[patch] restrict amd64_set_{f,g}sbase() to values inside user VA
Joseph Koshy
joseph.koshy at gmail.com
Sat Jul 9 06:49:38 GMT 2005
Does anyone have objections to the following patch?
It restricts the values that can be loaded into the FS.base and
GS.base MSRs for user processes to those inside of user VA
(0..(1<<47) today).
These values are used as the base addresses for FS- and GS-
relative addressing, when a FS: or GS: segment override
is specified in an instruction.
--
FreeBSD Volunteer, http://people.freebsd.org/~jkoshy
-------------- next part --------------
--- SRC/sys/amd64/amd64/sys_machdep.c Thu Apr 14 22:27:58 2005
+++ DST/sys/amd64/amd64/sys_machdep.c Wed Jul 6 09:12:04 2005
@@ -38,9 +38,14 @@
#include <sys/lock.h>
#include <sys/proc.h>
#include <sys/sysproto.h>
+
#include <machine/specialreg.h>
#include <machine/sysarch.h>
#include <machine/pcb.h>
+#include <machine/vmparam.h>
+
+#include <vm/vm.h>
+#include <vm/pmap.h>
#ifndef _SYS_SYSPROTO_H_
struct sysarch_args {
@@ -57,6 +62,7 @@
int error = 0;
struct pcb *pcb = curthread->td_pcb;
uint32_t i386base;
+ uint64_t amd64base;
switch(uap->op) {
case I386_GET_FSBASE:
@@ -85,8 +91,12 @@
case AMD64_SET_FSBASE:
error = copyin(uap->parms, &pcb->pcb_fsbase, sizeof(pcb->pcb_fsbase));
- if (!error)
+ if (!error && amd64base >= VM_MAXUSER_ADDRESS)
+ error = EINVAL;
+ else {
+ pcb->pcb_fsbase = amd64base;
wrmsr(MSR_FSBASE, pcb->pcb_fsbase);
+ }
break;
case AMD64_GET_GSBASE:
@@ -94,9 +104,13 @@
break;
case AMD64_SET_GSBASE:
- error = copyin(uap->parms, &pcb->pcb_gsbase, sizeof(pcb->pcb_gsbase));
- if (!error)
+ error = copyin(uap->parms, &amd64base, sizeof(amd64base));
+ if (!error && amd64base >= VM_MAXUSER_ADDRESS)
+ error = EINVAL;
+ else {
+ pcb->pcb_gsbase = amd64base;
wrmsr(MSR_KGSBASE, pcb->pcb_gsbase);
+ }
break;
default:
More information about the freebsd-amd64
mailing list