d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use the same implementation of copyinout.c for both AIM and Book-E. This

Browse Source 
fixes some bugs in both implementations related to validity checks on
mapping bounds.
This commit is contained in:
Nathan Whitehorn 2013-11-11 23:37:16 +00:00
parent 2925848d7c
commit e39c26a950
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=258024
3 changed files with 84 additions and 349 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
sys/conf/files.powerpc
View File

@ -86,7 +86,6 @@ libkern/qdivrem.c optional powerpc
libkern/ucmpdi2.c optional powerpc
libkern/udivdi3.c optional powerpc
libkern/umoddi3.c optional powerpc
powerpc/aim/copyinout.c optional aim
powerpc/aim/interrupt.c optional aim
powerpc/aim/locore.S optional aim no-obj
powerpc/aim/machdep.c optional aim
@ -98,7 +97,6 @@ powerpc/aim/mp_cpudep.c optional aim smp
powerpc/aim/slb.c optional aim powerpc64
powerpc/aim/trap.c optional aim
powerpc/aim/uma_machdep.c optional aim
powerpc/booke/copyinout.c optional booke
powerpc/booke/interrupt.c optional booke
powerpc/booke/locore.S optional booke no-obj
powerpc/booke/machdep.c optional booke
@ -173,6 +171,7 @@ powerpc/powerpc/bcopy.c standard
powerpc/powerpc/bus_machdep.c standard
powerpc/powerpc/busdma_machdep.c standard
powerpc/powerpc/clock.c standard
powerpc/powerpc/copyinout.c standard
powerpc/powerpc/copystr.c standard
powerpc/powerpc/cpu.c standard
powerpc/powerpc/db_disasm.c optional ddb

315
sys/powerpc/booke/copyinout.c
View File

@ -1,315 +0,0 @@
/*-
* Copyright (C) 2002 Benno Rice
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY Benno Rice ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL TOOLS GMBH BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
* OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*-
* Copyright (C) 1993 Wolfgang Solfrank.
* Copyright (C) 1993 TooLs GmbH.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by TooLs GmbH.
* 4. The name of TooLs GmbH may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY TOOLS GMBH ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL TOOLS GMBH BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
* OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/proc.h>
#include <vm/vm.h>
#include <vm/pmap.h>
#include <vm/vm_map.h>
#include <machine/pcb.h>
#include <machine/vmparam.h>
int setfault(faultbuf); /* defined in locore.S */
static int
is_uaddr(const void *addr)
{
int rv = ((vm_offset_t)addr <= VM_MAXUSER_ADDRESS) ? 1 : 0;
return rv;
}
int
copyout(const void *kaddr, void *udaddr, size_t len)
{
struct thread *td;
faultbuf env;
if (!is_uaddr(udaddr))
return (EFAULT);
td = curthread;
if (setfault(env)) {
td->td_pcb->pcb_onfault = NULL;
return (EFAULT);
}
bcopy(kaddr, udaddr, len);
td->td_pcb->pcb_onfault = NULL;
return (0);
}
int
copyin(const void *udaddr, void *kaddr, size_t len)
{
struct thread *td;
faultbuf env;
if (!is_uaddr(udaddr) || is_uaddr(kaddr))
return (EFAULT);
td = curthread;
if (setfault(env)) {
td->td_pcb->pcb_onfault = NULL;
return (EFAULT);
}
bcopy(udaddr, kaddr, len);
td->td_pcb->pcb_onfault = NULL;
return (0);
}
int
copyinstr(const void *udaddr, void *kaddr, size_t len, size_t *done)
{
struct thread *td;
faultbuf env;
const char *up;
char *kp;
size_t l;
int rv, c;
if (!is_uaddr(udaddr) || is_uaddr(kaddr))
return (EFAULT);
td = curthread;
if (setfault(env)) {
td->td_pcb->pcb_onfault = NULL;
return (EFAULT);
}
kp = kaddr;
up = udaddr;
rv = ENAMETOOLONG;
for (l = 0; len-- > 0; l++) {
c = *up++;
if (!(*kp++ = c)) {
l++;
rv = 0;
break;
}
}
if (done != NULL) {
*done = l;
}
td->td_pcb->pcb_onfault = NULL;
return (rv);
}
int
subyte(void *addr, int byte)
{
struct thread *td;
faultbuf env;
if (!is_uaddr(addr))
return (EFAULT);
td = curthread;
if (setfault(env)) {
td->td_pcb->pcb_onfault = NULL;
return (EFAULT);
}
*(char *)addr = (char)byte;
td->td_pcb->pcb_onfault = NULL;
return (0);
}
int
suword(void *addr, long word)
{
struct thread *td;
faultbuf env;
if (!is_uaddr(addr))
return (EFAULT);
td = curthread;
if (setfault(env)) {
td->td_pcb->pcb_onfault = NULL;
return (EFAULT);
}
*(long *)addr = word;
td->td_pcb->pcb_onfault = NULL;
return (0);
}
int
suword32(void *addr, int32_t word)
{
return (suword(addr, (long)word));
}
int
fubyte(const void *addr)
{
struct thread *td;
faultbuf env;
int val;
if (!is_uaddr(addr))
return (EFAULT);
td = curthread;
if (setfault(env)) {
td->td_pcb->pcb_onfault = NULL;
return (EFAULT);
}
val = *(const u_char *)addr;
td->td_pcb->pcb_onfault = NULL;
return (val);
}
long
fuword(const void *addr)
{
struct thread *td;
faultbuf env;
long val;
if (!is_uaddr(addr))
return (EFAULT);
td = curthread;
if (setfault(env)) {
td->td_pcb->pcb_onfault = NULL;
return (EFAULT);
}
val = *(const long *)addr;
td->td_pcb->pcb_onfault = NULL;
return (val);
}
int32_t
fuword32(const void *addr)
{
return ((int32_t)fuword(addr));
}
uint32_t
casuword32(volatile uint32_t *base, uint32_t oldval, uint32_t newval)
{
return (casuword((volatile u_long *)base, oldval, newval));
}
u_long
casuword(volatile u_long *addr, u_long old, u_long new)
{
struct thread *td;
faultbuf env;
u_long val;
if (!((vm_offset_t)addr <= VM_MAXUSER_ADDRESS))
return (EFAULT);
td = curthread;
if (setfault(env)) {
td->td_pcb->pcb_onfault = NULL;
return (EFAULT);
}
__asm __volatile (
"1:\tlwarx %0, 0, %2\n\t" /* load old value */
"cmplw %3, %0\n\t" /* compare */
"bne 2f\n\t" /* exit if not equal */
"stwcx. %4, 0, %2\n\t" /* attempt to store */
"bne- 1b\n\t" /* spin if failed */
"b 3f\n\t" /* we've succeeded */
"2:\n\t"
"stwcx. %0, 0, %2\n\t" /* clear reservation (74xx) */
"3:\n\t"
: "=&r" (val), "=m" (*addr)
: "r" (addr), "r" (old), "r" (new), "m" (*addr)
: "cc", "memory");
td->td_pcb->pcb_onfault = NULL;
return (val);
}

