Page MenuHomeFreeBSD

riscv: fix bounds checking in copyinout.S routines
Needs ReviewPublic

Authored by mhorne on Sat, Jul 17, 7:50 PM.

Details

Reviewers
markj
jhb
jrtc27
Summary

There are two issues with the checks against VM_MAXUSER_ADDRESS. First,
the comparison should consider the values as unsigned, otherwise
addresses with the high bit set will fail to branch. Second, the value
of VM_MAXUSER_ADDRESS is, by convention, one larger than the maximum
mappable user address and invalid itself. Thus, use the bgeu instruction
for these comparisons.

PR: 257193
Reported by: Robert Morris <rtm@lcs.mit.edu>

Test Plan

With this change, the test cases in PR 257193 will terminate as expected.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint OK
Unit
No Unit Test Coverage
Build Status
Buildable 40513
Build 37402: arc lint + arc unit

Event Timeline

This bug is also repeated in support.S for all the fu/su/casu functions

This bug is also repeated in support.S for all the fu/su/casu functions

Indeed, thanks for catching this. I will include those in this review.

Is it straightforward to add at least a copyin() test for this case, in tests/sys/kern_copyin.c?

With this change, the test cases in PR 253706 will terminate as expected.

Wrong PR number, in case you were planning to include this sentence in the commit log.