CVS commit: src/sys/arch/amd64/amd64

To: source-changes%NetBSD.org@localhost
Subject: CVS commit: src/sys/arch/amd64/amd64
From: "Taylor R Campbell" <riastradh%netbsd.org@localhost>
Date: Sun, 22 Feb 2026 12:14:56 +0000

Module Name:    src
Committed By:   riastradh
Date:           Sun Feb 22 12:14:56 UTC 2026

Modified Files:
        src/sys/arch/amd64/amd64: machdep.c

Log Message:
amd64: Fix locking around uvm_map_checkprot in mm_md_kernacc.

This call was originally introduced in sys/arch/amd64/amd64/mem.c
rev. 1.11 back in 2003 by fvdl@ with the commit message:

> Proper checks for kmem reads beyond _end

https://mail-index.netbsd.org/source-changes/2003/10/14/msg135803.html

At some point, SOMEBODY added an assertion in uvm that made it stop
working:

> uvm_map(9): Sprinkle assertions and interface contract comments.
>
> No functional change intended.

https://mail-index.netbsd.org/source-changes/2024/08/13/msg152763.html

(Really, this assertion revealed that this path was broken all along.)

This patch makes the amd64 mm_md_kernacc match the corresponding logic
in uvm_kernacc around uvm_map_checkprot:

    104         vm_map_lock_read(kernel_map);
    105         rv = uvm_map_checkprot(kernel_map, saddr, eaddr, prot);
    106         vm_map_unlock_read(kernel_map);

https://nxr.netbsd.org/xref/src/sys/uvm/uvm_glue.c#92

Now, all of these checks in /dev/mem and company look like TOCTOU
bogosity, because the answers are stale by the time we reach uiomove,
which has to re-check any access anyway:

    269         if (!md_kva) {
    270                 bool checked = false;
    271
    272 #ifdef __HAVE_MM_MD_KERNACC
    273                 /* MD check for the address. */
    274                 error = mm_md_kernacc(addr, prot, &checked);
    275                 if (error) {
    276                         return error;
    277                 }
    278 #endif
    279                 /* UVM check for the address (unless MD indicated to not). */
    280                 if (!checked && !uvm_kernacc(addr, len, prot)) {
    281                         return EFAULT;
    282                 }
    283         }
    284         error = uiomove(addr, len, uio);

https://nxr.netbsd.org/xref/src/sys/dev/mm.c?r=1.25#269

But we can address that in a separate change.

PR kern/59955: kernel diagnostic assertion "rw_lock_held(&map->lock)"
failed: file "/home/riastradh/netbsd/11/src/sys/uvm/uvm_map.c", line
1704


To generate a diff of this commit:
cvs rdiff -u -r1.378 -r1.379 src/sys/arch/amd64/amd64/machdep.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: src/external/mit/xorg/lib
Next by Date: CVS commit: src/sbin/ccdconfig
Previous by Thread: CVS commit: src/external/mit/xorg/lib
Next by Thread: CVS commit: src/sbin/ccdconfig
Indexes:

Home | Main Index | Thread Index | Old Index