115
sys/powerpc/aim/copyinout.c → sys/powerpc/powerpc/copyinout.c
View File

@ -69,9 +69,11 @@ __FBSDID("$FreeBSD$");
#include <machine/pcb.h>
#include <machine/sr.h>
#include <machine/slb.h>
#include <machine/vmparam.h>
int setfault(faultbuf); /* defined in locore.S */
#ifdef AIM
/*
* Makes sure that the right segment of userspace is mapped in.
*/
@ -132,6 +134,43 @@ set_user_sr(pmap_t pm, const void *addr)
}
#endif
static __inline int
map_user_ptr(pmap_t pm, const void *uaddr, void **kaddr, size_t ulen,
size_t *klen)
{
size_t l;
*kaddr = (char *)USER_ADDR + ((uintptr_t)uaddr & ~SEGMENT_MASK);
l = ((char *)USER_ADDR + SEGMENT_LENGTH) - (char *)(*kaddr);
if (l > ulen)
l = ulen;
if (klen)
*klen = l;
else if (l != ulen)
return (EFAULT);
set_user_sr(pm, uaddr);
return (0);
}
#else /* Book-E uses a combined kernel/user mapping */
static __inline int
map_user_ptr(pmap_t pm, const void *uaddr, void **kaddr, size_t ulen,
size_t *klen)
{
if ((uintptr_t)uaddr + ulen > VM_MAXUSER_ADDRESS + PAGE_SIZE)
return (EFAULT);
*kaddr = (void *)(uintptr_t)uaddr;
if (klen)
*klen = ulen;
return (0);
}
#endif
int
copyout(const void *kaddr, void *udaddr, size_t len)
{
@ -154,13 +193,10 @@ copyout(const void *kaddr, void *udaddr, size_t len)
up = udaddr;
while (len > 0) {
p = (char *)USER_ADDR + ((uintptr_t)up & ~SEGMENT_MASK);
l = ((char *)USER_ADDR + SEGMENT_LENGTH) - p;
if (l > len)
l = len;
set_user_sr(pm,up);
if (map_user_ptr(pm, udaddr, (void **)&p, len, &l)) {
td->td_pcb->pcb_onfault = NULL;
return (-1);
}
bcopy(kp, p, l);
@ -195,13 +231,10 @@ copyin(const void *udaddr, void *kaddr, size_t len)
up = udaddr;
while (len > 0) {
p = (char *)USER_ADDR + ((uintptr_t)up & ~SEGMENT_MASK);
l = ((char *)USER_ADDR + SEGMENT_LENGTH) - p;
if (l > len)
l = len;
set_user_sr(pm,up);
if (map_user_ptr(pm, udaddr, (void **)&p, len, &l)) {
td->td_pcb->pcb_onfault = NULL;
return (-1);
}
bcopy(p, kp, l);
@ -269,14 +302,16 @@ subyte(void *addr, int byte)
td = curthread;
pm = &td->td_proc->p_vmspace->vm_pmap;
p = (char *)(USER_ADDR + ((uintptr_t)addr & ~SEGMENT_MASK));
if (setfault(env)) {
td->td_pcb->pcb_onfault = NULL;
return (-1);
}
set_user_sr(pm,addr);
if (map_user_ptr(pm, addr, (void **)&p, sizeof(*p), NULL)) {
td->td_pcb->pcb_onfault = NULL;
return (-1);
}
*p = (char)byte;
@ -295,14 +330,16 @@ suword32(void *addr, int word)
td = curthread;
pm = &td->td_proc->p_vmspace->vm_pmap;
p = (int *)(USER_ADDR + ((uintptr_t)addr & ~SEGMENT_MASK));
if (setfault(env)) {
td->td_pcb->pcb_onfault = NULL;
return (-1);
}
set_user_sr(pm,addr);
if (map_user_ptr(pm, addr, (void **)&p, sizeof(*p), NULL)) {
td->td_pcb->pcb_onfault = NULL;
