diff options
| author | dillon <dillon@FreeBSD.org> | 2003-01-20 17:46:48 +0000 |
|---|---|---|
| committer | dillon <dillon@FreeBSD.org> | 2003-01-20 17:46:48 +0000 |
| commit | e7be7a0432de3e374a6d4cfedc0ef5c8b264a021 (patch) | |
| tree | 9f8f2a306dcef88eb5da009ebff53701aaaeee2b /sys/vm | |
| parent | a752ec7b60312f295643dc7eb37ec1318d8c7412 (diff) | |
| download | FreeBSD-src-e7be7a0432de3e374a6d4cfedc0ef5c8b264a021.zip FreeBSD-src-e7be7a0432de3e374a6d4cfedc0ef5c8b264a021.tar.gz | |
Close the remaining user address mapping races for physical
I/O, CAM, and AIO. Still TODO: streamline useracc() checks.
Reviewed by: alc, tegge
MFC after: 7 days
Diffstat (limited to 'sys/vm')
| -rw-r--r-- | sys/vm/vm_glue.c | 12 | ||||
| -rw-r--r-- | sys/vm/vm_map.c | 11 |
2 files changed, 20 insertions, 3 deletions
diff --git a/sys/vm/vm_glue.c b/sys/vm/vm_glue.c index 81451c1..92e1005 100644 --- a/sys/vm/vm_glue.c +++ b/sys/vm/vm_glue.c @@ -121,6 +121,12 @@ static void vm_proc_swapout(struct proc *p); /* * MPSAFE + * + * WARNING! This code calls vm_map_check_protection() which only checks + * the associated vm_map_entry range. It does not determine whether the + * contents of the memory is actually readable or writable. In most cases + * just checking the vm_map_entry is sufficient within the kernel's address + * space. */ int kernacc(addr, len, rw) @@ -142,6 +148,12 @@ kernacc(addr, len, rw) /* * MPSAFE + * + * WARNING! This code calls vm_map_check_protection() which only checks + * the associated vm_map_entry range. It does not determine whether the + * contents of the memory is actually readable or writable. vmapbuf(), + * vm_fault_quick(), or copyin()/copout()/su*()/fu*() functions should be + * used in conjuction with this call. */ int useracc(addr, len, rw) diff --git a/sys/vm/vm_map.c b/sys/vm/vm_map.c index 6c53b7f..f1f5b51 100644 --- a/sys/vm/vm_map.c +++ b/sys/vm/vm_map.c @@ -2179,9 +2179,14 @@ vm_map_remove(vm_map_t map, vm_offset_t start, vm_offset_t end) /* * vm_map_check_protection: * - * Assert that the target map allows the specified - * privilege on the entire address region given. - * The entire region must be allocated. + * Assert that the target map allows the specified privilege on the + * entire address region given. The entire region must be allocated. + * + * WARNING! This code does not and should not check whether the + * contents of the region is accessible. For example a smaller file + * might be mapped into a larger address space. + * + * NOTE! This code is also called by munmap(). */ boolean_t vm_map_check_protection(vm_map_t map, vm_offset_t start, vm_offset_t end, |
