special copy functions. It can detect
bugs where the kernel would fault when copying a kernel buffer which
it wrongly believes comes from userland.


To generate a diff of this commit:
cvs rdiff -u -r1.84 -r1.85 src/sys/arch/amd64/amd64/trap.c
cvs rdiff -u -r1.278 -r1.279 src/sys/arch/i386/i386/trap.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/arch/amd64/amd64/trap.c
diff -u src/sys/arch/amd64/amd64/trap.c:1.84 src/sys/arch/amd64/amd64/trap.c:1.85
--- src/sys/arch/amd64/amd64/trap.c:1.84	Thu Aug 11 14:58:29 2016
+++ src/sys/arch/amd64/amd64/trap.c	Fri Sep 16 11:48:10 2016
@@ -1,4 +1,4 @@
-/*	$NetBSD: trap.c,v 1.84 2016/08/11 14:58:29 maxv Exp $	*/
+/*	$NetBSD: trap.c,v 1.85 2016/09/16 11:48:10 maxv Exp $	*/
 
 /*-
  * Copyright (c) 1998, 2000 The NetBSD Foundation, Inc.
@@ -68,7 +68,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: trap.c,v 1.84 2016/08/11 14:58:29 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: trap.c,v 1.85 2016/09/16 11:48:10 maxv Exp $");
 
 #include "opt_ddb.h"
 #include "opt_kgdb.h"
@@ -310,6 +310,10 @@ trap(struct trapframe *frame)
 copyefault:
 			error = EFAULT;
 copyfault:
+			KASSERT(onfault == kcopy_fault ||
+			    rcr2() < VM_MAXUSER_ADDRESS);
+			KASSERT(onfault != kcopy_fault ||
+			    rcr2() >= VM_MAXUSER_ADDRESS);
 			frame->tf_rip = (uintptr_t)onfault;
 			frame->tf_rax = error;
 			return;

Index: src/sys/arch/i386/i386/trap.c
diff -u src/sys/arch/i386/i386/trap.c:1.278 src/sys/arch/i386/i386/trap.c:1.279
--- src/sys/arch/i386/i386/trap.c:1.278	Thu Aug 11 15:03:23 2016
+++ src/sys/arch/i386/i386/trap.c	Fri Sep 16 11:48:10 2016
@@ -1,4 +1,4 @@
-/*	$NetBSD: trap.c,v 1.278 2016/08/11 15:03:23 maxv Exp $	*/
+/*	$NetBSD: trap.c,v 1.279 2016/09/16 11:48:10 maxv Exp $	*/
 
 /*-
  * Copyright (c) 1998, 2000, 2005, 2006, 2007, 2008 The NetBSD Foundation, Inc.
@@ -68,7 +68,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: trap.c,v 1.278 2016/08/11 15:03:23 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: trap.c,v 1.279 2016/09/16 11:48:10 maxv Exp $");
 
 #include "opt_ddb.h"
 #include "opt_kgdb.h"
@@ -354,6 +354,10 @@ trap(struct trapframe *frame)
 copyefault:
 			error = EFAULT;
 copyfault:
+			KASSERT(onfault == kcopy_fault ||
+			    rcr2() < VM_MAXUSER_ADDRESS);
+			KASSERT(onfault != kcopy_fault ||
+			    rcr2() >= VM_MAXUSER_ADDRESS);
 			frame->tf_eip = (uintptr_t)onfault;
 			frame->tf_eax = error;
 			return;

Reply via email to