PR/59955 CVS commit: src/sys/arch/amd64/amd64

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,campbell+netbsd%mumble.net@localhost
Subject: PR/59955 CVS commit: src/sys/arch/amd64/amd64
From: "Taylor R Campbell" <riastradh%netbsd.org@localhost>
Date: Sun, 22 Feb 2026 12:15:01 +0000 (UTC)

The following reply was made to PR kern/59955; it has been noted by GNATS.

From: "Taylor R Campbell" <riastradh%netbsd.org@localhost>
To: gnats-bugs%gnats.NetBSD.org@localhost
Cc: 
Subject: PR/59955 CVS commit: src/sys/arch/amd64/amd64
Date: Sun, 22 Feb 2026 12:14:56 +0000

 Module Name:	src
 Committed By:	riastradh
 Date:		Sun Feb 22 12:14:56 UTC 2026
 
 Modified Files:
 	src/sys/arch/amd64/amd64: machdep.c
 
 Log Message:
 amd64: Fix locking around uvm_map_checkprot in mm_md_kernacc.
 
 This call was originally introduced in sys/arch/amd64/amd64/mem.c
 rev. 1.11 back in 2003 by fvdl@ with the commit message:
 
 > Proper checks for kmem reads beyond _end
 
 https://mail-index.netbsd.org/source-changes/2003/10/14/msg135803.html
 
 At some point, SOMEBODY added an assertion in uvm that made it stop
 working:
 
 > uvm_map(9): Sprinkle assertions and interface contract comments.
 >
 > No functional change intended.
 
 https://mail-index.netbsd.org/source-changes/2024/08/13/msg152763.html
 
 (Really, this assertion revealed that this path was broken all along.)
 
 This patch makes the amd64 mm_md_kernacc match the corresponding logic
 in uvm_kernacc around uvm_map_checkprot:
 
     104 	vm_map_lock_read(kernel_map);
     105 	rv = uvm_map_checkprot(kernel_map, saddr, eaddr, prot);
     106 	vm_map_unlock_read(kernel_map);
 
 https://nxr.netbsd.org/xref/src/sys/uvm/uvm_glue.c#92
 
 Now, all of these checks in /dev/mem and company look like TOCTOU
 bogosity, because the answers are stale by the time we reach uiomove,
 which has to re-check any access anyway:
 
     269 	if (!md_kva) {
     270 		bool checked = false;
     271
     272 #ifdef __HAVE_MM_MD_KERNACC
     273 		/* MD check for the address. */
     274 		error = mm_md_kernacc(addr, prot, &checked);
     275 		if (error) {
     276 			return error;
     277 		}
     278 #endif
     279 		/* UVM check for the address (unless MD indicated to not). */
     280 		if (!checked && !uvm_kernacc(addr, len, prot)) {
     281 			return EFAULT;
     282 		}
     283 	}
     284 	error = uiomove(addr, len, uio);
 
 https://nxr.netbsd.org/xref/src/sys/dev/mm.c?r=1.25#269
 
 But we can address that in a separate change.
 
 PR kern/59955: kernel diagnostic assertion "rw_lock_held(&map->lock)"
 failed: file "/home/riastradh/netbsd/11/src/sys/uvm/uvm_map.c", line
 1704
 
 
 To generate a diff of this commit:
 cvs rdiff -u -r1.378 -r1.379 src/sys/arch/amd64/amd64/machdep.c
 
 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

Prev by Date: PR/60025 CVS commit: src/external/mit/xorg/lib
Previous by Thread: PR/60025 CVS commit: src/external/mit/xorg/lib
Indexes:

Home | Main Index | Thread Index | Old Index