MFC 303753,308004: Add bounds checking on addresses used with /dev/mem.

303753:
Don't permit mappings of invalid physical addresses on amd64 via /dev/mem.

308004:
MFamd64: Add bounds checks on addresses used with /dev/mem.

Reject attempts to read from or memory map offsets in /dev/mem that are
beyond the maximum-supported physical address of the current CPU.

1 files changed, 5 insertions, 3 deletions

diff --git a/sys/amd64/amd64/mem.c b/sys/amd64/amd64/mem.c
index 225fe66..7325664 100644
--- a/sys/amd64/amd64/mem.c
+++ b/sys/amd64/amd64/mem.c
@@ -140,7 +140,7 @@ memrw(struct cdev *dev, struct uio *uio, int flags)
 				error = uiomove((void *)vd, c, uio);
 				break;
 			}
-			if (v >= (1ULL << cpu_maxphyaddr)) {
+			if (v > cpu_getmaxphyaddr()) {
 				error = EFAULT;
 				break;
 			}
@@ -168,9 +168,11 @@ int
 memmmap(struct cdev *dev, vm_ooffset_t offset, vm_paddr_t *paddr,
     int prot __unused, vm_memattr_t *memattr __unused)
 {
-	if (dev2unit(dev) == CDEV_MINOR_MEM)
+	if (dev2unit(dev) == CDEV_MINOR_MEM) {
+		if (offset > cpu_getmaxphyaddr())
+			return (-1);
 		*paddr = offset;
-	else if (dev2unit(dev) == CDEV_MINOR_KMEM)
+	} else if (dev2unit(dev) == CDEV_MINOR_KMEM)
         	*paddr = vtophys(offset);
 	/* else panic! */
 	return (0);