Date: Mon, 11 Nov 2013 23:37:17 +0000 (UTC) From: Nathan Whitehorn <nwhitehorn@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r258024 - in head/sys: conf powerpc/aim powerpc/booke powerpc/powerpc Message-ID: <201311112337.rABNbHn8067862@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: nwhitehorn Date: Mon Nov 11 23:37:16 2013 New Revision: 258024 URL: http://svnweb.freebsd.org/changeset/base/258024 Log: Use the same implementation of copyinout.c for both AIM and Book-E. This fixes some bugs in both implementations related to validity checks on mapping bounds. Added: head/sys/powerpc/powerpc/copyinout.c - copied, changed from r257990, head/sys/powerpc/aim/copyinout.c Deleted: head/sys/powerpc/aim/copyinout.c head/sys/powerpc/booke/copyinout.c Modified: head/sys/conf/files.powerpc Modified: head/sys/conf/files.powerpc ============================================================================== --- head/sys/conf/files.powerpc Mon Nov 11 22:07:56 2013 (r258023) +++ head/sys/conf/files.powerpc Mon Nov 11 23:37:16 2013 (r258024) @@ -86,7 +86,6 @@ libkern/qdivrem.c optional powerpc libkern/ucmpdi2.c optional powerpc libkern/udivdi3.c optional powerpc libkern/umoddi3.c optional powerpc -powerpc/aim/copyinout.c optional aim powerpc/aim/interrupt.c optional aim powerpc/aim/locore.S optional aim no-obj powerpc/aim/machdep.c optional aim @@ -98,7 +97,6 @@ powerpc/aim/mp_cpudep.c optional aim sm powerpc/aim/slb.c optional aim powerpc64 powerpc/aim/trap.c optional aim powerpc/aim/uma_machdep.c optional aim -powerpc/booke/copyinout.c optional booke powerpc/booke/interrupt.c optional booke powerpc/booke/locore.S optional booke no-obj powerpc/booke/machdep.c optional booke @@ -173,6 +171,7 @@ powerpc/powerpc/bcopy.c standard powerpc/powerpc/bus_machdep.c standard powerpc/powerpc/busdma_machdep.c standard powerpc/powerpc/clock.c standard +powerpc/powerpc/copyinout.c standard powerpc/powerpc/copystr.c standard powerpc/powerpc/cpu.c standard powerpc/powerpc/db_disasm.c optional ddb Copied and modified: head/sys/powerpc/powerpc/copyinout.c (from r257990, head/sys/powerpc/aim/copyinout.c) ============================================================================== --- head/sys/powerpc/aim/copyinout.c Mon Nov 11 14:08:25 2013 (r257990, copy source) +++ head/sys/powerpc/powerpc/copyinout.c Mon Nov 11 23:37:16 2013 (r258024) @@ -69,9 +69,11 @@ __FBSDID("$FreeBSD$"); #include <machine/pcb.h> #include <machine/sr.h> #include <machine/slb.h> +#include <machine/vmparam.h> int setfault(faultbuf); /* defined in locore.S */ +#ifdef AIM /* * Makes sure that the right segment of userspace is mapped in. */ @@ -132,6 +134,43 @@ set_user_sr(pmap_t pm, const void *addr) } #endif +static __inline int +map_user_ptr(pmap_t pm, const void *uaddr, void **kaddr, size_t ulen, + size_t *klen) +{ + size_t l; + + *kaddr = (char *)USER_ADDR + ((uintptr_t)uaddr & ~SEGMENT_MASK); + + l = ((char *)USER_ADDR + SEGMENT_LENGTH) - (char *)(*kaddr); + if (l > ulen) + l = ulen; + if (klen) + *klen = l; + else if (l != ulen) + return (EFAULT); + + set_user_sr(pm, uaddr); + + return (0); +} +#else /* Book-E uses a combined kernel/user mapping */ +static __inline int +map_user_ptr(pmap_t pm, const void *uaddr, void **kaddr, size_t ulen, + size_t *klen) +{ + + if ((uintptr_t)uaddr + ulen > VM_MAXUSER_ADDRESS + PAGE_SIZE) + return (EFAULT); + + *kaddr = (void *)(uintptr_t)uaddr; + if (klen) + *klen = ulen; + + return (0); +} +#endif + int copyout(const void *kaddr, void *udaddr, size_t len) { @@ -154,13 +193,10 @@ copyout(const void *kaddr, void *udaddr, up = udaddr; while (len > 0) { - p = (char *)USER_ADDR + ((uintptr_t)up & ~SEGMENT_MASK); - - l = ((char *)USER_ADDR + SEGMENT_LENGTH) - p; - if (l > len) - l = len; - - set_user_sr(pm,up); + if (map_user_ptr(pm, udaddr, (void **)&p, len, &l)) { + td->td_pcb->pcb_onfault = NULL; + return (-1); + } bcopy(kp, p, l); @@ -195,13 +231,10 @@ copyin(const void *udaddr, void *kaddr, up = udaddr; while (len > 0) { - p = (char *)USER_ADDR + ((uintptr_t)up & ~SEGMENT_MASK); - - l = ((char *)USER_ADDR + SEGMENT_LENGTH) - p; - if (l > len) - l = len; - - set_user_sr(pm,up); + if (map_user_ptr(pm, udaddr, (void **)&p, len, &l)) { + td->td_pcb->pcb_onfault = NULL; + return (-1); + } bcopy(p, kp, l); @@ -269,14 +302,16 @@ subyte(void *addr, int byte) td = curthread; pm = &td->td_proc->p_vmspace->vm_pmap; - p = (char *)(USER_ADDR + ((uintptr_t)addr & ~SEGMENT_MASK)); if (setfault(env)) { td->td_pcb->pcb_onfault = NULL; return (-1); } - set_user_sr(pm,addr); + if (map_user_ptr(pm, addr, (void **)&p, sizeof(*p), NULL)) { + td->td_pcb->pcb_onfault = NULL; + return (-1); + } *p = (char)byte; @@ -295,14 +330,16 @@ suword32(void *addr, int word) td = curthread; pm = &td->td_proc->p_vmspace->vm_pmap; - p = (int *)(USER_ADDR + ((uintptr_t)addr & ~SEGMENT_MASK)); if (setfault(env)) { td->td_pcb->pcb_onfault = NULL; return (-1); } - set_user_sr(pm,addr); + if (map_user_ptr(pm, addr, (void **)&p, sizeof(*p), NULL)) { + td->td_pcb->pcb_onfault = NULL; + return (-1); + } *p = word; @@ -321,14 +358,16 @@ suword(void *addr, long word) td = curthread; pm = &td->td_proc->p_vmspace->vm_pmap; - p = (long *)(USER_ADDR + ((uintptr_t)addr & ~SEGMENT_MASK)); if (setfault(env)) { td->td_pcb->pcb_onfault = NULL; return (-1); } - set_user_sr(pm,addr); + if (map_user_ptr(pm, addr, (void **)&p, sizeof(*p), NULL)) { + td->td_pcb->pcb_onfault = NULL; + return (-1); + } *p = word; @@ -361,14 +400,16 @@ fubyte(const void *addr) td = curthread; pm = &td->td_proc->p_vmspace->vm_pmap; - p = (u_char *)(USER_ADDR + ((uintptr_t)addr & ~SEGMENT_MASK)); if (setfault(env)) { td->td_pcb->pcb_onfault = NULL; return (-1); } - set_user_sr(pm,addr); + if (map_user_ptr(pm, addr, (void **)&p, sizeof(*p), NULL)) { + td->td_pcb->pcb_onfault = NULL; + return (-1); + } val = *p; @@ -387,14 +428,16 @@ fuword32(const void *addr) td = curthread; pm = &td->td_proc->p_vmspace->vm_pmap; - p = (int32_t *)(USER_ADDR + ((uintptr_t)addr & ~SEGMENT_MASK)); if (setfault(env)) { td->td_pcb->pcb_onfault = NULL; return (-1); } - set_user_sr(pm,addr); + if (map_user_ptr(pm, addr, (void **)&p, sizeof(*p), NULL)) { + td->td_pcb->pcb_onfault = NULL; + return (-1); + } val = *p; @@ -413,14 +456,16 @@ fuword(const void *addr) td = curthread; pm = &td->td_proc->p_vmspace->vm_pmap; - p = (long *)(USER_ADDR + ((uintptr_t)addr & ~SEGMENT_MASK)); if (setfault(env)) { td->td_pcb->pcb_onfault = NULL; return (-1); } - set_user_sr(pm,addr); + if (map_user_ptr(pm, addr, (void **)&p, sizeof(*p), NULL)) { + td->td_pcb->pcb_onfault = NULL; + return (-1); + } val = *p; @@ -446,15 +491,18 @@ casuword32(volatile uint32_t *addr, uint td = curthread; pm = &td->td_proc->p_vmspace->vm_pmap; - p = (uint32_t *)(USER_ADDR + ((uintptr_t)addr & ~SEGMENT_MASK)); - - set_user_sr(pm,(const void *)(vm_offset_t)addr); if (setfault(env)) { td->td_pcb->pcb_onfault = NULL; return (-1); } + if (map_user_ptr(pm, (void *)(uintptr_t)addr, (void **)&p, sizeof(*p), + NULL)) { + td->td_pcb->pcb_onfault = NULL; + return (-1); + } + __asm __volatile ( "1:\tlwarx %0, 0, %2\n\t" /* load old value */ "cmplw %3, %0\n\t" /* compare */ @@ -491,15 +539,18 @@ casuword(volatile u_long *addr, u_long o td = curthread; pm = &td->td_proc->p_vmspace->vm_pmap; - p = (u_long *)(USER_ADDR + ((uintptr_t)addr & ~SEGMENT_MASK)); - - set_user_sr(pm,(const void *)(vm_offset_t)addr); if (setfault(env)) { td->td_pcb->pcb_onfault = NULL; return (-1); } + if (map_user_ptr(pm, (void *)(uintptr_t)addr, (void **)&p, sizeof(*p), + NULL)) { + td->td_pcb->pcb_onfault = NULL; + return (-1); + } + __asm __volatile ( "1:\tldarx %0, 0, %2\n\t" /* load old value */ "cmpld %3, %0\n\t" /* compare */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201311112337.rABNbHn8067862>