diff options
| author |   jason <jason@openbsd.org> | 2003-06-02 18:14:16 +0000 |
|---|---|---|
| committer | jason <jason@openbsd.org> | 2003-06-02 18:14:16 +0000 |
| commit | b463521093be71f6be2c5de0bbcef2827caae9dd (patch) | |
| tree | 0f82816a4279c9675bd4a9391dd52fd3752160ea | |
| parent | do not play w/ interrupts too much and keep 'em enabled at all times, fixes random lockups; tested by brad@ on all models (diff) | |
| download | wireguard-openbsd-b463521093be71f6be2c5de0bbcef2827caae9dd.tar.xz wireguard-openbsd-b463521093be71f6be2c5de0bbcef2827caae9dd.zip | |
add length checks on bus_dmamap_load_uio() on the total length vs. what the
map is expecting. Also, sparc64 was missing the equivalent check in
_load_mbuf() and the "make sure no valid mappings are returned" goop.
| -rw-r--r-- | sys/arch/i386/i386/machdep.c | 5 | ||||
| -rw-r--r-- | sys/arch/macppc/macppc/dma.c | 5 | ||||
| -rw-r--r-- | sys/arch/sparc64/sparc64/machdep.c | 20 |
3 files changed, 27 insertions, 3 deletions
diff --git a/sys/arch/i386/i386/machdep.c b/sys/arch/i386/i386/machdep.c index f6541028e97..0416b7bf7cf 100644 --- a/sys/arch/i386/i386/machdep.c +++ b/sys/arch/i386/i386/machdep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: machdep.c,v 1.233 2003/05/27 23:52:01 fgsch Exp $ */ +/* $OpenBSD: machdep.c,v 1.234 2003/06/02 18:14:16 jason Exp $ */ /* $NetBSD: machdep.c,v 1.214 1996/11/10 03:16:17 thorpej Exp $ */ /*- @@ -3128,6 +3128,9 @@ _bus_dmamap_load_uio(t, map, uio, flags) resid = uio->uio_resid; iov = uio->uio_iov; + if (resid > map->_dm_size) + return (EINVAL); + if (uio->uio_segflg == UIO_USERSPACE) { p = uio->uio_procp; #ifdef DIAGNOSTIC diff --git a/sys/arch/macppc/macppc/dma.c b/sys/arch/macppc/macppc/dma.c index b75c79b9ca6..0445eddb321 100644 --- a/sys/arch/macppc/macppc/dma.c +++ b/sys/arch/macppc/macppc/dma.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dma.c,v 1.18 2002/12/10 23:41:37 miod Exp $ */ +/* $OpenBSD: dma.c,v 1.19 2003/06/02 18:14:16 jason Exp $ */ /* $NetBSD: machdep.c,v 1.214 1996/11/10 03:16:17 thorpej Exp $ */ /*- @@ -321,6 +321,9 @@ _dmamap_load_uio(t, map, uio, flags) resid = uio->uio_resid; iov = uio->uio_iov; + if (resid > map->_dm_size) + return (EINVAL); + if (uio->uio_segflg == UIO_USERSPACE) { p = uio->uio_procp; #ifdef DIAGNOSTIC diff --git a/sys/arch/sparc64/sparc64/machdep.c b/sys/arch/sparc64/sparc64/machdep.c index 1ad9bfae42f..47736c26394 100644 --- a/sys/arch/sparc64/sparc64/machdep.c +++ b/sys/arch/sparc64/sparc64/machdep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: machdep.c,v 1.60 2003/06/01 17:43:50 art Exp $ */ +/* $OpenBSD: machdep.c,v 1.61 2003/06/02 18:14:16 jason Exp $ */ /* $NetBSD: machdep.c,v 1.108 2001/07/24 19:30:14 eeh Exp $ */ /*- @@ -1265,6 +1265,15 @@ _bus_dmamap_load_mbuf(t, t0, map, m, flags) int i; size_t len; + /* + * Make sure that on error condition we return "no valid mappings". + */ + map->dm_mapsize = 0; + map->dm_nsegs = 0; + + if (m->m_pkthdr.len > map->_dm_size) + return (EINVAL); + /* Record mbuf for *_unload */ map->_dm_type = _DM_TYPE_MBUF; map->_dm_source = m; @@ -1332,6 +1341,15 @@ _bus_dmamap_load_uio(t, t0, map, uio, flags) int i, j; size_t len; + /* + * Make sure that on error condition we return "no valid mappings". + */ + map->dm_mapsize = 0; + map->dm_nsegs = 0; + + if (uio->uio_resid > map->_dm_size) + return (EINVAL); + if (uio->uio_segflg != UIO_SYSSPACE) return (EOPNOTSUPP); |