From owner-svn-src-head@freebsd.org Mon Oct 19 12:06:17 2020 Return-Path: Delivered-To: svn-src-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 726E844E40C; Mon, 19 Oct 2020 12:06:17 +0000 (UTC) (envelope-from andrew@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4CFFpd27w8z4Wcg; Mon, 19 Oct 2020 12:06:17 +0000 (UTC) (envelope-from andrew@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 2C9C1231F0; Mon, 19 Oct 2020 12:06:17 +0000 (UTC) (envelope-from andrew@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 09JC6HYL063684; Mon, 19 Oct 2020 12:06:17 GMT (envelope-from andrew@FreeBSD.org) Received: (from andrew@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 09JC6Gi0063682; Mon, 19 Oct 2020 12:06:16 GMT (envelope-from andrew@FreeBSD.org) Message-Id: <202010191206.09JC6Gi0063682@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: andrew set sender to andrew@FreeBSD.org using -f From: Andrew Turner Date: Mon, 19 Oct 2020 12:06:16 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r366831 - head/sys/arm64/arm64 X-SVN-Group: head X-SVN-Commit-Author: andrew X-SVN-Commit-Paths: head/sys/arm64/arm64 X-SVN-Commit-Revision: 366831 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Oct 2020 12:06:17 -0000 Author: andrew Date: Mon Oct 19 12:06:16 2020 New Revision: 366831 URL: https://svnweb.freebsd.org/changeset/base/366831 Log: Move the arm64 userspace access checks to macros In the functions that copy between userspace and kernel space we check the user space address is valid before performing the copy. These are mostly identical within each type of function so create two macros to perform the check. Obtained from: CheriBSD Sponsored by: Innovate UK Modified: head/sys/arm64/arm64/copyinout.S head/sys/arm64/arm64/support.S Modified: head/sys/arm64/arm64/copyinout.S ============================================================================== --- head/sys/arm64/arm64/copyinout.S Mon Oct 19 10:38:40 2020 (r366830) +++ head/sys/arm64/arm64/copyinout.S Mon Oct 19 12:06:16 2020 (r366831) @@ -37,6 +37,14 @@ __FBSDID("$FreeBSD$"); #include "assym.inc" +.macro check_user_access user_arg, size_arg, bad_access_func + adds x6, x\user_arg, x\size_arg + b.cs \bad_access_func + ldr x7, =VM_MAXUSER_ADDRESS + cmp x6, x7 + b.hi \bad_access_func +.endm + /* * Fault handler for the copy{in,out} functions below. */ @@ -55,11 +63,7 @@ END(copyio_fault) */ ENTRY(copyout) cbz x2, 1f - adds x3, x1, x2 - b.cs copyio_fault_nopcb - ldr x4, =VM_MAXUSER_ADDRESS - cmp x3, x4 - b.hi copyio_fault_nopcb + check_user_access 1, 2, copyio_fault_nopcb b copycommon @@ -75,11 +79,7 @@ END(copyout) */ ENTRY(copyin) cbz x2, 1f - adds x3, x0, x2 - b.cs copyio_fault_nopcb - ldr x4, =VM_MAXUSER_ADDRESS - cmp x3, x4 - b.hi copyio_fault_nopcb + check_user_access 0, 2, copyio_fault_nopcb b copycommon Modified: head/sys/arm64/arm64/support.S ============================================================================== --- head/sys/arm64/arm64/support.S Mon Oct 19 10:38:40 2020 (r366830) +++ head/sys/arm64/arm64/support.S Mon Oct 19 12:06:16 2020 (r366831) @@ -38,6 +38,12 @@ __FBSDID("$FreeBSD$"); #include "assym.inc" +.macro check_user_access user_arg, limit, bad_addr_func + ldr x7, =(\limit) + cmp x\user_arg, x7 + b.cs \bad_addr_func +.endm + /* * One of the fu* or su* functions failed, return -1. */ @@ -53,9 +59,7 @@ END(fsu_fault) * int casueword32(volatile uint32_t *, uint32_t, uint32_t *, uint32_t) */ ENTRY(casueword32) - ldr x4, =(VM_MAXUSER_ADDRESS-3) - cmp x0, x4 - b.cs fsu_fault_nopcb + check_user_access 0, (VM_MAXUSER_ADDRESS-3), fsu_fault_nopcb adr x6, fsu_fault /* Load the fault handler */ mov w5, #1 SET_FAULT_HANDLER(x6, x4) /* And set it */ @@ -75,9 +79,7 @@ END(casueword32) * int casueword(volatile u_long *, u_long, u_long *, u_long) */ ENTRY(casueword) - ldr x4, =(VM_MAXUSER_ADDRESS-7) - cmp x0, x4 - b.cs fsu_fault_nopcb + check_user_access 0, (VM_MAXUSER_ADDRESS-7), fsu_fault_nopcb adr x6, fsu_fault /* Load the fault handler */ mov w5, #1 SET_FAULT_HANDLER(x6, x4) /* And set it */ @@ -97,9 +99,7 @@ END(casueword) * int fubyte(volatile const void *) */ ENTRY(fubyte) - ldr x1, =VM_MAXUSER_ADDRESS - cmp x0, x1 - b.cs fsu_fault_nopcb + check_user_access 0, (VM_MAXUSER_ADDRESS), fsu_fault_nopcb adr x6, fsu_fault /* Load the fault handler */ SET_FAULT_HANDLER(x6, x1) /* And set it */ ldtrb w0, [x0] /* Try loading the data */ @@ -111,9 +111,7 @@ END(fubyte) * int fuword(volatile const void *) */ ENTRY(fuword16) - ldr x1, =(VM_MAXUSER_ADDRESS-1) - cmp x0, x1 - b.cs fsu_fault_nopcb + check_user_access 0, (VM_MAXUSER_ADDRESS-1), fsu_fault_nopcb adr x6, fsu_fault /* Load the fault handler */ SET_FAULT_HANDLER(x6, x1) /* And set it */ ldtrh w0, [x0] /* Try loading the data */ @@ -125,9 +123,7 @@ END(fuword16) * int32_t fueword32(volatile const void *, int32_t *) */ ENTRY(fueword32) - ldr x2, =(VM_MAXUSER_ADDRESS-3) - cmp x0, x2 - b.cs fsu_fault_nopcb + check_user_access 0, (VM_MAXUSER_ADDRESS-3), fsu_fault_nopcb adr x6, fsu_fault /* Load the fault handler */ SET_FAULT_HANDLER(x6, x2) /* And set it */ ldtr w0, [x0] /* Try loading the data */ @@ -143,9 +139,7 @@ END(fueword32) */ ENTRY(fueword) EENTRY(fueword64) - ldr x2, =(VM_MAXUSER_ADDRESS-7) - cmp x0, x2 - b.cs fsu_fault_nopcb + check_user_access 0, (VM_MAXUSER_ADDRESS-7), fsu_fault_nopcb adr x6, fsu_fault /* Load the fault handler */ SET_FAULT_HANDLER(x6, x2) /* And set it */ ldtr x0, [x0] /* Try loading the data */ @@ -160,9 +154,7 @@ END(fueword) * int subyte(volatile void *, int) */ ENTRY(subyte) - ldr x2, =VM_MAXUSER_ADDRESS - cmp x0, x2 - b.cs fsu_fault_nopcb + check_user_access 0, (VM_MAXUSER_ADDRESS), fsu_fault_nopcb adr x6, fsu_fault /* Load the fault handler */ SET_FAULT_HANDLER(x6, x2) /* And set it */ sttrb w1, [x0] /* Try storing the data */ @@ -175,9 +167,7 @@ END(subyte) * int suword16(volatile void *, int) */ ENTRY(suword16) - ldr x2, =(VM_MAXUSER_ADDRESS-1) - cmp x0, x2 - b.cs fsu_fault_nopcb + check_user_access 0, (VM_MAXUSER_ADDRESS-1), fsu_fault_nopcb adr x6, fsu_fault /* Load the fault handler */ SET_FAULT_HANDLER(x6, x2) /* And set it */ sttrh w1, [x0] /* Try storing the data */ @@ -190,9 +180,7 @@ END(suword16) * int suword32(volatile void *, int) */ ENTRY(suword32) - ldr x2, =(VM_MAXUSER_ADDRESS-3) - cmp x0, x2 - b.cs fsu_fault_nopcb + check_user_access 0, (VM_MAXUSER_ADDRESS-3), fsu_fault_nopcb adr x6, fsu_fault /* Load the fault handler */ SET_FAULT_HANDLER(x6, x2) /* And set it */ sttr w1, [x0] /* Try storing the data */ @@ -206,9 +194,7 @@ END(suword32) */ ENTRY(suword) EENTRY(suword64) - ldr x2, =(VM_MAXUSER_ADDRESS-7) - cmp x0, x2 - b.cs fsu_fault_nopcb + check_user_access 0, (VM_MAXUSER_ADDRESS-7), fsu_fault_nopcb adr x6, fsu_fault /* Load the fault handler */ SET_FAULT_HANDLER(x6, x2) /* And set it */ sttr x1, [x0] /* Try storing the data */