mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-15 04:43:53 +00:00
riscv: Avoid passing invalid addresses to pmap_fault()
After the addition of SV48 support, VIRT_IS_VALID() did not exclude
addresses that are in the SV39 address space hole but not in the SV48
address space hole. This can result in mishandling of accesses to that
range when in SV39 mode.
Fix the problem by modifying VIRT_IS_VALID() to use the runtime address
space bounds. Then, if the address is invalid, and pcb_onfault is set,
give vm_fault_trap() a chance to veto the access instead of panicking.
PR: 265439
Reviewed by: jhb
Reported and tested by: Robert Morris <rtm@lcs.mit.edu>
Fixes: 31218f3209
("riscv: Add support for enabling SV48 mode")
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D35952
This commit is contained in:
parent
0c8ff61ee1
commit
828ea49deb
|
@ -144,6 +144,11 @@ enum pmap_mode {
|
|||
|
||||
extern enum pmap_mode pmap_mode;
|
||||
|
||||
/* Check if an address resides in a mappable region. */
|
||||
#define VIRT_IS_VALID(va) \
|
||||
((va) < (pmap_mode == PMAP_MODE_SV39 ? VM_MAX_USER_ADDRESS_SV39 : \
|
||||
VM_MAX_USER_ADDRESS_SV48) || (va) >= VM_MIN_KERNEL_ADDRESS)
|
||||
|
||||
struct thread;
|
||||
|
||||
#define pmap_vm_page_alloc_check(m)
|
||||
|
|
|
@ -202,10 +202,6 @@
|
|||
#define VM_MINUSER_ADDRESS (VM_MIN_USER_ADDRESS)
|
||||
#define VM_MAXUSER_ADDRESS (VM_MAX_USER_ADDRESS)
|
||||
|
||||
/* Check if an address resides in a mappable region. */
|
||||
#define VIRT_IS_VALID(va) \
|
||||
(((va) < VM_MAX_USER_ADDRESS) || ((va) >= VM_MIN_KERNEL_ADDRESS))
|
||||
|
||||
#define KERNBASE (VM_MIN_KERNEL_ADDRESS)
|
||||
#define SHAREDPAGE_SV39 (VM_MAX_USER_ADDRESS_SV39 - PAGE_SIZE)
|
||||
#define SHAREDPAGE_SV48 (VM_MAX_USER_ADDRESS_SV48 - PAGE_SIZE)
|
||||
|
|
|
@ -2606,6 +2606,8 @@ pmap_fault(pmap_t pmap, vm_offset_t va, vm_prot_t ftype)
|
|||
pt_entry_t bits, *pte, oldpte;
|
||||
int rv;
|
||||
|
||||
KASSERT(VIRT_IS_VALID(va), ("pmap_fault: invalid va %#lx", va));
|
||||
|
||||
rv = 0;
|
||||
PMAP_LOCK(pmap);
|
||||
l2 = pmap_l2(pmap, va);
|
||||
|
|
|
@ -213,10 +213,7 @@ page_fault_handler(struct trapframe *frame, int usermode)
|
|||
*/
|
||||
intr_enable();
|
||||
|
||||
if (!VIRT_IS_VALID(stval))
|
||||
goto fatal;
|
||||
|
||||
if (stval >= VM_MAX_USER_ADDRESS) {
|
||||
if (stval >= VM_MIN_KERNEL_ADDRESS) {
|
||||
map = kernel_map;
|
||||
} else {
|
||||
if (pcb->pcb_onfault == 0)
|
||||
|
@ -235,7 +232,7 @@ page_fault_handler(struct trapframe *frame, int usermode)
|
|||
ftype = VM_PROT_READ;
|
||||
}
|
||||
|
||||
if (pmap_fault(map->pmap, va, ftype))
|
||||
if (VIRT_IS_VALID(va) && pmap_fault(map->pmap, va, ftype))
|
||||
goto done;
|
||||
|
||||
error = vm_fault_trap(map, va, ftype, VM_FAULT_NORMAL, &sig, &ucode);
|
||||
|
|
Loading…
Reference in a new issue