[rt-smart] handling kernel from accessing unmapped user stack (#6957)
[rt-smart] handling kernel from accessing unmapped user stack
This commit is contained in:
parent
08c2a65136
commit
382e9bcac7
@ -121,6 +121,16 @@ arch_signal_quit:
|
||||
* routine in user stack
|
||||
*/
|
||||
user_do_signal:
|
||||
/* prefetch ustack to avoid corrupted status in RESTORE/STORE pair below */
|
||||
LOAD t0, FRAME_OFF_SP(sp)
|
||||
addi t1, t0, -CTX_REG_NR * REGBYTES
|
||||
LOAD t2, (t0)
|
||||
li t3, -0x1000
|
||||
1:
|
||||
add t0, t0, t3
|
||||
LOAD t2, (t0)
|
||||
bgt t0, t1, 1b
|
||||
|
||||
/** restore and backup kernel sp carefully to avoid leaking */
|
||||
addi t0, sp, CTX_REG_NR * REGBYTES
|
||||
csrw sscratch, t0
|
||||
|
@ -560,8 +560,11 @@ int lwp_user_accessable(void *addr, size_t size)
|
||||
len = size;
|
||||
}
|
||||
tmp_addr = lwp_v2p(lwp, addr_start);
|
||||
if (!tmp_addr)
|
||||
if (tmp_addr == ARCH_MAP_FAILED)
|
||||
{
|
||||
if ((rt_ubase_t)addr_start >= USER_STACK_VSTART && (rt_ubase_t)addr_start < USER_STACK_VEND)
|
||||
tmp_addr = *(void **)addr_start;
|
||||
else
|
||||
return 0;
|
||||
}
|
||||
addr_start = (void *)((char *)addr_start + len);
|
||||
@ -596,7 +599,7 @@ size_t lwp_data_get(struct rt_lwp *lwp, void *dst, void *src, size_t size)
|
||||
len = size;
|
||||
}
|
||||
tmp_src = lwp_v2p(lwp, addr_start);
|
||||
if (!tmp_src)
|
||||
if (tmp_src == ARCH_MAP_FAILED)
|
||||
{
|
||||
break;
|
||||
}
|
||||
@ -636,7 +639,7 @@ size_t lwp_data_put(struct rt_lwp *lwp, void *dst, void *src, size_t size)
|
||||
len = size;
|
||||
}
|
||||
tmp_dst = lwp_v2p(lwp, addr_start);
|
||||
if (!tmp_dst)
|
||||
if (tmp_dst == ARCH_MAP_FAILED)
|
||||
{
|
||||
break;
|
||||
}
|
||||
|
@ -13,6 +13,10 @@
|
||||
#ifndef __STACKFRAME_H__
|
||||
#define __STACKFRAME_H__
|
||||
|
||||
#define BYTES(idx) ((idx) * REGBYTES)
|
||||
#define FRAME_OFF_SSTATUS BYTES(2)
|
||||
#define FRAME_OFF_SP BYTES(32)
|
||||
|
||||
#include "cpuport.h"
|
||||
#include "encoding.h"
|
||||
|
||||
|
@ -277,6 +277,9 @@ static void handle_nested_trap_panic(
|
||||
rt_hw_cpu_shutdown();
|
||||
}
|
||||
|
||||
#define IN_USER_SPACE (stval >= USER_VADDR_START && stval < USER_VADDR_TOP)
|
||||
#define PAGE_FAULT (id == EP_LOAD_PAGE_FAULT || id == EP_STORE_PAGE_FAULT)
|
||||
|
||||
/* Trap entry */
|
||||
void handle_trap(rt_size_t scause, rt_size_t stval, rt_size_t sepc, struct rt_hw_stack_frame *sp)
|
||||
{
|
||||
@ -314,7 +317,7 @@ void handle_trap(rt_size_t scause, rt_size_t stval, rt_size_t sepc, struct rt_hw
|
||||
else
|
||||
{
|
||||
#ifdef RT_USING_SMART
|
||||
if (!(sp->sstatus & 0x100))
|
||||
if (!(sp->sstatus & 0x100) || (PAGE_FAULT && IN_USER_SPACE))
|
||||
{
|
||||
handle_user(scause, stval, sepc, sp);
|
||||
// if handle_user() return here, jump to u mode then
|
||||
|
@ -20,6 +20,7 @@
|
||||
|
||||
#define BYTES(idx) ((idx) * REGBYTES)
|
||||
#define FRAME_OFF_SSTATUS BYTES(2)
|
||||
#define FRAME_OFF_SP BYTES(32)
|
||||
|
||||
#ifdef __ASSEMBLY__
|
||||
|
||||
|
@ -274,6 +274,9 @@ static void handle_nested_trap_panic(
|
||||
rt_hw_cpu_shutdown();
|
||||
}
|
||||
|
||||
#define IN_USER_SPACE (stval >= USER_VADDR_START && stval < USER_VADDR_TOP)
|
||||
#define PAGE_FAULT (id == EP_LOAD_PAGE_FAULT || id == EP_STORE_PAGE_FAULT)
|
||||
|
||||
/* Trap entry */
|
||||
void handle_trap(rt_size_t scause, rt_size_t stval, rt_size_t sepc, struct rt_hw_stack_frame *sp)
|
||||
{
|
||||
@ -326,7 +329,7 @@ void handle_trap(rt_size_t scause, rt_size_t stval, rt_size_t sepc, struct rt_hw
|
||||
}
|
||||
#endif /* ENABLE_VECTOR */
|
||||
#ifdef RT_USING_SMART
|
||||
if (!(sp->sstatus & 0x100))
|
||||
if (!(sp->sstatus & 0x100) || (PAGE_FAULT && IN_USER_SPACE))
|
||||
{
|
||||
handle_user(scause, stval, sepc, sp);
|
||||
// if handle_user() return here, jump to u mode then
|
||||
|
Loading…
x
Reference in New Issue
Block a user