From d021fc112b26e47e68f6ba5df6901480636956f7 Mon Sep 17 00:00:00 2001
From: Peter Wemm <peter@FreeBSD.org>
Date: Wed, 7 May 1997 20:32:41 +0000
Subject: [PATCH] Don't allow access to illegal addresses in /dev/kmem to panic
 kernel (eg: above 0xffc00000).  Programs using /dev/kmem are implicitly
 racing the kernel, and can get right up high in memory.  I've been running
 these for some time now, but with printfs.  It's saved two panics at least
 that I can remember.

---
 sys/amd64/amd64/mem.c | 9 +++++++--
 sys/i386/i386/mem.c   | 9 +++++++--
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/sys/amd64/amd64/mem.c b/sys/amd64/amd64/mem.c
index bfe5bfff7017..ae8e95ce5519 100644
--- a/sys/amd64/amd64/mem.c
+++ b/sys/amd64/amd64/mem.c
@@ -38,7 +38,7 @@
  *
  *	from: Utah $Hdr: mem.c 1.13 89/10/08$
  *	from: @(#)mem.c	7.2 (Berkeley) 5/9/91
- *	$Id: mem.c,v 1.42 1997/04/14 15:54:26 bde Exp $
+ *	$Id: mem.c,v 1.43 1997/05/07 20:02:37 peter Exp $
  */
 
 /*
@@ -239,7 +239,12 @@ mmrw(dev, uio, flags)
 			 */
 			addr = trunc_page(uio->uio_offset);
 			eaddr = round_page(uio->uio_offset + c);
-			for (; addr < eaddr; addr += PAGE_SIZE)
+
+			if (addr < (vm_offset_t)VADDR(PTDPTDI, 0))
+				return EFAULT;
+			if (eaddr >= (vm_offset_t)VADDR(APTDPTDI, 0))
+				return EFAULT;
+			for (; addr < eaddr; addr += PAGE_SIZE) 
 				if (pmap_extract(kernel_pmap, addr) == 0)
 					return EFAULT;
 			
diff --git a/sys/i386/i386/mem.c b/sys/i386/i386/mem.c
index bfe5bfff7017..ae8e95ce5519 100644
--- a/sys/i386/i386/mem.c
+++ b/sys/i386/i386/mem.c
@@ -38,7 +38,7 @@
  *
  *	from: Utah $Hdr: mem.c 1.13 89/10/08$
  *	from: @(#)mem.c	7.2 (Berkeley) 5/9/91
- *	$Id: mem.c,v 1.42 1997/04/14 15:54:26 bde Exp $
+ *	$Id: mem.c,v 1.43 1997/05/07 20:02:37 peter Exp $
  */
 
 /*
@@ -239,7 +239,12 @@ mmrw(dev, uio, flags)
 			 */
 			addr = trunc_page(uio->uio_offset);
 			eaddr = round_page(uio->uio_offset + c);
-			for (; addr < eaddr; addr += PAGE_SIZE)
+
+			if (addr < (vm_offset_t)VADDR(PTDPTDI, 0))
+				return EFAULT;
+			if (eaddr >= (vm_offset_t)VADDR(APTDPTDI, 0))
+				return EFAULT;
+			for (; addr < eaddr; addr += PAGE_SIZE) 
 				if (pmap_extract(kernel_pmap, addr) == 0)
 					return EFAULT;