From 78d172cab6371a4b59277afd8bf761491a6531cf Mon Sep 17 00:00:00 2001 From: "Rodney W. Grimes" Date: Mon, 9 Aug 1993 06:16:42 +0000 Subject: [PATCH] From guido@gvr.win.tue.nl Sat Aug 7 06:58:04 1993 I posted some patches on the 386bsd_patchkit list to prohibit io access. Because of a noninitialised filed in the tss, this was possible. It is included below as the patch to machdep.c However, when you do this *necessary* fix (security), it will be impossible form within user space to do io. therefor, I included another fix: when you open /dev/io, you get the access. Of course you can rewrite it to use another minor and thus giving access to the iospace when /dev/mem is opened, e.g. NOTE: The /dev/io entry has not been added to /dev/MAKEDEV yet. The patch is in NetBSD. --- sys/amd64/amd64/machdep.c | 6 +++++- sys/amd64/amd64/mem.c | 38 ++++++++++++++++++++++++++++++++++++++ sys/i386/i386/conf.c | 10 +++++----- sys/i386/i386/machdep.c | 6 +++++- sys/i386/i386/mem.c | 38 ++++++++++++++++++++++++++++++++++++++ 5 files changed, 91 insertions(+), 7 deletions(-) diff --git a/sys/amd64/amd64/machdep.c b/sys/amd64/amd64/machdep.c index 6b9ef76bb87..45ffd91c2ce 100644 --- a/sys/amd64/amd64/machdep.c +++ b/sys/amd64/amd64/machdep.c @@ -49,7 +49,7 @@ * 20 Apr 93 Bruce Evans New npx-0.5 code * 25 Apr 93 Bruce Evans New intr-0.1 code */ -static char rcsid[] = "$Header: /a/cvs/386BSD/src/sys/i386/i386/machdep.c,v 1.4 1993/07/16 23:55:07 davidg Exp $"; +static char rcsid[] = "$Header: /freefall/a/cvs/386BSD/src/sys/i386/i386/machdep.c,v 1.5 1993/07/27 10:52:17 davidg Exp $"; #include @@ -1008,6 +1008,10 @@ init386(first) proc0.p_addr->u_pcb.pcb_tss.tss_esp0 = (int) kstack + UPAGES*NBPG; proc0.p_addr->u_pcb.pcb_tss.tss_ss0 = GSEL(GDATA_SEL, SEL_KPL) ; _gsel_tss = GSEL(GPROC0_SEL, SEL_KPL); + + ((struct i386tss *)gdt_segs[GPROC0_SEL].ssd_base)->tss_ioopt = + (sizeof(tss))<<16; + ltr(_gsel_tss); /* make a call gate to reenter kernel with */ diff --git a/sys/amd64/amd64/mem.c b/sys/amd64/amd64/mem.c index 650e21eb509..72232ad07d3 100644 --- a/sys/amd64/amd64/mem.c +++ b/sys/amd64/amd64/mem.c @@ -50,8 +50,10 @@ #include "systm.h" #include "uio.h" #include "malloc.h" +#include "proc.h" #include "machine/cpu.h" +#include "machine/psl.h" #include "vm/vm_param.h" #include "vm/lock.h" @@ -61,6 +63,42 @@ extern char *vmmap; /* poor name! */ /*ARGSUSED*/ +mmclose(dev, uio, flags) + dev_t dev; + struct uio *uio; + int flags; +{ + struct syscframe *fp; + + switch (minor(dev)) { + case 14: + fp = (struct syscframe *)curproc->p_regs; + fp->sf_eflags &= ~PSL_IOPL; + break; + default: + break; + } + return(0); +} +/*ARGSUSED*/ +mmopen(dev, uio, flags) + dev_t dev; + struct uio *uio; + int flags; +{ + struct syscframe *fp; + + switch (minor(dev)) { + case 14: + fp = (struct syscframe *)curproc->p_regs; + fp->sf_eflags |= PSL_IOPL; + break; + default: + break; + } + return(0); +} +/*ARGSUSED*/ mmrw(dev, uio, flags) dev_t dev; struct uio *uio; diff --git a/sys/i386/i386/conf.c b/sys/i386/i386/conf.c