[src/trunk]: src/sys/arch Put a one-page redzone between userland and the PTE...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/sys/arch Put a one-page redzone between userland and the PTE...
From: maxv <maxv%NetBSD.org@localhost>
Date: Tue, 07 Apr 2020 07:07:46 +0000

details:   https://anonhg.NetBSD.org/src/rev/f418e8d8e0c4
branches:  trunk
changeset: 819133:f418e8d8e0c4
user:      maxv <maxv%NetBSD.org@localhost>
date:      Sat Nov 19 09:22:03 2016 +0000

description:
Put a one-page redzone between userland and the PTE space on amd64 and
i386.

The PTE space is a critical region that maps the page tree, and bugs have
been found in both amd64 and i386 where the kernel would wrongly overflow
userland data on this area. This kind of bug is terrible, since it allows
userland to overwrite some entries of the page tree, which makes it easy
to patch the kernel text and get ring0 privileges.

diffstat:

 sys/arch/amd64/include/vmparam.h |  4 ++--
 sys/arch/i386/include/vmparam.h  |  4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diffs (36 lines):

diff -r a9750c895d68 -r f418e8d8e0c4 sys/arch/amd64/include/vmparam.h
--- a/sys/arch/amd64/include/vmparam.h  Sat Nov 19 09:10:33 2016 +0000
+++ b/sys/arch/amd64/include/vmparam.h  Sat Nov 19 09:22:03 2016 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: vmparam.h,v 1.37 2016/08/07 01:01:59 dholland Exp $    */
+/*     $NetBSD: vmparam.h,v 1.38 2016/11/19 09:22:03 maxv Exp $        */
 
 /*-
  * Copyright (c) 1990 The Regents of the University of California.
@@ -114,7 +114,7 @@
 
 /* user/kernel map constants */
 #define VM_MIN_ADDRESS         0
-#define VM_MAXUSER_ADDRESS     0x00007f8000000000
+#define VM_MAXUSER_ADDRESS     (0x00007f8000000000 - PAGE_SIZE)
 #define VM_MAX_ADDRESS         0x00007fbfdfeff000
 #ifndef XEN
 #define VM_MIN_KERNEL_ADDRESS  0xffff800000000000
diff -r a9750c895d68 -r f418e8d8e0c4 sys/arch/i386/include/vmparam.h
--- a/sys/arch/i386/include/vmparam.h   Sat Nov 19 09:10:33 2016 +0000
+++ b/sys/arch/i386/include/vmparam.h   Sat Nov 19 09:22:03 2016 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: vmparam.h,v 1.82 2016/08/07 01:02:00 dholland Exp $    */
+/*     $NetBSD: vmparam.h,v 1.83 2016/11/19 09:22:03 maxv Exp $        */
 
 /*-
  * Copyright (c) 1990 The Regents of the University of California.
@@ -100,7 +100,7 @@
 
 /* user/kernel map constants */
 #define VM_MIN_ADDRESS         ((vaddr_t)0)
-#define        VM_MAXUSER_ADDRESS      ((vaddr_t)(PDIR_SLOT_PTE << L2_SHIFT))
+#define        VM_MAXUSER_ADDRESS      ((vaddr_t)(PDIR_SLOT_PTE << L2_SHIFT) - PAGE_SIZE)
 #define        VM_MAX_ADDRESS          \
        ((vaddr_t)((PDIR_SLOT_PTE << L2_SHIFT) + (PDIR_SLOT_PTE << L1_SHIFT)))
 #define        VM_MIN_KERNEL_ADDRESS   ((vaddr_t)(PDIR_SLOT_KERN << L2_SHIFT))

Prev by Date: [src/trunk]: src/external/gpl3/gdb s/#/$/ in a $NetBSD$ so it actually expands
Next by Date: [src/trunk]: src/sys/dev/usb Pull across various locking and reference counti...
Previous by Thread: [src/trunk]: src/external/gpl3/gdb s/#/$/ in a $NetBSD$ so it actually expands
Next by Thread: [src/trunk]: src/sys/dev/usb Pull across various locking and reference counti...
Indexes:

Home | Main Index | Thread Index | Old Index