CVS commit: src/sys/arch

Sat, 19 Nov 2016 01:22:31 -0800 

Module Name:    src
Committed By:   maxv
Date:           Sat Nov 19 09:22:04 UTC 2016

Modified Files:
        src/sys/arch/amd64/include: vmparam.h
        src/sys/arch/i386/include: vmparam.h

Log Message:
Put a one-page redzone between userland and the PTE space on amd64 and
i386.

The PTE space is a critical region that maps the page tree, and bugs have
been found in both amd64 and i386 where the kernel would wrongly overflow
userland data on this area. This kind of bug is terrible, since it allows
userland to overwrite some entries of the page tree, which makes it easy
to patch the kernel text and get ring0 privileges.


To generate a diff of this commit:
cvs rdiff -u -r1.37 -r1.38 src/sys/arch/amd64/include/vmparam.h
cvs rdiff -u -r1.82 -r1.83 src/sys/arch/i386/include/vmparam.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/arch/amd64/include/vmparam.h
diff -u src/sys/arch/amd64/include/vmparam.h:1.37 src/sys/arch/amd64/include/vmparam.h:1.38
--- src/sys/arch/amd64/include/vmparam.h:1.37	Sun Aug  7 01:01:59 2016
+++ src/sys/arch/amd64/include/vmparam.h	Sat Nov 19 09:22:03 2016
@@ -1,4 +1,4 @@
-/*	$NetBSD: vmparam.h,v 1.37 2016/08/07 01:01:59 dholland Exp $	*/
+/*	$NetBSD: vmparam.h,v 1.38 2016/11/19 09:22:03 maxv Exp $	*/
 
 /*-
  * Copyright (c) 1990 The Regents of the University of California.
@@ -114,7 +114,7 @@
 
 /* user/kernel map constants */
 #define VM_MIN_ADDRESS		0
-#define VM_MAXUSER_ADDRESS	0x00007f8000000000
+#define VM_MAXUSER_ADDRESS	(0x00007f8000000000 - PAGE_SIZE)
 #define VM_MAX_ADDRESS		0x00007fbfdfeff000
 #ifndef XEN
 #define VM_MIN_KERNEL_ADDRESS	0xffff800000000000

Index: src/sys/arch/i386/include/vmparam.h
diff -u src/sys/arch/i386/include/vmparam.h:1.82 src/sys/arch/i386/include/vmparam.h:1.83
--- src/sys/arch/i386/include/vmparam.h:1.82	Sun Aug  7 01:02:00 2016
+++ src/sys/arch/i386/include/vmparam.h	Sat Nov 19 09:22:03 2016
@@ -1,4 +1,4 @@
-/*	$NetBSD: vmparam.h,v 1.82 2016/08/07 01:02:00 dholland Exp $	*/
+/*	$NetBSD: vmparam.h,v 1.83 2016/11/19 09:22:03 maxv Exp $	*/
 
 /*-
  * Copyright (c) 1990 The Regents of the University of California.
@@ -100,7 +100,7 @@
 
 /* user/kernel map constants */
 #define VM_MIN_ADDRESS		((vaddr_t)0)
-#define	VM_MAXUSER_ADDRESS	((vaddr_t)(PDIR_SLOT_PTE << L2_SHIFT))
+#define	VM_MAXUSER_ADDRESS	((vaddr_t)(PDIR_SLOT_PTE << L2_SHIFT) - PAGE_SIZE)
 #define	VM_MAX_ADDRESS		\
 	((vaddr_t)((PDIR_SLOT_PTE << L2_SHIFT) + (PDIR_SLOT_PTE << L1_SHIFT)))
 #define	VM_MIN_KERNEL_ADDRESS	((vaddr_t)(PDIR_SLOT_KERN << L2_SHIFT))

Reply via email to