From d0822e28934cd0387c2af4349cf52c52c368c55a Mon Sep 17 00:00:00 2001
From: Dave Brolley <brolley@redhat.com>
Date: Thu, 3 Sep 2009 17:19:05 -0400
Subject: Disallow kernel space memory access when unprivileged.

2009-09-03  Dave Brolley  <brolley@redhat.com>

        * runtime/addr-map.c (lookup_addr_aux): Now takes size argument.
        Consider the size when looking for overlapping range with the map
        entries.
        (lookup_bad_addr): Now takes size argument. Disallow kernel space access
        when STP_PRIVILEGED is not defined. Pass size to lookup_addr_aux.
        <asm/processor.h>: #include it when STP_PRIVILEGED is not defined.
        (add_bad_addr_entry): Supply a size of 1 to calls to lookup_addr_aux.
        * runtime/loc2c-runtime.h (kread): Pass sizeof (*(ptr)) to
        lookup_bad_addr.
        (kwrite): Likewise.
        (deref): Pass size to lookup_bad_addr.
        (store_deref): Likewise.
---
 runtime/loc2c-runtime.h | 28 ++++++++++++++--------------
 1 file changed, 14 insertions(+), 14 deletions(-)

(limited to 'runtime/loc2c-runtime.h')

diff --git a/runtime/loc2c-runtime.h b/runtime/loc2c-runtime.h
index 620e1615..e9e5a071 100644
--- a/runtime/loc2c-runtime.h
+++ b/runtime/loc2c-runtime.h
@@ -192,7 +192,7 @@
 
 #define kread(ptr) ({ \
         typeof(*(ptr)) _v = 0; \
-        if (lookup_bad_addr((unsigned long)(ptr)) || \
+        if (lookup_bad_addr((unsigned long)(ptr), sizeof (*(ptr))) ||	\
             probe_kernel_read((void *)&_v, (void *)(ptr), sizeof(*(ptr)))) \
           DEREF_FAULT(ptr); \
         _v; \
@@ -201,7 +201,7 @@
 #define kwrite(ptr, value) ({ \
         typeof(*(ptr)) _v; \
         _v = (typeof(*(ptr)))(value); \
-        if (lookup_bad_addr((unsigned long)addr) || \
+        if (lookup_bad_addr((unsigned long)addr, sizeof (*(ptr))) ||	\
             probe_kernel_write((void *)(ptr), (void *)&_v, sizeof(*(ptr)))) \
           STORE_DEREF_FAULT(ptr); \
     })
@@ -240,7 +240,7 @@ extern void __store_deref_bad(void);
     int _bad = 0;							      \
     u8 _b; u16 _w; u32 _l;	                                              \
     intptr_t _v = 0;							      \
-    if (lookup_bad_addr((unsigned long)addr))                                 \
+    if (lookup_bad_addr((unsigned long)addr, size))			      \
       _bad = 1;                                                               \
     else                                                                      \
       switch (size)                                                           \
@@ -258,7 +258,7 @@ extern void __store_deref_bad(void);
 #define store_deref(size, addr, value)					      \
   ({									      \
     int _bad = 0;							      \
-    if (lookup_bad_addr((unsigned long)addr))                                 \
+    if (lookup_bad_addr((unsigned long)addr, size))			      \
       _bad = 1;                                                               \
     else                                                                      \
       switch (size)                                                           \
@@ -280,7 +280,7 @@ extern void __store_deref_bad(void);
     int _bad = 0;							      \
     u8 _b; u16 _w; u32 _l; u64 _q;					      \
     intptr_t _v = 0;							      \
-    if (lookup_bad_addr((unsigned long)addr))                                 \
+    if (lookup_bad_addr((unsigned long)addr, size))			      \
       _bad = 1;                                                               \
     else                                                                      \
       switch (size)                                                           \
@@ -299,7 +299,7 @@ extern void __store_deref_bad(void);
 #define store_deref(size, addr, value)					      \
   ({									      \
     int _bad = 0;							      \
-    if (lookup_bad_addr((unsigned long)addr))                                 \
+    if (lookup_bad_addr((unsigned long)addr, size))			      \
       _bad = 1;                                                               \
     else                                                                      \
       switch (size)                                                           \
@@ -319,7 +319,7 @@ extern void __store_deref_bad(void);
   ({									\
      int _bad = 0;							\
      intptr_t _v=0;							\
-     if (lookup_bad_addr((unsigned long)addr))                          \
+     if (lookup_bad_addr((unsigned long)addr, size))			\
        _bad = 1;                                                        \
      else                                                               \
        switch (size){							\
@@ -337,7 +337,7 @@ extern void __store_deref_bad(void);
 #define store_deref(size, addr, value)					\
   ({									\
     int _bad=0;								\
-    if (lookup_bad_addr((unsigned long)addr))                           \
+    if (lookup_bad_addr((unsigned long)addr, size))			\
       _bad = 1;                                                         \
     else                                                                \
       switch (size){							\
@@ -397,7 +397,7 @@ extern void __store_deref_bad(void);
   ({									      \
     int _bad = 0;							      \
     intptr_t _v = 0;							      \
-    if (lookup_bad_addr((unsigned long)addr))                                 \
+    if (lookup_bad_addr((unsigned long)addr, size))			      \
       _bad = 1;                                                               \
     else                                                                      \
       switch (size)                                                           \
@@ -416,7 +416,7 @@ extern void __store_deref_bad(void);
 #define store_deref(size, addr, value)					      \
   ({									      \
     int _bad = 0;							      \
-    if (lookup_bad_addr((unsigned long)addr))                                 \
+    if (lookup_bad_addr((unsigned long)addr, size))			      \
       _bad = 1;                                                               \
     else                                                                      \
       switch (size)                                                           \
@@ -571,7 +571,7 @@ extern void __store_deref_bad(void);
   ({									\
      int _bad = 0;							\
      intptr_t _v=0;							\
-     if (lookup_bad_addr((unsigned long)addr))                          \
+     if (lookup_bad_addr((unsigned long)addr, size))			\
       _bad = 1;                                                         \
     else                                                                \
       switch (size){							\
@@ -588,7 +588,7 @@ extern void __store_deref_bad(void);
 #define store_deref(size, addr, value)					\
   ({									\
     int _bad=0;								\
-    if (lookup_bad_addr((unsigned long)addr))                           \
+    if (lookup_bad_addr((unsigned long)addr, size))			\
       _bad = 1;                                                         \
     else                                                                \
       switch (size){							\
@@ -660,7 +660,7 @@ extern void __store_deref_bad(void);
 	u8 _b; u16 _w; u32 _l; u64 _q;				\
 	int _bad = 0;						\
 	intptr_t _v = 0;					\
-        if (lookup_bad_addr((unsigned long)addr))               \
+        if (lookup_bad_addr((unsigned long)addr, size))		\
           _bad = 1;                                             \
         else                                                    \
           switch (size) {		                	\
@@ -696,7 +696,7 @@ extern void __store_deref_bad(void);
 ({                                                              \
         int _bad = 0;                                           \
 	int i;							\
-        if (lookup_bad_addr((unsigned long)addr))               \
+        if (lookup_bad_addr((unsigned long)addr, size))		\
           _bad = 1;                                             \
         else                                                    \
           for(i=0;i<size;i++){                                  \
-- 
cgit