Allow kernel accesses to a small region of the user stack which is used

by the Linux emulator (and other emulators) for syscall argument translation. The x86 port currently seems to allow unrestricted kernel accesses to user memory. Reviewed by: alc, gallatin
svn path=/head/; revision=54423
2024-09-21 01:03:42 +00:00 · 1999-12-11 09:58:06 +00:00 · 1999-12-11 09:58:06 +00:00 · 1c61bdc8eb · 2020-12-20 02:59:44 +00:00
parent 273a8aae1c
commit 1c61bdc8eb
1 changed files with 21 additions and 4 deletions
--- a/sys/alpha/alpha/trap.c
+++ b/sys/alpha/alpha/trap.c
@ -39,6 +39,7 @@
 #include <sys/signalvar.h>
 #include <sys/kernel.h>
 #include <sys/proc.h>
+#include <sys/exec.h>
 #include <sys/lock.h>
 #include <sys/vmmeter.h>
 #include <sys/buf.h>
@ -387,11 +388,27 @@ trap(a0, a1, a2, entry, framep)
 			 *	3. pcb_onfault set but kernel space data fault
 			 * The last can occur during an exec() copyin where the
 			 * argument space is lazy-allocated.
+			 *
+			 * For the purposes of the Linux emulator, we allow
+			 * kernel accesses to a small region of the
+			 * user stack which the emulator uses to
+			 * translate syscall arguments.
 			 */
-			if (!user && (a0 >= VM_MIN_KERNEL_ADDRESS ||
-			    p == NULL || p->p_addr->u_pcb.pcb_onfault == 0))
-				map = kernel_map;
-			else {
+			if (!user 
+			    && ((a0 >= VM_MIN_KERNEL_ADDRESS) 
+				|| (p == NULL) 
+				|| (p->p_addr->u_pcb.pcb_onfault == 0))) {
+				if (a0 >= trunc_page(PS_STRINGS
+						     - szsigcode
+						     - SPARE_USRSPACE)
+				    && a0 < round_page(PS_STRINGS
+						       - szsigcode)) {
+					vm = p->p_vmspace;
+					map = &vm->vm_map;
+				} else {
+					map = kernel_map;
+				}
+			} else {
 				vm = p->p_vmspace;
 				map = &vm->vm_map;
 			}