Disallow reading the current kernel stack. Only the user structure and

the current registers should be accessible.
Reviewed by:	David Greenman <dg@root.com>

3 files changed, 51 insertions, 10 deletions

diff --git a/sys/amd64/amd64/machdep.c b/sys/amd64/amd64/machdep.c
index faa4bf9..fa851fa 100644
--- a/sys/amd64/amd64/machdep.c
+++ b/sys/amd64/amd64/machdep.c
@@ -35,7 +35,7 @@
  * SUCH DAMAGE.
  *
  *	from: @(#)machdep.c	7.4 (Berkeley) 6/3/91
- *	$Id: machdep.c,v 1.293 1998/03/23 19:52:32 jlemon Exp $
+ *	$Id: machdep.c,v 1.294 1998/04/06 15:46:17 peter Exp $
  */
 
 #include "apm.h"
@@ -121,11 +121,9 @@
 #include <i386/isa/intr_machdep.h>
 #include <i386/isa/rtc.h>
 #include <machine/random.h>
+#include <sys/ptrace.h>
 
 extern void init386 __P((int first));
-extern int ptrace_set_pc __P((struct proc *p, unsigned int addr));
-extern int ptrace_single_step __P((struct proc *p));
-extern int ptrace_write_u __P((struct proc *p, vm_offset_t off, int data));
 extern void dblfault_handler __P((void));
 
 extern void printcpuinfo(void);	/* XXX header file */
@@ -1610,6 +1608,28 @@ ptrace_single_step(p)
 	return (0);
 }
 
+int ptrace_read_u_check(p, addr, len)
+	struct proc *p;
+	vm_offset_t addr;
+	size_t len;
+{
+	vm_offset_t gap;
+
+	if ((vm_offset_t) (addr + len) < addr)
+		return EPERM;
+	if ((vm_offset_t) (addr + len) <= sizeof(struct user))
+		return 0;
+
+	gap = (char *) p->p_md.md_regs - (char *) p->p_addr;
+	
+	if ((vm_offset_t) addr < gap)
+		return EPERM;
+	if ((vm_offset_t) (addr + len) <= 
+	    (vm_offset_t) (gap + sizeof(struct trapframe)))
+		return 0;
+	return EPERM;
+}
+
 int ptrace_write_u(p, off, data)
 	struct proc *p;
 	vm_offset_t off;
diff --git a/sys/amd64/amd64/vm_machdep.c b/sys/amd64/amd64/vm_machdep.c
index 7e3b32a..9c8b1f5 100644
--- a/sys/amd64/amd64/vm_machdep.c
+++ b/sys/amd64/amd64/vm_machdep.c
@@ -38,7 +38,7 @@
  *
  *	from: @(#)vm_machdep.c	7.3 (Berkeley) 5/13/91
  *	Utah $Hdr: vm_machdep.c 1.16.1.1 89/06/23$
- *	$Id: vm_machdep.c,v 1.106 1998/05/16 14:44:11 kato Exp $
+ *	$Id: vm_machdep.c,v 1.107 1998/05/17 22:12:11 tegge Exp $
  */
 
 #include "npx.h"
@@ -742,10 +742,27 @@ cpu_coredump(p, vp, cred)
 	struct vnode *vp;
 	struct ucred *cred;
 {
-
-	return (vn_rdwr(UIO_WRITE, vp, (caddr_t) p->p_addr, ctob(UPAGES),
-	    (off_t)0, UIO_SYSSPACE, IO_NODELOCKED|IO_UNIT, cred, (int *)NULL,
-	    p));
+	int error;
+	caddr_t tempuser;
+
+	tempuser = malloc(ctob(UPAGES), M_TEMP, M_WAITOK);
+	if (!tempuser)
+		return EINVAL;
+	
+	bzero(tempuser, ctob(UPAGES));
+	bcopy(p->p_addr, tempuser, sizeof(struct user));
+	bcopy(p->p_md.md_regs,
+	      tempuser + ((caddr_t) p->p_md.md_regs - (caddr_t) p->p_addr),
+	      sizeof(struct trapframe));
+
+	error = vn_rdwr(UIO_WRITE, vp, (caddr_t) tempuser, 
+			ctob(UPAGES),
+			(off_t)0, UIO_SYSSPACE, IO_NODELOCKED|IO_UNIT, 
+			cred, (int *)NULL, p);
+
+	free(tempuser, M_TEMP);
+	
+	return error;
 }
 
 #ifdef notyet
diff --git a/sys/amd64/include/ptrace.h b/sys/amd64/include/ptrace.h
index a8f7e71..ec3d5aa 100644
--- a/sys/amd64/include/ptrace.h
+++ b/sys/amd64/include/ptrace.h
@@ -31,7 +31,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)ptrace.h	8.1 (Berkeley) 6/11/93
- * $Id$
+ * $Id: ptrace.h,v 1.5 1997/02/22 09:35:03 peter Exp $
  */
 
 #ifndef _MACHINE_PTRACE_H_
@@ -45,5 +45,9 @@
 #define PT_GETFPREGS    (PT_FIRSTMACH + 3)
 #define PT_SETFPREGS    (PT_FIRSTMACH + 4)
 
+#ifdef KERNEL
+int	ptrace_read_u_check __P((struct proc *p, vm_offset_t off, size_t len));
+#endif /* !KERNEL */
+
 #endif