1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-19 10:53:58 +00:00
freebsd/sys/amd64/include
Bruce Evans 20415301cd Fix security holes in sigreturn(), ptrace() and procfs. sigreturn()
attempted to check for insecure and fatal eflags and segment
selectors, but missed many cases and got the IOPL check back to
front.  The other syscalls didn't check at all.

sys_process.c, machdep.c:
Only allow PT_WRITE_U to write to the registers (ordinary and FP).

psl.h, locore.s, machdep.c:
Eliminate PSL_MBZ, PSL_MBO and PSL_USERCLR.  We are not supposed
to assume anything about the reserved bits.  Use PSL_USERCHANGE
and PSL_KERNEL instead.  Rename PSL_USERSET to PSL_USER.

exception.s:
Define a private label for use by doreti when returning to user
mode fails.

machdep.c:
In syscalls, allow changing only the eflags that can be changed on
486's in user mode (no longer attempt to allow benign IOPL changes;
allow changing the nasty PSL_NT; don't allow changing the i586
bits).

Don't attempt to check all the cases involving invalid selectors
and %eip's.  Just check for privilege violations and let the invalid
things cause a trap.

procfs_machdep.c:
Call the ptrace register functions to do all the work for reading
and writing ordinary registers and for single stepping.

trap.c:
Ignore traps caused by PSL_NT being set.  Previously, users could
cause a fatal trap in user mode by setting PSL_NT and executing an
iret, and a fatal trap in kernel mode by setting PSL_NT and making
a syscall.  PSL_NT was cleared too late and not in enough modes to
fix the problem.

Make all traps in user mode (except T_NMI) nonfatal.

Recover from traps caused by attempting to load invalid user
registers in doreti by restarting the traps so that they appear to
occur in user mode.
---

Fix bogons that I noticed while fixing the above:

psl.h:
Fix some comments.

Uniformize idempotency ifdef.

exception.s, machdep.c:
Remove rsvd[0-14].  rsvd0 hasn't been reserved since the 486 came
out.  Replace rsvd0 by `align'.  rsvd[0-11] used wrong (magic
non-unique) trap numbers.  Replace rsvd[1-14] by rsvd.

locore.s:
Enable alignment check flag on 486's and 586's.

machdep.c:
Use a better type for kstack[].

Use TFREGP() to find the registers.

Reformat ptrace functions from SEF to something closer to KNF.

procfs_machdep.c:
The wrong pointer to the registers got fixed as a side effect.

Implement reading and writing of FP registers.

/proc/*/*regs now work (only) for processes that are in memory.

Clean up comments.

trap.c, trap.h:
Remove unused trap types.
1995-01-14 13:20:26 +00:00
..
pc
asmacros.h Get all the definitions from DEFS.h and not directly from asmacros.h 1994-09-08 12:25:18 +00:00
clock.h Declare the full uglyness of the interfaces to the clock driver (except 1994-11-05 22:51:17 +00:00
cpu.h Disable CLKF_BASEPRI() again. I forgot to edit an unwanted change out of 1994-12-03 10:18:24 +00:00
cpufunc.h Corrected the list of volatile registers for outsb, outsw, and outsl. 1995-01-04 20:42:25 +00:00
cputypes.h Detect if we're running on a Cyrix 486DLC and enable automatic cache 1994-09-04 19:59:24 +00:00
db_machdep.h Remove reference to impossible trap type T_KDBTRAP. We don't support 1995-01-14 10:34:52 +00:00
exec.h Shuffled macros and definitions around to facilitate architecture 1994-09-24 21:37:01 +00:00
float.h
floatingpoint.h Don't provide bogus source operands in some asms. This probably shouldn't 1994-09-20 22:26:37 +00:00
fpu.h Replace sv_ex_tw by padding (it is no longer used; the tag word in sv_env 1995-01-03 03:57:46 +00:00
frame.h
ieeefp.h Delete redundant #ifdef __i386__, be consistent about idempotency 1994-08-05 14:36:04 +00:00
npx.h Replace sv_ex_tw by padding (it is no longer used; the tag word in sv_env 1995-01-03 03:57:46 +00:00
pcb.h i386/exception.s, 1994-12-03 10:03:19 +00:00
pmap.h These changes embody the support of the fully coherent merged VM buffer cache, 1995-01-09 16:06:02 +00:00
proc.h
profile.h Added MCOUNT_ENTER and MCOUNT_EXIT macros to profile.h 1994-09-15 16:27:14 +00:00
psl.h Fix security holes in sigreturn(), ptrace() and procfs. sigreturn() 1995-01-14 13:20:26 +00:00
ptrace.h Added $Id$ 1994-08-02 07:55:43 +00:00
reg.h Declare a real `struct fpreg' to prepare for implementing reading and 1995-01-14 10:41:41 +00:00
reloc.h Made idempotent. 1994-08-21 04:55:31 +00:00
segments.h Make gdt_segs[] public again for APM. 1994-11-15 14:12:55 +00:00
signal.h Made idempotent. 1994-08-21 04:55:31 +00:00
specialreg.h Enable define of CR0_AM to prepare for implementing alignment checking. 1995-01-14 10:44:55 +00:00
sysarch.h Added $Id$ 1994-08-02 07:55:43 +00:00
trap.h Fix security holes in sigreturn(), ptrace() and procfs. sigreturn() 1995-01-14 13:20:26 +00:00
tss.h
varargs.h Added $Id$ 1994-08-02 07:55:43 +00:00
vmparam.h These changes embody the support of the fully coherent merged VM buffer cache, 1995-01-09 16:06:02 +00:00