d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

From guido@gvr.win.tue.nl Sat Aug 7 06:58:04 1993

Browse Source 
I posted some patches on the 386bsd_patchkit list to prohibit io access.
Because of a noninitialised filed in the tss, this was possible.
It is included below as the patch to machdep.c
However, when you do this *necessary* fix (security), it will be
impossible form within user space to do io.

therefor, I included another fix: when you open /dev/io, you
get the access. Of course you can rewrite it to use another minor
and thus giving access to the iospace when /dev/mem is opened, e.g.

NOTE: The /dev/io entry has not been added to /dev/MAKEDEV yet.
The patch is in NetBSD.
This commit is contained in:
Rodney W. Grimes 1993-08-09 06:16:42 +00:00
parent 2e38124735
commit 78d172cab6
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=259
5 changed files with 91 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
sys/amd64/amd64/machdep.c
View File

@ -49,7 +49,7 @@
* 20 Apr 93 Bruce Evans New npx-0.5 code
* 25 Apr 93 Bruce Evans New intr-0.1 code
*/
static char rcsid[] = "$Header: /a/cvs/386BSD/src/sys/i386/i386/machdep.c,v 1.4 1993/07/16 23:55:07 davidg Exp $";
static char rcsid[] = "$Header: /freefall/a/cvs/386BSD/src/sys/i386/i386/machdep.c,v 1.5 1993/07/27 10:52:17 davidg Exp $";
#include <stddef.h>
@ -1008,6 +1008,10 @@ init386(first)
proc0.p_addr->u_pcb.pcb_tss.tss_esp0 = (int) kstack + UPAGES*NBPG;
proc0.p_addr->u_pcb.pcb_tss.tss_ss0 = GSEL(GDATA_SEL, SEL_KPL) ;
_gsel_tss = GSEL(GPROC0_SEL, SEL_KPL);
((struct i386tss *)gdt_segs[GPROC0_SEL].ssd_base)->tss_ioopt =
(sizeof(tss))<<16;
ltr(_gsel_tss);
/* make a call gate to reenter kernel with */

38
sys/amd64/amd64/mem.c
View File

@ -50,8 +50,10 @@
#include "systm.h"
#include "uio.h"
#include "malloc.h"
#include "proc.h"
#include "machine/cpu.h"
#include "machine/psl.h"
#include "vm/vm_param.h"
#include "vm/lock.h"
@ -61,6 +63,42 @@
extern char *vmmap; /* poor name! */
/*ARGSUSED*/
mmclose(dev, uio, flags)
dev_t dev;
struct uio *uio;
int flags;
{
struct syscframe *fp;
switch (minor(dev)) {
case 14:
fp = (struct syscframe *)curproc->p_regs;
fp->sf_eflags &= ~PSL_IOPL;
break;
default:
break;
}
return(0);
}
/*ARGSUSED*/
mmopen(dev, uio, flags)
dev_t dev;
struct uio *uio;
int flags;
{
struct syscframe *fp;
switch (minor(dev)) {
case 14:
fp = (struct syscframe *)curproc->p_regs;
fp->sf_eflags |= PSL_IOPL;
break;
default:
break;
}
return(0);
}
/*ARGSUSED*/
mmrw(dev, uio, flags)
dev_t dev;
struct uio *uio;

10
sys/i386/i386/conf.c
View File

@ -56,7 +56,7 @@
* 28 Jul 93 Jordan K. Hubbard Free codrv's slot again
*
*/
static char rcsid[] = "$Header: /a/cvs/386BSD/src/sys/i386/i386/conf.c,v 1.1.1.1 1993/06/12 14:58:07 rgrimes Exp $";
static char rcsid[] = "$Header: /freefall/a/cvs/386BSD/src/sys/i386/i386/conf.c,v 1.2 1993/07/30 00:57:06 jkh Exp $";
#include "param.h"
#include "systm.h"
@ -213,7 +213,7 @@ extern struct tty pccons;
int cttyopen(), cttyread(), cttywrite(), cttyioctl(), cttyselect();
int mmrw();
int mmopen(), mmclose(), mmrw();
#define mmselect seltrue
#include "pty.h"
@ -359,9 +359,9 @@ struct cdevsw cdevsw[] =
{ cttyopen, nullop, cttyread, cttywrite, /*1*/
cttyioctl, nullop, nullop, NULL, /* tty */
cttyselect, enodev, NULL },
{ nullop, nullop, mmrw, mmrw, /*2*/
enodev, nullop, nullop, NULL, /* memory */
mmselect, enodev, NULL },
{ mmopen, mmclose, mmrw, mmrw, /*2*/
enodev, nullop, nullop, NULL, /* memory */
mmselect, enodev, NULL },
{ wdopen, wdclose, rawread, rawwrite, /*3*/
wdioctl, enodev, nullop, NULL, /* wd */
seltrue, enodev, wdstrategy },

6
sys/i386/i386/machdep.c
View File

@ -49,7 +49,7 @@
* 20 Apr 93 Bruce Evans New npx-0.5 code
* 25 Apr 93 Bruce Evans New intr-0.1 code
*/
static char rcsid[] = "$Header: /a/cvs/386BSD/src/sys/i386/i386/machdep.c,v 1.4 1993/07/16 23:55:07 davidg Exp $";
static char rcsid[] = "$Header: /freefall/a/cvs/386BSD/src/sys/i386/i386/machdep.c,v 1.5 1993/07/27 10:52:17 davidg Exp $";
#include <stddef.h>
@ -1008,6 +1008,10 @@ init386(first)
proc0.p_addr->u_pcb.pcb_tss.tss_esp0 = (int) kstack + UPAGES*NBPG;
proc0.p_addr->u_pcb.pcb_tss.tss_ss0 = GSEL(GDATA_SEL, SEL_KPL) ;
_gsel_tss = GSEL(GPROC0_SEL, SEL_KPL);
((struct i386tss *)gdt_segs[GPROC0_SEL].ssd_base)->tss_ioopt =
(sizeof(tss))<<16;
ltr(_gsel_tss);
/* make a call gate to reenter kernel with */

38
sys/i386/i386/mem.c
View File

@ -50,8 +50,10 @@
#include "systm.h"
#include "uio.h"
#include "malloc.h"
#include "proc.h"
#include "machine/cpu.h"
#include "machine/psl.h"
#include "vm/vm_param.h"
#include "vm/lock.h"
@ -61,6 +63,42 @@
extern char *vmmap; /* poor name! */
/*ARGSUSED*/
mmclose(dev, uio, flags)
dev_t dev;
struct uio *uio;
int flags;
{
struct syscframe *fp;
switch (minor(dev)) {
case 14:
fp = (struct syscframe *)curproc->p_regs;
fp->sf_eflags &= ~PSL_IOPL;
break;
default:
break;
}
return(0);
}
/*ARGSUSED*/
mmopen(dev, uio, flags)
dev_t dev;
struct uio *uio;
int flags;
{
struct syscframe *fp;
switch (minor(dev)) {
case 14:
fp = (struct syscframe *)curproc->p_regs;
fp->sf_eflags |= PSL_IOPL;
break;
default:
break;
}
return(0);
}
/*ARGSUSED*/
mmrw(dev, uio, flags)
dev_t dev;
struct uio *uio;