return (-1);
}
*p = word;
@ -321,14 +358,16 @@ suword(void *addr, long word)
td = curthread;
pm = &td->td_proc->p_vmspace->vm_pmap;
p = (long *)(USER_ADDR + ((uintptr_t)addr & ~SEGMENT_MASK));
if (setfault(env)) {
td->td_pcb->pcb_onfault = NULL;
return (-1);
}
set_user_sr(pm,addr);
if (map_user_ptr(pm, addr, (void **)&p, sizeof(*p), NULL)) {
td->td_pcb->pcb_onfault = NULL;
return (-1);
}
*p = word;
@ -361,14 +400,16 @@ fubyte(const void *addr)
td = curthread;
pm = &td->td_proc->p_vmspace->vm_pmap;
p = (u_char *)(USER_ADDR + ((uintptr_t)addr & ~SEGMENT_MASK));
if (setfault(env)) {
td->td_pcb->pcb_onfault = NULL;
return (-1);
}
set_user_sr(pm,addr);
if (map_user_ptr(pm, addr, (void **)&p, sizeof(*p), NULL)) {
td->td_pcb->pcb_onfault = NULL;
return (-1);
}
val = *p;
@ -387,14 +428,16 @@ fuword32(const void *addr)
td = curthread;
pm = &td->td_proc->p_vmspace->vm_pmap;
p = (int32_t *)(USER_ADDR + ((uintptr_t)addr & ~SEGMENT_MASK));
if (setfault(env)) {
td->td_pcb->pcb_onfault = NULL;
return (-1);
}
set_user_sr(pm,addr);
if (map_user_ptr(pm, addr, (void **)&p, sizeof(*p), NULL)) {
td->td_pcb->pcb_onfault = NULL;
return (-1);
}
val = *p;
@ -413,14 +456,16 @@ fuword(const void *addr)
td = curthread;
pm = &td->td_proc->p_vmspace->vm_pmap;
p = (long *)(USER_ADDR + ((uintptr_t)addr & ~SEGMENT_MASK));
if (setfault(env)) {
td->td_pcb->pcb_onfault = NULL;
return (-1);
}
set_user_sr(pm,addr);
if (map_user_ptr(pm, addr, (void **)&p, sizeof(*p), NULL)) {
td->td_pcb->pcb_onfault = NULL;
return (-1);
}
val = *p;
@ -446,15 +491,18 @@ casuword32(volatile uint32_t *addr, uint32_t old, uint32_t new)
td = curthread;
pm = &td->td_proc->p_vmspace->vm_pmap;
p = (uint32_t *)(USER_ADDR + ((uintptr_t)addr & ~SEGMENT_MASK));
set_user_sr(pm,(const void *)(vm_offset_t)addr);
if (setfault(env)) {
td->td_pcb->pcb_onfault = NULL;
return (-1);
}
if (map_user_ptr(pm, (void *)(uintptr_t)addr, (void **)&p, sizeof(*p),
NULL)) {
td->td_pcb->pcb_onfault = NULL;
return (-1);
}
__asm __volatile (
"1:\tlwarx %0, 0, %2\n\t" /* load old value */
"cmplw %3, %0\n\t" /* compare */
@ -491,15 +539,18 @@ casuword(volatile u_long *addr, u_long old, u_long new)
td = curthread;
pm = &td->td_proc->p_vmspace->vm_pmap;
p = (u_long *)(USER_ADDR + ((uintptr_t)addr & ~SEGMENT_MASK));
set_user_sr(pm,(const void *)(vm_offset_t)addr);
if (setfault(env)) {
td->td_pcb->pcb_onfault = NULL;
return (-1);
}
if (map_user_ptr(pm, (void *)(uintptr_t)addr, (void **)&p, sizeof(*p),
NULL)) {
td->td_pcb->pcb_onfault = NULL;
return (-1);
}
__asm __volatile (
"1:\tldarx %0, 0, %2\n\t" /* load old value */
"cmpld %3, %0\n\t" /* compare */