index c1dfd8bb1af..a35157bc4f0 100644 --- a/sys/i386/i386/conf.c +++ b/sys/i386/i386/conf.c @@ -56,7 +56,7 @@ * 28 Jul 93 Jordan K. Hubbard Free codrv's slot again * */ -static char rcsid[] = "$Header: /a/cvs/386BSD/src/sys/i386/i386/conf.c,v 1.1.1.1 1993/06/12 14:58:07 rgrimes Exp $"; +static char rcsid[] = "$Header: /freefall/a/cvs/386BSD/src/sys/i386/i386/conf.c,v 1.2 1993/07/30 00:57:06 jkh Exp $"; #include "param.h" #include "systm.h" @@ -213,7 +213,7 @@ extern struct tty pccons; int cttyopen(), cttyread(), cttywrite(), cttyioctl(), cttyselect(); -int mmrw(); +int mmopen(), mmclose(), mmrw(); #define mmselect seltrue #include "pty.h" @@ -359,9 +359,9 @@ struct cdevsw cdevsw[] = { cttyopen, nullop, cttyread, cttywrite, /*1*/ cttyioctl, nullop, nullop, NULL, /* tty */ cttyselect, enodev, NULL }, - { nullop, nullop, mmrw, mmrw, /*2*/ - enodev, nullop, nullop, NULL, /* memory */ - mmselect, enodev, NULL }, + { mmopen, mmclose, mmrw, mmrw, /*2*/ + enodev, nullop, nullop, NULL, /* memory */ + mmselect, enodev, NULL }, { wdopen, wdclose, rawread, rawwrite, /*3*/ wdioctl, enodev, nullop, NULL, /* wd */ seltrue, enodev, wdstrategy }, diff --git a/sys/i386/i386/machdep.c b/sys/i386/i386/machdep.c index 6b9ef76bb87..45ffd91c2ce 100644 --- a/sys/i386/i386/machdep.c +++ b/sys/i386/i386/machdep.c @@ -49,7 +49,7 @@ * 20 Apr 93 Bruce Evans New npx-0.5 code * 25 Apr 93 Bruce Evans New intr-0.1 code */ -static char rcsid[] = "$Header: /a/cvs/386BSD/src/sys/i386/i386/machdep.c,v 1.4 1993/07/16 23:55:07 davidg Exp $"; +static char rcsid[] = "$Header: /freefall/a/cvs/386BSD/src/sys/i386/i386/machdep.c,v 1.5 1993/07/27 10:52:17 davidg Exp $"; #include @@ -1008,6 +1008,10 @@ init386(first) proc0.p_addr->u_pcb.pcb_tss.tss_esp0 = (int) kstack + UPAGES*NBPG; proc0.p_addr->u_pcb.pcb_tss.tss_ss0 = GSEL(GDATA_SEL, SEL_KPL) ; _gsel_tss = GSEL(GPROC0_SEL, SEL_KPL); + + ((struct i386tss *)gdt_segs[GPROC0_SEL].ssd_base)->tss_ioopt = + (sizeof(tss))<<16; + ltr(_gsel_tss); /* make a call gate to reenter kernel with */ diff --git a/sys/i386/i386/mem.c b/sys/i386/i386/mem.c index 650e21eb509..72232ad07d3 100644 --- a/sys/i386/i386/mem.c +++ b/sys/i386/i386/mem.c @@ -50,8 +50,10 @@ #include "systm.h" #include "uio.h" #include "malloc.h" +#include "proc.h" #include "machine/cpu.h" +#include "machine/psl.h" #include "vm/vm_param.h" #include "vm/lock.h" @@ -61,6 +63,42 @@ extern char *vmmap; /* poor name! */ /*ARGSUSED*/ +mmclose(dev, uio, flags) + dev_t dev; + struct uio *uio; + int flags; +{ + struct syscframe *fp; + + switch (minor(dev)) { + case 14: + fp = (struct syscframe *)curproc->p_regs; + fp->sf_eflags &= ~PSL_IOPL; + break; + default: + break; + } + return(0); +} +/*ARGSUSED*/ +mmopen(dev, uio, flags) + dev_t dev; + struct uio *uio; + int flags; +{ + struct syscframe *fp; + + switch (minor(dev)) { + case 14: + fp = (struct syscframe *)curproc->p_regs; + fp->sf_eflags |= PSL_IOPL; + break; + default: + break; + } + return(0); +} +/*ARGSUSED*/ mmrw(dev, uio, flags) dev_t dev; struct uio *uio;