Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 9 Jul 2005 12:19:37 +0530
From:      Joseph Koshy <joseph.koshy@gmail.com>
To:        freebsd-amd64@freebsd.org
Subject:   [patch] restrict amd64_set_{f,g}sbase() to values inside user VA
Message-ID:  <84dead720507082349d02ece0@mail.gmail.com>
next in thread | raw e-mail | index | archive | help 
------=_Part_1079_19140310.1120891777115
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Does anyone have objections to the following patch?

It restricts the values that can be loaded into the FS.base and
GS.base MSRs for user processes to those inside of user VA=20
(0..(1<<47) today).

These values are used as the base addresses for FS- and GS-
relative addressing, when a FS: or GS: segment override
is specified in an instruction.


--=20
FreeBSD Volunteer,     http://people.freebsd.org/~jkoshy

------=_Part_1079_19140310.1120891777115
Content-Type: text/plain; name=amd64-patch.txt; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="amd64-patch.txt"

--- SRC/sys/amd64/amd64/sys_machdep.c	Thu Apr 14 22:27:58 2005
+++ DST/sys/amd64/amd64/sys_machdep.c	Wed Jul  6 09:12:04 2005
@@ -38,9 +38,14 @@
 #include <sys/lock.h>
 #include <sys/proc.h>
 #include <sys/sysproto.h>
+
 #include <machine/specialreg.h>
 #include <machine/sysarch.h>
 #include <machine/pcb.h>
+#include <machine/vmparam.h>
+
+#include <vm/vm.h>
+#include <vm/pmap.h>
 
 #ifndef _SYS_SYSPROTO_H_
 struct sysarch_args {
@@ -57,6 +62,7 @@
 	int error = 0;
 	struct pcb *pcb = curthread->td_pcb;
 	uint32_t i386base;
+	uint64_t amd64base;
 
 	switch(uap->op) {
 	case I386_GET_FSBASE:
@@ -85,8 +91,12 @@
 		
 	case AMD64_SET_FSBASE:
 		error = copyin(uap->parms, &pcb->pcb_fsbase, sizeof(pcb->pcb_fsbase));
-		if (!error)
+		if (!error && amd64base >= VM_MAXUSER_ADDRESS)
+			error = EINVAL;
+		else {
+			pcb->pcb_fsbase = amd64base;
 			wrmsr(MSR_FSBASE, pcb->pcb_fsbase);
+		}
 		break;
 
 	case AMD64_GET_GSBASE:
@@ -94,9 +104,13 @@
 		break;
 
 	case AMD64_SET_GSBASE:
-		error = copyin(uap->parms, &pcb->pcb_gsbase, sizeof(pcb->pcb_gsbase));
-		if (!error)
+		error = copyin(uap->parms, &amd64base, sizeof(amd64base));
+		if (!error && amd64base >= VM_MAXUSER_ADDRESS)
+			error = EINVAL;
+		else {
+			pcb->pcb_gsbase = amd64base;
 			wrmsr(MSR_KGSBASE, pcb->pcb_gsbase);
+		}
 		break;
 
 	default:















------=_Part_1079_19140310.1120891777115--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?84dead720507082349d02ece0>