Fixes to CopyIn/CopyOut

sys/amd64/trap.c

@@ -130,9 +130,10 @@ trap_entry(TrapFrame *tf)
 
 	// User IO
 	if ((tf->vector == T_PF) &&
-	    (tf->rip >= &copy_unsafe) &&
-	    (tf->rip <= &copy_unsafe_done)) {
-	    tf->rip = &copy_unsafe_fault;
+	    (tf->rip >= (uint64_t)&copy_unsafe) &&
+	    (tf->rip <= (uint64_t)&copy_unsafe_done)) {
+	    kprintf("Faulted in copy_unsafe\n");
+	    tf->rip = (uint64_t)&copy_unsafe_fault;
 	    return;
 	}
 
@@ -162,6 +163,7 @@ trap_entry(TrapFrame *tf)
 	case T_SYSCALL:
 	    kprintf("Syscall %016llx\n", tf->rdi);
 	    tf->rax = Syscall_Entry(tf->rdi, tf->rsi, tf->rdx, tf->rcx, tf->r8, tf->r9);
+	    kprintf("Return %016llx\n", tf->rax);
 	    return;
     }
 

sys/kern/copy.c

@@ -7,6 +7,7 @@
 
 #include <errno.h>
 
+#include <sys/kassert.h>
 #include <machine/pmap.h>
 
 extern int copy_unsafe(void *to_addr, void *from_addr, uintptr_t len);
@@ -18,12 +19,16 @@ CopyIn(uintptr_t fromuser, void *tokernel, uintptr_t len)
 	return 0;
 
     // Kernel space
-    if (fromuser >= MEM_USERSPACE_TOP)
+    if (fromuser >= MEM_USERSPACE_TOP) {
+	kprintf("CopyIn: address exceeds userspace top\n");
 	return EFAULT;
+    }
 
     // Wrap around
-    if (len < (MEM_USERSPACE_TOP - fromuser))
+    if (len > (MEM_USERSPACE_TOP - fromuser)) {
+	kprintf("CopyIn: length exceeds userspace top\n");
 	return EFAULT;
+    }
 
     return copy_unsafe(tokernel, (void *)fromuser, len);
 }
@@ -35,12 +40,16 @@ CopyOut(void *fromkernel, uintptr_t touser, uintptr_t len)
 	return 0;
 
     // Kernel space
-    if (touser >= MEM_USERSPACE_TOP)
+    if (touser >= MEM_USERSPACE_TOP) {
+	kprintf("CopyOut: address exceeds userspace top\n");
 	return EFAULT;
+    }
 
     // Wrap around
-    if (len < (MEM_USERSPACE_TOP - touser))
+    if (len > (MEM_USERSPACE_TOP - touser)) {
+	kprintf("CopyOut: length exceeds userspace top\n");
 	return EFAULT;
+    }
 
     return copy_unsafe((void *)touser, fromkernel, len);
 }